View Javadoc
1   /*
2    * JBoss, Home of Professional Open Source
3    * Copyright 2014, Red Hat, Inc. and/or its affiliates, and individual
4    * contributors by the @authors tag. See the copyright.txt in the
5    * distribution for a full listing of individual contributors.
6    *
7    * Licensed under the Apache License, Version 2.0 (the "License");
8    * you may not use this file except in compliance with the License.
9    * You may obtain a copy of the License at
10   * http://www.apache.org/licenses/LICENSE-2.0
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.jboss.as.quickstarts.servlet_security_genericheader_auth;
18  
19  import java.io.IOException;
20  import java.io.PrintWriter;
21  import java.security.Principal;
22  
23  import javax.servlet.ServletException;
24  import javax.servlet.annotation.HttpConstraint;
25  import javax.servlet.annotation.ServletSecurity;
26  import javax.servlet.annotation.WebServlet;
27  import javax.servlet.http.HttpServlet;
28  import javax.servlet.http.HttpServletRequest;
29  import javax.servlet.http.HttpServletResponse;
30  
31  import org.jboss.logging.Logger;
32  
33  /**
34   * A simple secured Servlet. Upon successful authentication and authorization
35   * the Servlet will print details of the user and authentication. Servlet
36   * security is implemented using annotations.
37   *
38   * NOTE: This simply exists as an example of a servlet secured by this code.
39   *    This servlet would not be used in an actual production situation.
40   * 
41   * @author Sherif Makary
42   * 
43   */
44  @SuppressWarnings("serial")
45  @WebServlet("/SecuredServlet")
46  @ServletSecurity(@HttpConstraint(rolesAllowed = { "guest" }))
47  public class SecuredServlet extends HttpServlet {
48  
49      private static Logger log = Logger.getLogger(SecuredServlet.class.getSimpleName());
50      
51      private static final String PARAM_UNIT_TEST = "unitTest";
52      
53      private static String PAGE_HEADER = "<html><head /><body>";
54  
55      private static String PAGE_FOOTER = "</body></html>";
56  
57      @Override
58      protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
59          PrintWriter writer = resp.getWriter();
60          
61          if ("true".equalsIgnoreCase(req.getParameter(PARAM_UNIT_TEST))) {
62              log.info("Authenticated Request Received from User: " + req.getUserPrincipal().getName());
63              resp.setContentType("text/plain");
64              writer.write("AUTHENTICATED");
65          } else {
66              Principal principal = null;
67              String authType = null;
68              String remoteUser = null;
69      
70              // Get security principal
71              principal = req.getUserPrincipal();
72              // Get user name from login principal
73              remoteUser = req.getRemoteUser();
74              // Get authentication type
75              authType = req.getAuthType();
76      
77              writer.println(PAGE_HEADER);
78              writer.println("<h1>" + "Successfully called Secured Servlet "
79                      + "</h1>");
80              writer.println("<p>" + "Principal  : " + principal.getName() + "</p>");
81              writer.println("<p>" + "Remote User : " + remoteUser + "</p>");
82              writer.println("<p>" + "Authentication Type : " + authType + "</p>");
83              writer.println(PAGE_FOOTER);
84              writer.close();
85          }
86      }
87  
88  }