1 7 package winstone.auth; 8 9 import java.io.IOException ; 10 import java.security.cert.X509Certificate ; 11 import java.util.List ; 12 import java.util.Set ; 13 14 import javax.servlet.http.HttpServletRequest ; 15 import javax.servlet.http.HttpServletRequestWrapper ; 16 import javax.servlet.http.HttpServletResponse ; 17 18 import org.w3c.dom.Node ; 19 20 import winstone.AuthenticationPrincipal; 21 import winstone.AuthenticationRealm; 22 import winstone.Logger; 23 import winstone.WinstoneRequest; 24 25 29 public class ClientcertAuthenticationHandler extends BaseAuthenticationHandler { 30 public ClientcertAuthenticationHandler(Node loginConfigNode, 31 List constraintNodes, Set rolesAllowed, 32 AuthenticationRealm realm) { 33 super(loginConfigNode, constraintNodes, rolesAllowed, realm); 34 Logger.log(Logger.DEBUG, AUTH_RESOURCES, 35 "ClientcertAuthenticationHandler.Initialised", realmName); 36 } 37 38 41 protected void requestAuthentication(HttpServletRequest request, 42 HttpServletResponse response, String pathRequested) 43 throws IOException { 44 response.sendError(HttpServletResponse.SC_UNAUTHORIZED, 46 AUTH_RESOURCES.getString("ClientcertAuthenticationHandler.UnauthorizedMessage")); 47 } 48 49 52 protected boolean validatePossibleAuthenticationResponse( 53 HttpServletRequest request, HttpServletResponse response, 54 String pathRequested) throws IOException { 55 X509Certificate certificateArray[] = (X509Certificate []) request 57 .getAttribute("javax.servlet.request.X509Certificate"); 58 if ((certificateArray != null) && (certificateArray.length > 0)) { 59 boolean failed = false; 60 for (int n = 0; n < certificateArray.length; n++) 61 try { 62 certificateArray[n].checkValidity(); 63 } catch (Throwable err) { 64 failed = true; 65 } 66 if (!failed) { 67 AuthenticationPrincipal principal = this.realm 68 .retrieveUser(certificateArray[0].getSubjectDN() 69 .getName()); 70 if (principal != null) { 71 principal.setAuthType(HttpServletRequest.CLIENT_CERT_AUTH); 72 if (request instanceof WinstoneRequest) 73 ((WinstoneRequest) request).setRemoteUser(principal); 74 else if (request instanceof HttpServletRequestWrapper ) { 75 HttpServletRequestWrapper wrapper = (HttpServletRequestWrapper ) request; 76 if (wrapper.getRequest() instanceof WinstoneRequest) 77 ((WinstoneRequest) wrapper.getRequest()) 78 .setRemoteUser(principal); 79 else 80 Logger.log(Logger.WARNING, AUTH_RESOURCES, 81 "ClientCertAuthenticationHandler.CantSetUser", 82 wrapper.getRequest().getClass().getName()); 83 } else 84 Logger.log(Logger.WARNING, AUTH_RESOURCES, 85 "ClientCertAuthenticationHandler.CantSetUser", 86 request.getClass().getName()); 87 } 88 } 89 } 90 return true; 91 } 92 } 93 | Popular Tags |