001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.test.web.servlets;
023:
024: import java.io.IOException;
025: import java.io.PrintWriter;
026: import java.security.Principal;
027: import javax.naming.InitialContext;
028: import javax.naming.NamingException;
029: import javax.servlet.ServletConfig;
030: import javax.servlet.ServletException;
031: import javax.servlet.http.HttpServlet;
032: import javax.servlet.http.HttpServletRequest;
033: import javax.servlet.http.HttpServletResponse;
034: import javax.security.auth.login.LoginContext;
035: import javax.security.auth.login.LoginException;
036:
037: import org.jboss.security.auth.callback.UsernamePasswordHandler;
038: import org.jboss.test.web.interfaces.StatelessSession;
039: import org.jboss.test.web.interfaces.StatelessSessionHome;
040:
041: /** A servlet that performs a JAAS login to access a secure EJB.
042:
043: @author Scott.Stark@jboss.org
044: @version $Revision: 57211 $
045: */
046: public class ClientLoginServlet extends HttpServlet {
047: protected void processRequest(HttpServletRequest request,
048: HttpServletResponse response) throws ServletException,
049: IOException {
050: LoginContext lc = null;
051: String echoMsg = null;
052: try {
053: lc = doLogin("jduke", "theduke");
054: InitialContext ctx = new InitialContext();
055: StatelessSessionHome home = (StatelessSessionHome) ctx
056: .lookup("java:comp/env/ejb/SecuredEJB");
057: StatelessSession bean = home.create();
058: echoMsg = bean
059: .echo("ClientLoginServlet called SecuredEJB.echo");
060: } catch (LoginException e) {
061: throw new ServletException(
062: "Failed to login to client-login domain as jduke",
063: e);
064: } catch (Exception e) {
065: throw new ServletException("Failed to access SecuredEJB", e);
066: } finally {
067: if (lc != null) {
068: try {
069: lc.logout();
070: } catch (LoginException e) {
071: }
072: }
073: }
074:
075: response.setContentType("text/html");
076: PrintWriter out = response.getWriter();
077: out.println("<html>");
078: out.println("<head><title>ClientLoginServlet</title></head>");
079: out.println("<h1>ClientLoginServlet Accessed</h1>");
080: out
081: .println("<body>Login as user=jduke succeeded.<br>SecuredEJB.echo returned:"
082: + echoMsg + "</body>");
083: out.println("</html>");
084: out.close();
085: }
086:
087: protected void doGet(HttpServletRequest request,
088: HttpServletResponse response) throws ServletException,
089: IOException {
090: processRequest(request, response);
091: }
092:
093: protected void doPost(HttpServletRequest request,
094: HttpServletResponse response) throws ServletException,
095: IOException {
096: processRequest(request, response);
097: }
098:
099: private LoginContext doLogin(String username, String password)
100: throws LoginException {
101: UsernamePasswordHandler handler = new UsernamePasswordHandler(
102: username, password.toCharArray());
103: LoginContext lc = new LoginContext("client-login", handler);
104: lc.login();
105: return lc;
106: }
107: }
|