ClientCertLogin


1   /*
2    * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3    *
4    * This file is part of Resin(R) Open Source
5    *
6    * Each copy or derived work must preserve the copyright notice and this
7    * notice unmodified.
8    *
9    * Resin Open Source is free software; you can redistribute it and/or modify
10   * it under the terms of the GNU General Public License as published by
11   * the Free Software Foundation; either version 2 of the License, or
12   * (at your option) any later version.
13   *
14   * Resin Open Source is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17   * of NON-INFRINGEMENT.  See the GNU General Public License for more
18   * details.
19   *
20   * You should have received a copy of the GNU General Public License
21   * along with Resin Open Source; if not, write to the
22   *   Free SoftwareFoundation, Inc.
23   *   59 Temple Place, Suite 330
24   *   Boston, MA 02111-1307  USA
25   *
26   * @author Scott Ferguson
27   */
28  
29  package com.caucho.server.security;
30  
31  import javax.servlet.ServletContext  ;
32  import javax.servlet.ServletException  ;
33  import javax.servlet.http.HttpServletRequest  ;
34  import javax.servlet.http.HttpServletResponse  ;
35  import java.io.IOException  ;
36  import java.security.Principal  ;
37  import java.security.cert.X509Certificate  ;
38  
39  /**
40   * Implements the "CLIENT-CERT" auth-method.  CLIENT-CERT uses the
41   * SSL authentication with WWW-Authenticate and SC_UNAUTHORIZE.
42   */
43  public class ClientCertLogin extends AbstractLogin {
44    /**
45     * Returns the authentication type.
46     */
47    public String   getAuthType()
48    {
49      return "CLIENT-CERT";
50    }
51    
52    /**
53     * Logs a user in with a user name and a password.  Basic authentication
54     * extracts the user and password from the authorization header.  If
55     * the user/password is missing, authenticate will send a basic challenge.
56     *
57     * @param request servlet request
58     * @param response servlet response, in case any cookie need sending.
59     * @param application servlet application
60     *
61     * @return the logged in principal on success, null on failure.
62     */
63    public Principal   authenticate(HttpServletRequest   request,
64                                  HttpServletResponse   response,
65                                  ServletContext   application)
66      throws ServletException  , IOException  
67    {
68      return getUserPrincipal(request, response, application);
69    }
70    
71    /**
72     * Returns the current user with the user name and password.
73     *
74     * @param request servlet request
75     * @param response servlet response, in case any cookie need sending.
76     * @param application servlet application
77     *
78     * @return the logged in principal on success, null on failure.
79     */
80    public Principal   getUserPrincipal(HttpServletRequest   request,
81                                      HttpServletResponse   response,
82                                      ServletContext   application)
83      throws ServletException  
84    {
85      X509Certificate   []certs;
86  
87      certs = (X509Certificate   []) request.getAttribute("javax.servlet.request.X509Certificate");
88  
89      if (certs != null)
90        return certs[0].getSubjectDN();
91      else
92        return null;
93    }
94  }
95
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags