Package org.codelibs.spnego

Class SpnegoHttpServletRequest

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

org.codelibs.spnego.SpnegoHttpServletRequest

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest, DelegateServletRequest, SpnegoAccessControl

public final class SpnegoHttpServletRequest
extends javax.servlet.http.HttpServletRequestWrapper
implements DelegateServletRequest, SpnegoAccessControl

Wrap ServletRequest so we can do our own handling of the principal and auth types.

Also, see the documentation on the DelegateServletRequest class.

Finally, a credential delegation example can be found on http://spnego.sourceforge.net

Author:

Darwin V. Felix

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Method Summary

Modifier and Type	Method	Description
boolean	anyAccess(String... resources)	Checks to see if the user has at least one of the passed-in user-defined resource labels
boolean	anyRole(String... roles)	Checks to see if the user has at least one of the passed-in attributes.
String	getAuthType()	Returns "Negotiate" or "Basic" else default auth type.
GSSCredential	getDelegatedCredential()	Returns the requester's delegated credential.
String	getRemoteUser()	Returns authenticated username (sans domain/realm) else default username.
UserInfo	getUserInfo()	Returns the user's info object.
Principal	getUserPrincipal()	Returns KerberosPrincipal of user.
boolean	hasAccess(String resource)	Checks to see if the user has access to the user-defined resource label.
boolean	hasAccess(String resourceX, String... resourceYs)	Checks to see if the user has the first user-defined resource label AND has at least one of the passed-in user-defined resource labels.
boolean	hasRole(String role)	Checks to see if the user has the passed-in attribute.
boolean	hasRole(String featureX, String... featureYs)	Checks to see if the user has the first attribute AND has at least one of the passed-in attributes.
boolean	isUserInRole(String role)

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, changeSessionId, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout, upgrade

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Method Detail

getAuthType

public String getAuthType()

Returns "Negotiate" or "Basic" else default auth type.

Specified by:

getAuthType in interface javax.servlet.http.HttpServletRequest

Overrides:

getAuthType in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getAuthType()

getDelegatedCredential

public GSSCredential getDelegatedCredential()

Description copied from interface: DelegateServletRequest

Returns the requester's delegated credential.

Returns null if request has no delegated credential or if delegated credentials are not supported.

Specified by:

getDelegatedCredential in interface DelegateServletRequest

Returns:

delegated credential or null

getRemoteUser

public String getRemoteUser()

Returns authenticated username (sans domain/realm) else default username.

Specified by:

getRemoteUser in interface javax.servlet.http.HttpServletRequest

Overrides:

getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getRemoteUser()

getUserPrincipal

public Principal getUserPrincipal()

Returns KerberosPrincipal of user.

Specified by:

getUserPrincipal in interface javax.servlet.http.HttpServletRequest

Overrides:

getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper

See Also:

HttpServletRequest.getUserPrincipal()

anyRole

public boolean anyRole(String... roles)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has at least one of the passed-in attributes.

 String[] attributes = new String[] {"Developer", "Los Angeles", "Manager"};
 
 if (accessControl.anyRole(attributes)) {
     // will be in here if the user has at least one matching attribute
 }
 

Specified by:

anyRole in interface SpnegoAccessControl

Parameters:

roles - e.g. Team Lead, IT, Developer

Returns:

true if the user has at least one of the passed-in roles/features

hasRole

public boolean hasRole(String role)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the passed-in attribute.

 String attribute = "Developer";
 
 if (accessControl.hasRole(attribute)) {
     // will be in here if the user has the matching attribute
 }
 

Specified by:

hasRole in interface SpnegoAccessControl

Parameters:

role - e.g. Team Lead, IT, Developer

Returns:

true if the user has at least one of the passed-in roles/features

hasRole

public boolean hasRole(String featureX,
                       String... featureYs)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the first attribute AND has at least one of the passed-in attributes.

 String attributeX = "Los Angeles";
 String[] attributeYs = new String[] {"Developer", "Manager"};
 
 if (accessControl.hasRole(attributeX, attributeYs)) {
     // will be in here if the user has attributeX 
     // AND has at least one of the attributeYs.
 }
 

Specified by:

hasRole in interface SpnegoAccessControl

Parameters:

featureX - e.g. Information Technology

featureYs - e.g. Team Lead, IT-Architecture-DL

Returns:

true if the user has featureX AND at least one the featureYs

anyAccess

public boolean anyAccess(String... resources)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has at least one of the passed-in user-defined resource labels

 String[] resources = new String[] {"admin-links", "ops-buttons"};
 
 if (accessControl.anyAccess(resources)) {
     // will be in here if the user has at least one matching resource
 }
 

Specified by:

anyAccess in interface SpnegoAccessControl

Parameters:

resources - e.g. admin-links, ops-buttons

Returns:

true if the user has at least one of the passed-in resources

hasAccess

public boolean hasAccess(String resource)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has access to the user-defined resource label.

 boolean hasPermission = false;
 
 if (request instanceof SpnegoAccessControl) {
     SpnegoAccessControl accessControl = (SpnegoAccessControl) request;
     
     hasPermission = accessControl.hasAccess("finance-links");
 } 
 

Specified by:

hasAccess in interface SpnegoAccessControl

Parameters:

resource - e.g. admin-buttons

Returns:

true if the user has access to the user-defined resource

hasAccess

public boolean hasAccess(String resourceX,
                         String... resourceYs)

Description copied from interface: SpnegoAccessControl

Checks to see if the user has the first user-defined resource label AND has at least one of the passed-in user-defined resource labels.

 String resourceX = "finance-links";
 String[] resourceYs = new String[] {"admin-links", "accounting-buttons"};
 
 if (accessControl.hasAccess(resourceX, resourceYs)) {
     // will be in here if the user has resourceX 
     // AND has at least one of the resourceYs.
 }
 

Specified by:

hasAccess in interface SpnegoAccessControl

Parameters:

resourceX - e.g. finance-links

resourceYs - e.g. admin-links, accounting-buttons

Returns:

true if the user has resourceX AND at least one the resourceYs

getUserInfo

public UserInfo getUserInfo()

Description copied from interface: SpnegoAccessControl

Returns the user's info object.

Specified by:

getUserInfo in interface SpnegoAccessControl

Returns:

the user's info object

isUserInRole

public boolean isUserInRole(String role)

Specified by:

isUserInRole in interface javax.servlet.http.HttpServletRequest

Overrides:

isUserInRole in class javax.servlet.http.HttpServletRequestWrapper