ClientcertAuthenticationHandler


1   /*
2    * Copyright 2003-2006 Rick Knowles <winstone-devel at lists sourceforge net>
3    * Distributed under the terms of either:
4    * - the common development and distribution license (CDDL), v1.0; or
5    * - the GNU Lesser General Public License, v2.1 or later
6    */
7   package winstone.auth;
8   
9   import java.io.IOException  ;
10  import java.security.cert.X509Certificate  ;
11  import java.util.List  ;
12  import java.util.Set  ;
13  
14  import javax.servlet.http.HttpServletRequest  ;
15  import javax.servlet.http.HttpServletRequestWrapper  ;
16  import javax.servlet.http.HttpServletResponse  ;
17  
18  import org.w3c.dom.Node  ;
19  
20  import winstone.AuthenticationPrincipal;
21  import winstone.AuthenticationRealm;
22  import winstone.Logger;
23  import winstone.WinstoneRequest;
24  
25  /**
26   * @author <a HREF="mailto:rick_knowles@hotmail.com">Rick Knowles</a>
27   * @version $Id: ClientcertAuthenticationHandler.java,v 1.3 2006/02/28 07:32:47 rickknowles Exp $
28   */
29  public class ClientcertAuthenticationHandler extends BaseAuthenticationHandler {
30      public ClientcertAuthenticationHandler(Node   loginConfigNode,
31              List   constraintNodes, Set   rolesAllowed,
32              AuthenticationRealm realm) {
33          super(loginConfigNode, constraintNodes, rolesAllowed, realm);
34          Logger.log(Logger.DEBUG, AUTH_RESOURCES,
35                  "ClientcertAuthenticationHandler.Initialised", realmName);
36      }
37  
38      /**
39       * Call this once we know that we need to authenticate
40       */
41      protected void requestAuthentication(HttpServletRequest   request,
42              HttpServletResponse   response, String   pathRequested)
43              throws IOException   {
44          // Return unauthorized, and set the realm name
45          response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
46                  AUTH_RESOURCES.getString("ClientcertAuthenticationHandler.UnauthorizedMessage"));
47      }
48  
49      /**
50       * Handling the (possible) response
51       */
52      protected boolean validatePossibleAuthenticationResponse(
53              HttpServletRequest   request, HttpServletResponse   response,
54              String   pathRequested) throws IOException   {
55          // Check for certificates in the request attributes
56          X509Certificate   certificateArray[] = (X509Certificate  []) request
57                  .getAttribute("javax.servlet.request.X509Certificate");
58          if ((certificateArray != null) && (certificateArray.length > 0)) {
59              boolean failed = false;
60              for (int n = 0; n < certificateArray.length; n++)
61                  try {
62                      certificateArray[n].checkValidity();
63                  } catch (Throwable   err) {
64                      failed = true;
65                  }
66              if (!failed) {
67                  AuthenticationPrincipal principal = this.realm
68                          .retrieveUser(certificateArray[0].getSubjectDN()
69                                  .getName());
70                  if (principal != null) {
71                      principal.setAuthType(HttpServletRequest.CLIENT_CERT_AUTH);
72                      if (request instanceof WinstoneRequest)
73                          ((WinstoneRequest) request).setRemoteUser(principal);
74                      else if (request instanceof HttpServletRequestWrapper  ) {
75                          HttpServletRequestWrapper   wrapper = (HttpServletRequestWrapper  ) request;
76                          if (wrapper.getRequest() instanceof WinstoneRequest)
77                              ((WinstoneRequest) wrapper.getRequest())
78                                      .setRemoteUser(principal);
79                          else
80                              Logger.log(Logger.WARNING, AUTH_RESOURCES,
81                                      "ClientCertAuthenticationHandler.CantSetUser",
82                                              wrapper.getRequest().getClass().getName());
83                      } else
84                          Logger.log(Logger.WARNING, AUTH_RESOURCES,
85                                  "ClientCertAuthenticationHandler.CantSetUser",
86                                  request.getClass().getName());
87                  }
88              }
89          }
90          return true;
91      }
92  }
93
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags