001: /**
002: *
003: * Licensed to the Apache Software Foundation (ASF) under one or more
004: * contributor license agreements. See the NOTICE file distributed with
005: * this work for additional information regarding copyright ownership.
006: * The ASF licenses this file to You under the Apache License, Version 2.0
007: * (the "License"); you may not use this file except in compliance with
008: * the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing, software
013: * distributed under the License is distributed on an "AS IS" BASIS,
014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015: * See the License for the specific language governing permissions and
016: * limitations under the License.
017: */package org.superbiz.servlet;
018:
019: import javax.ejb.EJB;
020: import javax.ejb.EJBAccessException;
021: import javax.servlet.ServletException;
022: import javax.servlet.ServletOutputStream;
023: import javax.servlet.http.HttpServlet;
024: import javax.servlet.http.HttpServletRequest;
025: import javax.servlet.http.HttpServletResponse;
026: import java.io.IOException;
027: import java.security.Principal;
028:
029: public class SecureServlet extends HttpServlet {
030: @EJB
031: private SecureEJBLocal secureEJBLocal;
032:
033: protected void doGet(HttpServletRequest request,
034: HttpServletResponse response) throws ServletException,
035: IOException {
036: response.setContentType("text/plain");
037: ServletOutputStream out = response.getOutputStream();
038:
039: out.println("Servlet");
040: Principal principal = request.getUserPrincipal();
041: if (principal != null) {
042: out.println("Servlet.getUserPrincipal()=" + principal
043: + " [" + principal.getName() + "]");
044: } else {
045: out.println("Servlet.getUserPrincipal()=<null>");
046: }
047: out.println("Servlet.isCallerInRole(\"user\")="
048: + request.isUserInRole("user"));
049: out.println("Servlet.isCallerInRole(\"manager\")="
050: + request.isUserInRole("manager"));
051: out.println("Servlet.isCallerInRole(\"fake\")="
052: + request.isUserInRole("fake"));
053: out.println();
054:
055: out.println("@EJB=" + secureEJBLocal);
056: if (secureEJBLocal != null) {
057: principal = secureEJBLocal.getCallerPrincipal();
058: if (principal != null) {
059: out.println("@EJB.getCallerPrincipal()=" + principal
060: + " [" + principal.getName() + "]");
061: } else {
062: out.println("@EJB.getCallerPrincipal()=<null>");
063: }
064: out.println("@EJB.isCallerInRole(\"user\")="
065: + secureEJBLocal.isCallerInRole("user"));
066: out.println("@EJB.isCallerInRole(\"manager\")="
067: + secureEJBLocal.isCallerInRole("manager"));
068: out.println("@EJB.isCallerInRole(\"fake\")="
069: + secureEJBLocal.isCallerInRole("fake"));
070:
071: try {
072: secureEJBLocal.allowUserMethod();
073: out.println("@EJB.allowUserMethod() ALLOWED");
074: } catch (EJBAccessException e) {
075: out.println("@EJB.allowUserMethod() DENIED");
076: }
077:
078: try {
079: secureEJBLocal.allowManagerMethod();
080: out.println("@EJB.allowManagerMethod() ALLOWED");
081: } catch (EJBAccessException e) {
082: out.println("@EJB.allowManagerMethod() DENIED");
083: }
084:
085: try {
086: secureEJBLocal.allowFakeMethod();
087: out.println("@EJB.allowFakeMethod() ALLOWED");
088: } catch (EJBAccessException e) {
089: out.println("@EJB.allowFakeMethod() DENIED");
090: }
091:
092: try {
093: secureEJBLocal.denyAllMethod();
094: out.println("@EJB.denyAllMethod() ALLOWED");
095: } catch (EJBAccessException e) {
096: out.println("@EJB.denyAllMethod() DENIED");
097: }
098: }
099: out.println();
100: }
101: }
|