net.sourceforge.spnego

Class SpnegoHttpServletRequest

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

net.sourceforge.spnego.SpnegoHttpServletRequest

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest, DelegateServletRequest, SpnegoAccessControl

final class SpnegoHttpServletRequest
extends javax.servlet.http.HttpServletRequestWrapper
implements DelegateServletRequest, SpnegoAccessControl

Wrap ServletRequest so we can do our own handling of the principal and auth types.

Also, see the documentation on the DelegateServletRequest class.

Finally, a credential delegation example can be found on http://spnego.sourceforge.net

Author:

Darwin V. Felix

Field Summary

Fields

Modifier and Type	Field and Description
private UserAccessControl	accessControl authZ framework interface.
private static String	MESSAGE_UNSUPPORTED
private SpnegoPrincipal	principal Client Principal.

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor and Description
SpnegoHttpServletRequest(javax.servlet.http.HttpServletRequest request, SpnegoPrincipal spnegoPrincipal) Creates Servlet Request specifying KerberosPrincipal of user.
SpnegoHttpServletRequest(javax.servlet.http.HttpServletRequest request, SpnegoPrincipal spnegoPrincipal, UserAccessControl userAccessControl) Creates Servlet Request specifying KerberosPrincipal of user and a specified User Access Control (authZ).

Method Summary

Modifier and Type	Method and Description
boolean	anyAccess(String... resources) Checks to see if the user has at least one of the passed-in user-defined resource labels
boolean	anyRole(String... roles) Checks to see if the user has at least one of the passed-in attributes.
String	getAuthType() Returns "Negotiate" or "Basic" else default auth type.
GSSCredential	getDelegatedCredential() Returns the requester's delegated credential.
String	getRemoteUser() Returns authenticated username (sans domain/realm) else default username.
UserInfo	getUserInfo() Returns the user's info object.
Principal	getUserPrincipal() Returns KerberosPrincipal of user.
boolean	hasAccess(String resource) Checks to see if the user has access to the user-defined resource label.
boolean	hasAccess(String resourceX, String... resourceYs) Checks to see if the user has the first user-defined resource label AND has at least one of the passed-in user-defined resource labels.
boolean	hasRole(String role) Checks to see if the user has the passed-in attribute.
boolean	hasRole(String featureX, String... featureYs) Checks to see if the user has the first attribute AND has at least one of the passed-in attributes.
boolean	isUserInRole(String role)

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid

Methods inherited from class javax.servlet.ServletRequestWrapper

getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding, setRequest

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding

Field Detail

MESSAGE_UNSUPPORTED

private static final String MESSAGE_UNSUPPORTED

See Also:

Constant Field Values

principal

private final transient SpnegoPrincipal principal

Client Principal.

accessControl

private final transient UserAccessControl accessControl

authZ framework interface.

Constructor Detail

SpnegoHttpServletRequest

SpnegoHttpServletRequest(javax.servlet.http.HttpServletRequest request,
                         SpnegoPrincipal spnegoPrincipal)

Creates Servlet Request specifying KerberosPrincipal of user.

Parameters:

request -

spnegoPrincipal -

SpnegoHttpServletRequest

SpnegoHttpServletRequest(javax.servlet.http.HttpServletRequest request,
                         SpnegoPrincipal spnegoPrincipal,
                         UserAccessControl userAccessControl)

Creates Servlet Request specifying KerberosPrincipal of user and a specified User Access Control (authZ).

Parameters:

request -

spnegoPrincipal -

userAccessControl -

Method Detail

getAuthType

public String getAuthType()

Returns "Negotiate" or "Basic" else default auth type.

Specified by:

getAuthType in interface javax.servlet.http.HttpServletRequest

Overrides:

getAuthType in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getAuthType()

getDelegatedCredential

public GSSCredential getDelegatedCredential()

Description copied from interface: DelegateServletRequest

Returns the requester's delegated credential.

Returns null if request has no delegated credential or if delegated credentials are not supported.

Specified by:

getDelegatedCredential in interface DelegateServletRequest

Returns:

delegated credential or null

getRemoteUser

public String getRemoteUser()

Returns authenticated username (sans domain/realm) else default username.

