HttpServletRequestLoginModule


1   /*
2   * JBoss, Home of Professional Open Source
3   * Copyright 2005, JBoss Inc., and individual contributors as indicated
4   * by the @authors tag. See the copyright.txt in the distribution for a
5   * full listing of individual contributors.
6   *
7   * This is free software; you can redistribute it and/or modify it
8   * under the terms of the GNU Lesser General Public License as
9   * published by the Free Software Foundation; either version 2.1 of
10  * the License, or (at your option) any later version.
11  *
12  * This software is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this software; if not, write to the Free
19  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21  */
22  package org.jboss.web.tomcat.security;
23  
24  import java.security.acl.Group  ;
25  
26  import javax.security.auth.login.LoginException  ;
27  import javax.security.jacc.PolicyContext  ;
28  import javax.security.jacc.PolicyContextException  ;
29  import javax.servlet.http.HttpServletRequest  ;
30  
31  import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
32  
33  /**
34   * An abstract subclass of UsernamePasswordLoginModule that makes the
35   * HttpServletRequest from the client attempting to login available to the Login
36   * Module.
37   * 
38   * You could invoke the getHttpServletRequest() inside your getUsersPassword()
39   * method implementation, allowing you to access information from the
40   * HttpServletRequest from the client, to perform things like denying access to
41   * certain IP addresses, or to disallow a maximun number of login retries per IP
42   * address, inserting attempts into a database.
43   * 
44   * @see #getHttpServletRequest
45   * 
46   * @author Ricardo Arguello (ricardoarguello@users.sourceforge.net)
47   * @author Scott.Stark@jboss.org
48   * @version $Revision: 37459 $
49   */
50  public abstract class HttpServletRequestLoginModule extends
51        UsernamePasswordLoginModule
52  {
53     /** Client's HttpServletRequest. */
54     protected HttpServletRequest   request;
55  
56     /**
57      * Obtains the HttpServletRequest of the user attempting to authenticate
58      * using the JACC HttpServletRequest policy context handler.
59      *
60      * You could use this information to deny access when a number of login
61      * retries per IP address has been attempted.
62      * 
63      * @return the IP address of the user attempting to authenticate.
64      */
65     protected HttpServletRequest   getHttpServletRequest()
66        throws PolicyContextException  
67     {
68        request = (HttpServletRequest  ) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
69        return request;
70     }
71  
72     /**
73      * Get the expected password for the current username available via the
74      * getUsername() method. This is called from within the login() method after
75      * the CallbackHandler has returned the username and candidate password.
76      * <p>
77      * You could use getHttpServletRequest() inside this method.
78      * 
79      * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#getUsersPassword()
80      * 
81      * @return the valid password String
82      */
83     protected abstract String   getUsersPassword() throws LoginException  ;
84  
85     /**
86      * @see org.jboss.security.auth.spi.AbstractServerLoginModule#getRoleSets()
87      */
88     protected abstract Group  [] getRoleSets() throws LoginException  ;
89  }
90
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags