View Javadoc
1   /*
2    * JBoss, Home of Professional Open Source
3    * Copyright 2014, Red Hat, Inc. and/or its affiliates, and individual
4    * contributors by the @authors tag. See the copyright.txt in the
5    * distribution for a full listing of individual contributors.
6    *
7    * Licensed under the Apache License, Version 2.0 (the "License");
8    * you may not use this file except in compliance with the License.
9    * You may obtain a copy of the License at
10   * http://www.apache.org/licenses/LICENSE-2.0
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.jboss.as.quickstarts.servlet_security;
18  
19  import java.io.IOException;
20  import java.io.PrintWriter;
21  import java.security.Principal;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.annotation.HttpConstraint;
25  import javax.servlet.annotation.ServletSecurity;
26  import javax.servlet.annotation.WebServlet;
27  import javax.servlet.http.HttpServlet;
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  
31  /**
32   * A simple secured Servlet. Upon successful authentication and authorization the Servlet will print details of the user and
33   * authentication. Servlet security is implemented using annotations.
34   * 
35   * @author Sherif Makary
36   * 
37   */
38  @SuppressWarnings("serial")
39  @WebServlet("/SecuredServlet")
40  @ServletSecurity(@HttpConstraint(rolesAllowed = { "quickstarts" }))
41  public class SecuredServlet extends HttpServlet {
42  
43      private static String PAGE_HEADER = "<html><head><title>servlet-security</title></head><body>";
44  
45      private static String PAGE_FOOTER = "</body></html>";
46  
47      @Override
48      protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
49          PrintWriter writer = resp.getWriter();
50          Principal principal = null;
51          String authType = null;
52          String remoteUser = null;
53  
54          // Get security principal
55          principal = req.getUserPrincipal();
56          // Get user name from login principal
57          remoteUser = req.getRemoteUser();
58          // Get authentication type
59          authType = req.getAuthType();
60  
61          writer.println(PAGE_HEADER);
62          writer.println("<h1>" + "Successfully called Secured Servlet " + "</h1>");
63          writer.println("<p>" + "Principal  : " + principal.getName() + "</p>");
64          writer.println("<p>" + "Remote User : " + remoteUser + "</p>");
65          writer.println("<p>" + "Authentication Type : " + authType + "</p>");
66          writer.println(PAGE_FOOTER);
67          writer.close();
68      }
69  
70  }