01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.web.servlets;
23:
24: import java.io.IOException;
25: import java.io.PrintWriter;
26: import java.security.Principal;
27: import java.util.Set;
28: import javax.naming.InitialContext;
29: import javax.naming.NamingException;
30: import javax.security.auth.Subject;
31: import javax.servlet.ServletException;
32: import javax.servlet.http.HttpServlet;
33: import javax.servlet.http.HttpServletRequest;
34: import javax.servlet.http.HttpServletResponse;
35: import javax.servlet.http.HttpSession;
36:
37: import org.jboss.logging.Logger;
38:
39: /**
40: * @author Scott.Stark@jboss.org
41: * @version $Revision: 57211 $
42: */
43: public class SubjectServlet extends HttpServlet {
44: static Logger log = Logger.getLogger(SubjectServlet.class);
45:
46: protected void processRequest(HttpServletRequest request,
47: HttpServletResponse response) throws ServletException,
48: IOException {
49: Principal user = request.getUserPrincipal();
50: HttpSession session = request.getSession(false);
51: Subject userSubject = null;
52: try {
53: userSubject = getActiveSubject();
54: if (userSubject == null)
55: throw new ServletException("Active subject was null");
56: response.addHeader("X-SubjectServlet", userSubject
57: .toString());
58: } catch (NamingException e) {
59: throw new ServletException(
60: "Failed to lookup active subject", e);
61: }
62: response.setContentType("text/html");
63: PrintWriter out = response.getWriter();
64: out.println("<html>");
65: out.println("<head><title>SecureServlet</title></head>");
66: out.println("<h1>SecureServlet Accessed</h1>");
67: out.println("<body>");
68: out.println("You have accessed this servlet as user:" + user);
69: if (session != null)
70: out.println("<br>The session id is: " + session.getId());
71: else
72: out.println("<br>There is no session");
73: out.println("<br>Subject: " + userSubject);
74: out.println("</body></html>");
75: out.close();
76: }
77:
78: protected void doGet(HttpServletRequest request,
79: HttpServletResponse response) throws ServletException,
80: IOException {
81: processRequest(request, response);
82: }
83:
84: protected void doPost(HttpServletRequest request,
85: HttpServletResponse response) throws ServletException,
86: IOException {
87: processRequest(request, response);
88: }
89:
90: protected Subject getActiveSubject() throws NamingException {
91: InitialContext ctx = new InitialContext();
92: Subject s = (Subject) ctx
93: .lookup("java:comp/env/security/subject");
94: return s;
95: }
96: }
|