01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.security.servlets;
23:
24: import java.io.IOException;
25: import java.io.PrintWriter;
26: import java.io.InputStream;
27: import java.io.ObjectInputStream;
28: import java.security.Principal;
29: import java.util.HashSet;
30: import java.lang.reflect.Method;
31: import javax.servlet.http.HttpServlet;
32: import javax.servlet.http.HttpServletRequest;
33: import javax.servlet.http.HttpServletResponse;
34: import javax.servlet.ServletException;
35: import javax.naming.InitialContext;
36: import javax.rmi.PortableRemoteObject;
37: import org.jboss.test.security.interfaces.RunAsServiceRemoteHome;
38: import org.jboss.test.security.interfaces.RunAsServiceRemote;
39: import org.jboss.test.security.interfaces.CallerInfo;
40: import org.jboss.security.SimplePrincipal;
41:
42: /**
43: * The target of the web constraints security tests
44: *
45: * @author Scott.Stark@jboss.org
46: * @version $Revision: 57211 $
47: */
48: public class RunAsServlet extends HttpServlet {
49: protected void doRequest(HttpServletRequest request,
50: HttpServletResponse response) throws ServletException,
51: IOException {
52: Principal caller = request.getUserPrincipal();
53:
54: InputStream is = request.getInputStream();
55: ObjectInputStream ois = new ObjectInputStream(is);
56: try {
57: String method = (String) ois.readObject();
58: if (method == null)
59: throw new ServletException("No method parameter given");
60: CallerInfo info = (CallerInfo) ois.readObject();
61: InitialContext ctx = new InitialContext();
62: Object obj = ctx.lookup("jacc/RunAs");
63: obj = PortableRemoteObject.narrow(obj,
64: RunAsServiceRemoteHome.class);
65: RunAsServiceRemoteHome home = (RunAsServiceRemoteHome) obj;
66: System.out.println("Found RunAsServiceRemoteHome");
67: RunAsServiceRemote bean = home.create();
68: System.out.println("Created RunAsServiceRemote");
69: Class[] sig = { CallerInfo.class };
70: Method methodCall = bean.getClass().getMethod(method, sig);
71: Object[] args = { info };
72: methodCall.invoke(bean, args);
73: bean.remove();
74: } catch (Exception e) {
75: e.printStackTrace();
76: throw new ServletException(e);
77: }
78:
79: PrintWriter pw = response.getWriter();
80: pw.write("<html>\n");
81: pw.write("<br>Saw UserPrincipal: " + caller);
82: pw.write("<br>PathInfo: " + request.getPathInfo());
83: pw.write("</html>\n");
84: }
85:
86: protected void doPost(HttpServletRequest request,
87: HttpServletResponse response) throws ServletException,
88: IOException {
89: doRequest(request, response);
90: }
91:
92: protected void doGet(HttpServletRequest request,
93: HttpServletResponse response) throws ServletException,
94: IOException {
95: doRequest(request, response);
96: }
97: }
|