01: /*
02: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
03: *
04: * This file is part of Resin(R) Open Source
05: *
06: * Each copy or derived work must preserve the copyright notice and this
07: * notice unmodified.
08: *
09: * Resin Open Source is free software; you can redistribute it and/or modify
10: * it under the terms of the GNU General Public License as published by
11: * the Free Software Foundation; either version 2 of the License, or
12: * (at your option) any later version.
13: *
14: * Resin Open Source is distributed in the hope that it will be useful,
15: * but WITHOUT ANY WARRANTY; without even the implied warranty of
16: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17: * of NON-INFRINGEMENT. See the GNU General Public License for more
18: * details.
19: *
20: * You should have received a copy of the GNU General Public License
21: * along with Resin Open Source; if not, write to the
22: * Free SoftwareFoundation, Inc.
23: * 59 Temple Place, Suite 330
24: * Boston, MA 02111-1307 USA
25: *
26: * @author Scott Ferguson
27: */
28:
29: package com.caucho.server.security;
30:
31: import javax.servlet.ServletContext;
32: import javax.servlet.ServletException;
33: import javax.servlet.http.HttpServletRequest;
34: import javax.servlet.http.HttpServletResponse;
35: import java.io.IOException;
36: import java.security.Principal;
37: import java.security.cert.X509Certificate;
38:
39: /**
40: * Implements the "CLIENT-CERT" auth-method. CLIENT-CERT uses the
41: * SSL authentication with WWW-Authenticate and SC_UNAUTHORIZE.
42: */
43: public class ClientCertLogin extends AbstractLogin {
44: /**
45: * Returns the authentication type.
46: */
47: public String getAuthType() {
48: return "CLIENT-CERT";
49: }
50:
51: /**
52: * Logs a user in with a user name and a password. Basic authentication
53: * extracts the user and password from the authorization header. If
54: * the user/password is missing, authenticate will send a basic challenge.
55: *
56: * @param request servlet request
57: * @param response servlet response, in case any cookie need sending.
58: * @param application servlet application
59: *
60: * @return the logged in principal on success, null on failure.
61: */
62: public Principal authenticate(HttpServletRequest request,
63: HttpServletResponse response, ServletContext application)
64: throws ServletException, IOException {
65: return getUserPrincipal(request, response, application);
66: }
67:
68: /**
69: * Returns the current user with the user name and password.
70: *
71: * @param request servlet request
72: * @param response servlet response, in case any cookie need sending.
73: * @param application servlet application
74: *
75: * @return the logged in principal on success, null on failure.
76: */
77: public Principal getUserPrincipal(HttpServletRequest request,
78: HttpServletResponse response, ServletContext application)
79: throws ServletException {
80: X509Certificate[] certs;
81:
82: certs = (X509Certificate[]) request
83: .getAttribute("javax.servlet.request.X509Certificate");
84:
85: if (certs != null)
86: return certs[0].getSubjectDN();
87: else
88: return null;
89: }
90: }
|