01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.security.test;
23:
24: import org.apache.catalina.Context;
25: import org.apache.catalina.connector.Request;
26: import org.apache.catalina.deploy.SecurityConstraint;
27: import org.jboss.logging.Logger;
28:
29: //$Id: CustomSecurityConstraintProvider.java 57211 2006-09-26 12:39:46Z dimitris@jboss.org $
30:
31: /**
32: * JBAS-2519: Delegate to JACC provider for unsecured resources in web.xml
33: * Custom Security Constraint provider class that overrides
34: * the findSecurityConstraint method of the Realm interface
35: *
36: * @author <a href="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
37: * @since Apr 27, 2006
38: * @version $Revision: 57211 $
39: */
40: public class CustomSecurityConstraintProvider {
41: private static Logger log = Logger
42: .getLogger(CustomSecurityConstraintProvider.class);
43:
44: public CustomSecurityConstraintProvider() {
45: log.debug("Constructed.");
46: }
47:
48: /**
49: * Key method that provides the Tomcat AuthenticatorBase with an array
50: * of SecurityConstraint such that a call happens to the Realm
51: *
52: * @param request
53: * @param context
54: * @return
55: */
56: public SecurityConstraint[] findSecurityConstraints(
57: Request request, Context context) {
58: log.debug("findSecurityConstraint method called");
59: if ("/jacc-delegate".equals(context.getName()))
60: return getSecurityConstraints(request, context);
61: return new SecurityConstraint[] {};
62: }
63:
64: //Private Methods
65: /*
66: * Return Security Constraint array only when the request is for
67: * index.html
68: */
69: private SecurityConstraint[] getSecurityConstraints(
70: Request request, Context context) {
71: SecurityConstraint[] scarr = null;
72: if (request.getRequestURI().indexOf("index.html") > -1) {
73: SecurityConstraint sc = new SecurityConstraint();
74: sc.setAuthConstraint(false);
75: scarr = new SecurityConstraint[] { sc };
76: }
77: log.debug("getSecurityConstraints is for request uri="
78: + request.getRequestURI()
79: + " and SecurityConstraint[]=" + scarr);
80: return scarr;
81: }
82: }
|