View Javadoc
1   /*
2    * JBoss, Home of Professional Open Source
3    * Copyright 2014, Red Hat, Inc. and/or its affiliates, and individual
4    * contributors by the @authors tag. See the copyright.txt in the
5    * distribution for a full listing of individual contributors.
6    *
7    * Licensed under the Apache License, Version 2.0 (the "License");
8    * you may not use this file except in compliance with the License.
9    * You may obtain a copy of the License at
10   * http://www.apache.org/licenses/LICENSE-2.0
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.jboss.as.quickstarts.ejb_security;
18  
19  import java.io.IOException;
20  import java.io.PrintWriter;
21  import javax.ejb.EJB;
22  import javax.servlet.ServletException;
23  import javax.servlet.annotation.HttpConstraint;
24  import javax.servlet.annotation.ServletSecurity;
25  import javax.servlet.annotation.WebServlet;
26  import javax.servlet.http.HttpServlet;
27  import javax.servlet.http.HttpServletRequest;
28  import javax.servlet.http.HttpServletResponse;
29  
30  import org.jboss.as.quickstarts.ejb_security.SecuredEJB;
31  
32  /**
33   * A simple secured Servlet which calls a secured EJB. Upon successful authentication and authorization the EJB will return the
34   * principal's name. Servlet security is implemented using annotations.
35   * 
36   * @author Sherif Makary
37   * 
38   */
39  @SuppressWarnings("serial")
40  @WebServlet("/SecuredEJBServlet")
41  @ServletSecurity(@HttpConstraint(rolesAllowed = "guest"))
42  public class SecuredEJBServlet extends HttpServlet {
43  
44      private static String PAGE_HEADER = "<html><head><title>ejb-security</title></head><body>";
45  
46      private static String PAGE_FOOTER = "</body></html>";
47  
48      // Inject the Secured EJB
49      @EJB
50      private SecuredEJB securedEJB;
51  
52      /**
53       * Servlet entry point method which calls securedEJB.getSecurityInfo()
54       */
55      @Override
56      protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
57          PrintWriter writer = resp.getWriter();
58          String principal = null;
59          String authType = null;
60          String remoteUser = null;
61  
62          // Get security principal
63          principal = securedEJB.getSecurityInfo();
64          // Get user name from login principal
65          remoteUser = req.getRemoteUser();
66          // Get authentication type
67          authType = req.getAuthType();
68  
69          writer.println(PAGE_HEADER);
70          writer.println("<h1>" + "Successfully called Secured EJB " + "</h1>");
71          writer.println("<p>" + "Principal  : " + principal + "</p>");
72          writer.println("<p>" + "Remote User : " + remoteUser + "</p>");
73          writer.println("<p>" + "Authentication Type : " + authType + "</p>");
74          writer.println(PAGE_FOOTER);
75          writer.close();
76      }
77  
78  }