UserInRoleServlet


1   /*
2     * JBoss, Home of Professional Open Source
3     * Copyright 2005, JBoss Inc., and individual contributors as indicated
4     * by the @authors tag. See the copyright.txt in the distribution for a
5     * full listing of individual contributors.
6     *
7     * This is free software; you can redistribute it and/or modify it
8     * under the terms of the GNU Lesser General Public License as
9     * published by the Free Software Foundation; either version 2.1 of
10    * the License, or (at your option) any later version.
11    *
12    * This software is distributed in the hope that it will be useful,
13    * but WITHOUT ANY WARRANTY; without even the implied warranty of
14    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15    * Lesser General Public License for more details.
16    *
17    * You should have received a copy of the GNU Lesser General Public
18    * License along with this software; if not, write to the Free
19    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21    */
22  package org.jboss.ejb3.test.dd.web.servlets;
23  
24  import java.io.IOException  ;
25  import java.io.PrintWriter  ;
26  import java.security.Principal  ;
27  import java.util.ArrayList  ;
28  import javax.servlet.ServletConfig  ;
29  import javax.servlet.ServletException  ;
30  import javax.servlet.http.HttpServlet  ;
31  import javax.servlet.http.HttpServletRequest  ;
32  import javax.servlet.http.HttpServletResponse  ;
33  
34  import org.jboss.util.Strings;
35  
36  /** A servlet that calls isUserInRole for every role name defined in the
37   * expectedUserRoles init parameter and validates that each role is assigned
38   * to the user. Any role in the expectedUserRoles for which isUserInRole is
39   * false is added to the X-ExpectedUserRoles-Errors reply header. If the user
40   * has every role from the expectedUserRoles list, the X-ExpectedUserRoles-Errors
41   * header will not be in the reply.
42   * 
43   * This servlet also calls isUserInRole for every role name defined in the
44   * unexpectedUserRoles init parameter and validates that each role is NOT 
45   * assigned to the user. Any role in the unexpectedUserRoles for which
46   * isUserInRole is true is added to the X-UnexpectedUserRoles-Errors reply
47   * header. If the user has no roles from the unexpectedUserRoles list, the
48   * X-UnexpectedUserRoles-Errors header will not be in the reply.
49   *
50   * @author Scott.Stark@jboss.org
51   * @version $Revision: 37459 $
52   */
53  public class UserInRoleServlet extends HttpServlet  
54  {
55     /** The roles for which isUserInRole should return true */
56     private String  [] expectedUserRoles;
57     /** The roles for which isUserInRole should return false */
58     private String  [] unexpectedUserRoles;
59  
60     public void init(ServletConfig   config) throws ServletException  
61     {
62        super.init(config);
63        String   param = config.getInitParameter("expectedUserRoles");
64        expectedUserRoles = Strings.split(param, ",");
65        param = config.getInitParameter("unexpectedUserRoles");
66        unexpectedUserRoles = Strings.split(param, ",");
67     }
68  
69     protected void processRequest(HttpServletRequest   request, HttpServletResponse   response)
70        throws ServletException  , IOException  
71     {
72        Principal   user = request.getUserPrincipal();
73        response.setContentType("text/html");
74        PrintWriter   out = response.getWriter();
75        out.println("<html>");
76        out.println("<head><title>UserInRoleServlet</title></head>");
77        out.println("<body>");
78        out.println("You have accessed this servlet as user:"+user);
79  
80        out.println("<h1>ExpectedUserRoles</h1>");
81        out.println("<ul>");
82        ArrayList   errors = new ArrayList  ();
83        for(int n = 0; n < expectedUserRoles.length; n ++)
84        {
85           String   role = expectedUserRoles[n];
86           boolean inRole = request.isUserInRole(role);
87           out.println("<li>isUserInRole("+role+") = "+inRole+"</li>");
88           if( inRole == false )
89              errors.add(role);
90        }
91        out.println("</ul>");
92        if( errors.size() > 0 )
93        {
94           String   value = errors.toString();
95           response.addHeader("X-ExpectedUserRoles-Errors", value);
96        }
97  
98        errors.clear();
99        out.println("<h1>UnexpectedUserRoles</h1>");
100       out.println("<ul>");
101       for(int n = 0; n < unexpectedUserRoles.length; n ++)
102       {
103          String   role = unexpectedUserRoles[n];
104          boolean inRole = request.isUserInRole(role);
105          out.println("<li>isUserInRole("+role+") = "+inRole+"</li>");
106          if( inRole == true )
107             errors.add(role);
108       }
109       if( errors.size() > 0 )
110       {
111          String   value = errors.toString();
112          response.addHeader("X-UnexpectedUserRoles-Errors", value);
113       }
114       out.println("</ul>");
115 
116       out.println("</body></html>");
117       out.close();
118    }
119 
120    protected void doGet(HttpServletRequest   request, HttpServletResponse   response)
121       throws ServletException  , IOException  
122    {
123       processRequest(request, response);
124    }
125 
126    protected void doPost(HttpServletRequest   request, HttpServletResponse   response)
127       throws ServletException  , IOException  
128    {
129       processRequest(request, response);
130    }
131 
132 }
133 
134
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags