001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.web.tomcat.security;
023:
024: import java.security.Principal;
025: import java.io.IOException;
026:
027: import javax.security.auth.callback.Callback;
028: import javax.security.auth.callback.CallbackHandler;
029: import javax.security.auth.callback.UnsupportedCallbackException;
030: import javax.servlet.http.HttpServletRequest;
031:
032: import org.jboss.security.auth.callback.SecurityAssociationHandler;
033:
034: /**
035: * An implementation of CallbackHandler that extends the default
036: * SecurityAssociationHandler to add Callbacks that only have sense in a Web
037: * environment.
038: *
039: * In order to use it you need to override the default CallbackHandler used by
040: * the JaasSecurityManager.
041: *
042: * @see javax.security.auth.callback.CallbackHandler
043: * @see #handle(Callback[])
044: *
045: * @deprecated Use the standard JACC PolicyContext handler for the servlet request
046: *
047: * @author Ricardo Arguello (ricardoarguello@users.sourceforge.net)
048: * @version $Revision: 57206 $
049: */
050: public class WebCallbackHandler extends SecurityAssociationHandler
051: implements CallbackHandler {
052: public WebCallbackHandler() {
053: super ();
054: }
055:
056: /**
057: * Initialize the HttpServletRequestCallbackHandler with the principal and
058: * credentials to use.
059: */
060: public WebCallbackHandler(Principal principal, Object credential) {
061: super (principal, credential);
062: }
063:
064: /**
065: * @see org.jboss.security.auth.callback.SecurityAssociationHandler#setSecurityInfo(java.security.Principal,
066: * java.lang.Object)
067: */
068: public void setSecurityInfo(Principal principal, Object credential) {
069: super .setSecurityInfo(principal, credential);
070: }
071:
072: /**
073: * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
074: */
075: public void handle(Callback[] callbacks) throws IOException,
076: UnsupportedCallbackException {
077: try {
078: super .handle(callbacks);
079: } catch (UnsupportedCallbackException uce) {
080: Callback c = uce.getCallback();
081:
082: if (c instanceof HttpServletRequestCallback) {
083: // Get the HttpServletRequest from the Valve
084: HttpServletRequest request = getHttpServletRequestFromValve();
085:
086: // Set it in the Callback
087: HttpServletRequestCallback hsrc = (HttpServletRequestCallback) c;
088: hsrc.setHttpServletRequest(request);
089: } else {
090: throw new UnsupportedCallbackException(c,
091: "Unrecognized Callback");
092: }
093: }
094: }
095:
096: /**
097: * Obtains the HttpServletRequest saved inside the HttpServletRequestValve.
098: *
099: * @return an HttpServletRequest.
100: */
101: protected HttpServletRequest getHttpServletRequestFromValve() {
102: return (HttpServletRequest) HttpServletRequestValve.httpRequest
103: .get();
104: }
105: }
|