001 /** 002 * Copyright (C) 2009 "Darwin V. Felix" <darwinfelix@users.sourceforge.net> 003 * 004 * This library is free software; you can redistribute it and/or 005 * modify it under the terms of the GNU Lesser General Public 006 * License as published by the Free Software Foundation; either 007 * version 2.1 of the License, or (at your option) any later version. 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * You should have received a copy of the GNU Lesser General Public 015 * License along with this library; if not, write to the Free Software 016 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 017 */ 018 019 package net.sourceforge.spnego; 020 021 import java.security.Principal; 022 023 import javax.servlet.http.HttpServletRequest; 024 import javax.servlet.http.HttpServletRequestWrapper; 025 026 import net.sourceforge.spnego.SpnegoHttpFilter.Constants; 027 028 import org.ietf.jgss.GSSCredential; 029 030 /** 031 * Wrap ServletRequest so we can do our own handling of the 032 * principal and auth types. 033 * 034 * <p>Also, see the documentation on the {@link DelegateServletRequest} class.</p> 035 * 036 * <p>Finally, a credential delegation example can be found on 037 * <a href="http://spnego.sourceforge.net" target="_blank">http://spnego.sourceforge.net</a> 038 * </p> 039 * 040 * @author Darwin V. Felix 041 * 042 */ 043 final class SpnegoHttpServletRequest extends HttpServletRequestWrapper 044 implements DelegateServletRequest { 045 046 /** Client Principal. */ 047 private final transient SpnegoPrincipal principal; 048 049 /** 050 * Creates Servlet Request specifying KerberosPrincipal of user. 051 * 052 * @param request 053 * @param spnegoPrincipal 054 */ 055 SpnegoHttpServletRequest(final HttpServletRequest request 056 , final SpnegoPrincipal spnegoPrincipal) { 057 058 super(request); 059 060 this.principal = spnegoPrincipal; 061 } 062 063 /** 064 * Returns "Negotiate" or "Basic" else default auth type. 065 * 066 * @see javax.servlet.http.HttpServletRequest#getAuthType() 067 */ 068 @Override 069 public String getAuthType() { 070 071 final String authType; 072 final String header = this.getHeader(Constants.AUTHZ_HEADER); 073 074 if (header.startsWith(Constants.NEGOTIATE_HEADER)) { 075 authType = Constants.NEGOTIATE_HEADER; 076 077 } else if (header.startsWith(Constants.BASIC_HEADER)) { 078 authType = Constants.BASIC_HEADER; 079 080 } else { 081 authType = super.getAuthType(); 082 } 083 084 return authType; 085 } 086 087 /** 088 * Return the client's/requester's delegated credential or null. 089 * 090 * @return client's delegated credential or null. 091 */ 092 public GSSCredential getDelegatedCredential() { 093 return this.principal.getDelegatedCredential(); 094 } 095 096 /** 097 * Returns authenticated username (sans domain/realm) else default username. 098 * 099 * @see javax.servlet.http.HttpServletRequest#getRemoteUser() 100 */ 101 @Override 102 public String getRemoteUser() { 103 104 if (null == this.principal) { 105 return super.getRemoteUser(); 106 107 } else { 108 final String[] username = this.principal.getName().split("@", 2); 109 return username[0]; 110 } 111 } 112 113 /** 114 * Returns KerberosPrincipal of user. 115 * 116 * @see javax.servlet.http.HttpServletRequest#getUserPrincipal() 117 */ 118 @Override 119 public Principal getUserPrincipal() { 120 return this.principal; 121 } 122 }