Specified by:

getRemoteUser in interface javax.servlet.http.HttpServletRequest

Overrides:

getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getRemoteUser()

getUserPrincipal

public Principal getUserPrincipal()

Returns KerberosPrincipal of user.

Specified by:

getUserPrincipal in interface javax.servlet.http.HttpServletRequest

Overrides:

getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getUserPrincipal()

anyRole

public boolean anyRole(String... roles)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has at least one of the passed-in attributes.

 String[] attributes = new String[] {"Developer", "Los Angeles", "Manager"};
 
 if (accessControl.anyRole(attributes)) {
     // will be in here if the user has at least one matching attribute
 }
 

Specified by:

anyRole in interface SpnegoAccessControl

Parameters:

roles - e.g. Team Lead, IT, Developer

Returns:

true if the user has at least one of the passed-in roles/features

hasRole

public boolean hasRole(String role)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the passed-in attribute.

 String attribute = "Developer";
 
 if (accessControl.hasRole(attribute)) {
     // will be in here if the user has the matching attribute
 }
 

Specified by:

hasRole in interface SpnegoAccessControl

Parameters:

role - e.g. Team Lead, IT, Developer

Returns:

true if the user has at least one of the passed-in roles/features

hasRole

public boolean hasRole(String featureX,
                       String... featureYs)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the first attribute AND has at least one of the passed-in attributes.

 String attributeX = "Los Angeles";
 String[] attributeYs = new String[] {"Developer", "Manager"};
 
 if (accessControl.hasRole(attributeX, attributeYs)) {
     // will be in here if the user has attributeX 
     // AND has at least one of the attributeYs.
 }
 

Specified by:

hasRole in interface SpnegoAccessControl

Parameters:

featureX - e.g. Information Technology

featureYs - e.g. Team Lead, IT-Architecture-DL

Returns:

true if the user has featureX AND at least one the featureYs

anyAccess

public boolean anyAccess(String... resources)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has at least one of the passed-in user-defined resource labels

 String[] resources = new String[] {"admin-links", "ops-buttons"};
 
 if (accessControl.anyAccess(resources)) {
     // will be in here if the user has at least one matching resource
 }
 

Specified by:

anyAccess in interface SpnegoAccessControl

Parameters:

resources - e.g. admin-links, ops-buttons

Returns:

true if the user has at least one of the passed-in resources

hasAccess

public boolean hasAccess(String resource)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has access to the user-defined resource label.

 boolean hasPermission = false;
 
 if (request instanceof SpnegoAccessControl) {
     SpnegoAccessControl accessControl = (SpnegoAccessControl) request;
     
     hasPermission = accessControl.hasAccess("finance-links");
 } 
 

Specified by:

hasAccess in interface SpnegoAccessControl

Parameters:

resource - e.g. admin-buttons

Returns:

true if the user has access to the user-defined resource

hasAccess

public boolean hasAccess(String resourceX,
                         String... resourceYs)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the first user-defined resource label AND has at least one of the passed-in user-defined resource labels.

 String resourceX = "finance-links";
 String[] resourceYs = new String[] {"admin-links", "accounting-buttons"};
 
 if (accessControl.hasAccess(resourceX, resourceYs)) {
     // will be in here if the user has resourceX 
     // AND has at least one of the resourceYs.
 }
 

Specified by:

hasAccess in interface SpnegoAccessControl

Parameters:

resourceX - e.g. finance-links

resourceYs - e.g. admin-links, accounting-buttons

Returns:

true if the user has resourceX AND at least one the resourceYs

getUserInfo

public UserInfo getUserInfo()

Description copied from interface: SpnegoAccessControl

Returns the user's info object.

Specified by:

getUserInfo in interface SpnegoAccessControl

Returns:

the user's info object

isUserInRole

public boolean isUserInRole(String role)

Specified by:

isUserInRole in interface javax.servlet.http.HttpServletRequest

Overrides:

isUserInRole in class javax.servlet.http.HttpServletRequestWrapper