01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.web.servlets;
23:
24: import java.io.IOException;
25: import java.io.PrintWriter;
26: import java.security.Principal;
27: import javax.servlet.ServletException;
28: import javax.servlet.http.HttpServlet;
29: import javax.servlet.http.HttpServletRequest;
30: import javax.servlet.http.HttpServletResponse;
31: import javax.servlet.http.HttpSession;
32: import javax.security.auth.Subject;
33:
34: import org.jboss.security.SecurityAssociation;
35:
36: /** A servlet that is secured by the web.xml descriptor. When accessed
37: * it simply prints the getUserPrincipal that accessed the url.
38: *
39: * @author Scott.Stark@jboss.org
40: * @version $Revision: 57211 $
41: */
42: public class SecureServlet extends HttpServlet {
43: protected void processRequest(HttpServletRequest request,
44: HttpServletResponse response) throws ServletException,
45: IOException {
46: Principal user = request.getUserPrincipal();
47: String validateSubject = request
48: .getParameter("validateSubject");
49: if (validateSubject != null
50: && Boolean.valueOf(validateSubject).booleanValue()) {
51: // Assert that there is a valid SecurityAssociation Subject
52: Subject subject = SecurityAssociation.getSubject();
53: if (subject == null)
54: throw new ServletException(
55: "No valid subject found, user=" + user);
56: }
57: HttpSession session = request.getSession(false);
58: response.setContentType("text/html");
59: PrintWriter out = response.getWriter();
60: out.println("<html>");
61: out.println("<head><title>SecureServlet</title></head>");
62: out.println("<h1>SecureServlet Accessed</h1>");
63: out.println("<body>");
64: out.println("You have accessed this servlet as user:" + user);
65: if (session != null)
66: out.println("<br>The session id is: " + session.getId());
67: else
68: out.println("<br>There is no session");
69: out.println("</body></html>");
70: out.close();
71: }
72:
73: protected void doGet(HttpServletRequest request,
74: HttpServletResponse response) throws ServletException,
75: IOException {
76: processRequest(request, response);
77: }
78:
79: protected void doPost(HttpServletRequest request,
80: HttpServletResponse response) throws ServletException,
81: IOException {
82: processRequest(request, response);
83: }
84:
85: }
|