01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.test.web.servlets;
23:
24: import java.io.IOException;
25: import javax.servlet.Filter;
26: import javax.servlet.FilterConfig;
27: import javax.servlet.ServletException;
28: import javax.servlet.ServletRequest;
29: import javax.servlet.ServletResponse;
30: import javax.servlet.FilterChain;
31: import javax.servlet.http.HttpServletResponse;
32: import javax.security.auth.Subject;
33: import javax.naming.NamingException;
34: import javax.naming.InitialContext;
35:
36: import org.jboss.security.SubjectSecurityManager;
37:
38: /**
39: * @author Scott.Stark@jboss.org
40: * @version $Revision: 57211 $
41: */
42: public class SubjectFilter implements Filter {
43: public void init(FilterConfig filterConfig) throws ServletException {
44:
45: }
46:
47: public void doFilter(ServletRequest request,
48: ServletResponse response, FilterChain filterChain)
49: throws IOException, ServletException {
50: HttpServletResponse httpResponse = (HttpServletResponse) response;
51: try {
52: Subject userSubject = getActiveSubject(httpResponse);
53: if (userSubject == null)
54: throw new ServletException("Active subject was null");
55: } catch (NamingException e) {
56: throw new ServletException(
57: "Failed to lookup active subject", e);
58: }
59: filterChain.doFilter(request, response);
60: }
61:
62: public void destroy() {
63: }
64:
65: protected Subject getActiveSubject(HttpServletResponse httpResponse)
66: throws NamingException {
67: InitialContext ctx = new InitialContext();
68: SubjectSecurityManager mgr = (SubjectSecurityManager) ctx
69: .lookup("java:comp/env/security/securityMgr");
70: Subject s0 = mgr.getActiveSubject();
71: httpResponse
72: .addHeader("X-SubjectFilter-SubjectSecurityManager", s0
73: .toString());
74: Subject s1 = (Subject) ctx
75: .lookup("java:comp/env/security/subject");
76: httpResponse.addHeader("X-SubjectFilter-ENC", s1.toString());
77: return s1;
78: }
79: }
|