JGuardServletRequestWrapper


1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.jee.authentication.http;
29  
30  import java.security.Principal  ;
31  import java.util.HashMap  ;
32  import java.util.Iterator  ;
33  import java.util.Map  ;
34  import java.util.Set  ;
35  
36  import javax.security.auth.Subject  ;
37  import javax.servlet.http.HttpServletRequest  ;
38  import javax.servlet.http.HttpServletRequestWrapper  ;
39  
40  import net.sf.jguard.core.CoreConstants;
41  import net.sf.jguard.core.authentication.credentials.JGuardCredential;
42  import net.sf.jguard.core.principals.RolePrincipal;
43  import net.sf.jguard.core.principals.UserPrincipal;
44  
45  import org.apache.commons.logging.Log;
46  import org.apache.commons.logging.LogFactory;
47  /**
48   * wrap the ServletRequest object to 'decorate' it to
49   * respect the JAAS mechanism present in j2se.
50   * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
51   *
52   */
53  public class JGuardServletRequestWrapper extends HttpServletRequestWrapper    {
54      private static final String   LOGIN = "login";
55      private static Log logger = LogFactory.getLog(JGuardServletRequestWrapper.class);
56      private Map   headers = null;
57      private HttpServletRequest   request;
58      
59      public JGuardServletRequestWrapper(HttpServletRequest   req) {
60          super(req);
61          this.request = req;
62          headers = new HashMap  ();
63      }
64  
65      /**
66       * wrap the isUserInRole method to check against
67       * all the {@link RolePrincipal}'s set of the Subject object.
68       * @param role : name of the principal(role) we are looking for
69       * @return boolean :return 'true' if one of the principal the Subject
70       * owns has got the same name.return 'false' otherwise.
71       */
72      public boolean isUserInRole(String   role){
73          String   applicationName = (String  ) request.getSession(true).getServletContext().getAttribute(CoreConstants.APPLICATION_NAME);
74          role = RolePrincipal.getName(role, applicationName);
75          Subject   subject = ((HttpAuthenticationUtils)request.getSession().getAttribute(HttpConstants.AUTHN_UTILS)).getSubject();
76          Set   principals = subject.getPrincipals(RolePrincipal.class);
77          Iterator   itPrincipals = principals.iterator();
78          while(itPrincipals.hasNext()){
79              Principal   principal = (Principal  )itPrincipals.next();
80              if(role.equals(principal.getName())){
81                  return true;
82              }
83          }
84          return false;
85  
86      }
87  
88      /**
89       * return a SubjectAsPrincipal object which wrap the Subject
90       * in a Principal.
91       * @return principal
92       */
93      public Principal   getUserPrincipal(){
94          Subject   subject =  ((HttpAuthenticationUtils)request.getSession().getAttribute(HttpConstants.AUTHN_UTILS)).getSubject();
95          return new UserPrincipal(subject);
96      }
97  
98      /**
99       *
100      * @return remote user login credential String value
101      */
102     public String   getRemoteUser(){
103         Subject   subject = ((HttpAuthenticationUtils)request.getSession().getAttribute(HttpConstants.AUTHN_UTILS)).getSubject();
104         Set   publicCredentials = subject.getPublicCredentials();
105         Iterator   it = publicCredentials.iterator();
106         while(it.hasNext()){
107             JGuardCredential cred = (JGuardCredential)it.next();
108             if(cred.getId().equalsIgnoreCase(JGuardServletRequestWrapper.LOGIN)){
109                 return (String  )cred.getValue();
110             }
111         }
112         try{
113             Set   privateCredentials = subject.getPrivateCredentials();
114             Iterator   it2 = privateCredentials.iterator();
115             while(it2.hasNext()){
116                 JGuardCredential cred2 = (JGuardCredential)it2.next();
117                 if(cred2.getId().equalsIgnoreCase(JGuardServletRequestWrapper.LOGIN)){
118                     return (String  )cred2.getValue();
119                 }
120             }
121         }catch(SecurityException   sex){
122             logger.debug(" you don't have the permission to look into the private Credentials of the user ",sex);
123         }
124         return null;
125     }
126 
127     public void setHeader(String   headerName,String   headerValue){
128             headers.put(headerName, headerValue);
129     }
130     
131     public String   getHeader(String   headerName){
132         
133         if(headers.containsKey(headerName)){
134             return (String  )headers.get(headerName);
135         }else{
136             return super.getHeader(headerName);
137         }
138     }
139 }
140
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags