01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.web.servlets;
23:
24: import java.io.IOException;
25: import java.io.PrintWriter;
26: import java.security.Principal;
27: import javax.servlet.ServletException;
28: import javax.servlet.http.HttpServlet;
29: import javax.servlet.http.HttpServletRequest;
30: import javax.servlet.http.HttpServletResponse;
31:
32: /** A secured servlet which is the target of a post from an unsecured servlet.
33: * This validates that the post data is not lost when the original post is
34: * redirected to the form auth login page.
35: *
36: * @author Scott.Stark@jboss.org
37: * @version $Revision: 57211 $
38: */
39: public class SecuredPostServlet extends HttpServlet {
40: protected void processRequest(HttpServletRequest request,
41: HttpServletResponse response) throws ServletException,
42: IOException {
43: Principal user = request.getUserPrincipal();
44: String path = request.getPathInfo();
45: // Validate that there is an authenticated user
46: if (user == null)
47: throw new ServletException(path + " not secured");
48: // Validate that the original post data was not lost
49: String value = request.getParameter("checkParam");
50: if (value == null || value.equals("123456") == false)
51: throw new ServletException("Did not find checkParam=123456");
52:
53: PrintWriter out = response.getWriter();
54: response.setContentType("text/html");
55: out.println("<html>");
56: out.println("<head><title>" + path + "</title></head><body>");
57: out.println("<h1>" + path + " Accessed</h1>");
58: out.println("You have accessed this servlet as user: " + user);
59: out.println("</body></html>");
60: out.close();
61: }
62:
63: protected void doGet(HttpServletRequest request,
64: HttpServletResponse response) throws ServletException,
65: IOException {
66: processRequest(request, response);
67: }
68:
69: protected void doPost(HttpServletRequest request,
70: HttpServletResponse response) throws ServletException,
71: IOException {
72: processRequest(request, response);
73: }
74:
75: }
|