01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.web.security.authenticators;
23:
24: import java.io.IOException;
25: import java.security.Principal;
26:
27: import org.apache.catalina.Realm;
28: import org.apache.catalina.Session;
29: import org.apache.catalina.authenticator.AuthenticatorBase;
30: import org.apache.catalina.authenticator.Constants;
31: import org.apache.catalina.connector.Request;
32: import org.apache.catalina.connector.Response;
33: import org.apache.catalina.deploy.LoginConfig;
34: import org.jboss.logging.Logger;
35: import javax.servlet.http.HttpServletResponse;
36:
37: //$Id: HeaderAuthenticator.java 57211 2006-09-26 12:39:46Z dimitris@jboss.org $
38:
39: /**
40: * Test Authenticator that can authenticate based on headers.
41: * username = JBOSS_TEST_USER_NAME
42: * credential = JBOSS_TEST_CREDENTIAL
43: * @author <a href="mailto:Anil.Saldhana@jboss.org">Anil Saldhana</a>
44: * @since Mar 6, 2006
45: * @version $Revision: 57211 $
46: */
47: public class HeaderAuthenticator extends AuthenticatorBase {
48: private static Logger log = Logger
49: .getLogger(HeaderAuthenticator.class);
50:
51: /**
52: * Create a new HeaderAuthenticator.
53: */
54: public HeaderAuthenticator() {
55: super ();
56: }
57:
58: /**
59: * Authenticate the user making this request, based on the specified
60: * login configuration. Return <code>true</code> if any specified
61: * constraint has been satisfied, or <code>false</code> if we have
62: * created a response challenge already.
63: *
64: * @param request Request we are processing
65: * @param response Response we are creating
66: * @param config Login configuration describing how authentication
67: * should be performed
68: *
69: * @exception IOException if an input/output error occurs
70: */
71: protected boolean authenticate(Request request, Response response,
72: LoginConfig config) throws IOException {
73: Realm realm = context.getRealm();
74: /**
75: * You can get the userid/credential from the header
76: */
77: Session session = request.getSessionInternal(true);
78: String username = request.getHeader("JBOSS_TEST_USER_NAME");
79: String password = request.getHeader("JBOSS_TEST_CREDENTIAL");
80: log.debug("Test UserName =" + username);
81: log.debug("Test cred present?:" + (password != null));
82: Principal principal = realm.authenticate(username, password);
83: if (principal == null) {
84: response.sendError(HttpServletResponse.SC_FORBIDDEN);
85: return false;
86: }
87:
88: //Save the authenticated Principal in our session
89: session.setNote(Constants.SESS_USERNAME_NOTE, principal);
90: request.setUserPrincipal(principal);
91: return true;
92: }
93:
94: }
|