KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > web > tomcat > security > BasicAuthValve


1 /*
2 * JBoss, Home of Professional Open Source
3 * Copyright 2005, JBoss Inc., and individual contributors as indicated
4 * by the @authors tag. See the copyright.txt in the distribution for a
5 * full listing of individual contributors.
6 *
7 * This is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as
9 * published by the Free Software Foundation; either version 2.1 of
10 * the License, or (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this software; if not, write to the Free
19 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21 */

22 package org.jboss.web.tomcat.security;
23
24 import java.io.IOException JavaDoc;
25 import javax.servlet.ServletException JavaDoc;
26
27 import org.apache.catalina.connector.Request;
28 import org.apache.catalina.connector.Response;
29 import org.apache.catalina.valves.ValveBase;
30 import org.jboss.logging.Logger;
31
32 /** A valve that provides information on the jaas login exception seen in the
33  SecurityAssociation exception data. The useExceptionAsMsg flag indicates if
34  the exception message should be set as the http response message. The
35  exceptionHeader attribute if set is the header name that should be populated
36  with the exception message.
37    
38  @author Scott.Stark@jboss.org
39  @version $Revision: 38197 $
40  */

41 public class BasicAuthValve
42    extends ValveBase
43 {
44    private static Logger log = Logger.getLogger(BasicAuthValve.class);
45    private static boolean trace = log.isTraceEnabled();
46
47    /** Should the exception message be used as the request status message */
48    private boolean useExceptionAsMsg = false;
49    /** A flag indicating if the auth exception thread local should be cleared */
50    private boolean clearAuthException = true;
51    /** The name of the reply header to use to return the exception message */
52    private String JavaDoc exceptionHeader = null;
53
54    public boolean isUseExceptionAsMsg()
55    {
56       return useExceptionAsMsg;
57    }
58    public void setUseExceptionAsMsg(boolean useExceptionAsMsg)
59    {
60       this.useExceptionAsMsg = useExceptionAsMsg;
61    }
62
63    public String JavaDoc getExceptionHeader()
64    {
65       return exceptionHeader;
66    }
67    public void setExceptionHeader(String JavaDoc exceptionHeader)
68    {
69       this.exceptionHeader = exceptionHeader;
70    }
71
72    public void invoke(Request request, Response response)
73       throws IOException JavaDoc, ServletException JavaDoc
74    {
75       getNext().invoke(request, response);
76       // Check the SecurityAssociation context exception
77
Throwable JavaDoc t = SecurityAssociationActions.getAuthException();
78       int status = response.getStatus();
79       
80       if( trace )
81          log.trace("Status: "+status+"SecurityAssociation.exception: ", t);
82       if( status >= 400 && t != null )
83       {
84          String JavaDoc msg = t.getMessage();
85          // Set the response msg
86
if( useExceptionAsMsg )
87          {
88             if( response.getCoyoteResponse() != null )
89                response.getCoyoteResponse().setMessage(msg);
90          }
91          // Set the response exception header
92
if( exceptionHeader != null )
93             response.setHeader(exceptionHeader, msg);
94          // Clear the exception thread local
95
if( clearAuthException )
96          {
97             try
98             {
99                SecurityAssociationActions.clearAuthException();
100             }
101             catch(Throwable JavaDoc e)
102             {
103                log.warn("Unable to clear auth exception ", e);
104             }
105          }
106       }
107    }
108 }
Popular Tags