org.securityfilter.filter

Class SecurityRequestWrapper

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

org.securityfilter.filter.SecurityRequestWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

public class SecurityRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

SecurityRequestWrapper

Version:

$Revision$ $Date$

Author:

Max Cooper (max@maxcooper.com), Daya Sharma (iamdaya@yahoo.com, billydaya@sbcglobal.net), Torgeir Veimo (torgeir@pobox.com)

Field Summary

Fields

Modifier and Type	Field and Description
static String	PRINCIPAL_SESSION_KEY

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor and Description
SecurityRequestWrapper(javax.servlet.http.HttpServletRequest request, SavedRequest savedRequest, SecurityRealmInterface realm, String authType) Construct a new SecurityRequestWrapper.

Method Summary

Modifier and Type	Method and Description
String	getAuthType() Returns the auth type (e.g.
javax.servlet.http.HttpServletRequest	getCurrentRequest() Get the original HttpServletRequest object.
javax.servlet.ServletInputStream	getInputStream() This method is provided to restore functionality of this method in case the wrapper class we are extending has disabled it.
String	getMatchableURL() Get a URL that can be matched against security URL patterns.
String	getMethod() Returns the HTTP method used to make this request.
String	getParameter(String s) Get a parameter value by name.
Map	getParameterMap() Get a map of parameter values for this request.
Enumeration	getParameterNames() Get an enumeration of paramaeter names for this request.
String[]	getParameterValues(String s) Get an array of values for a parameter.
String	getRemoteUser() Get the remote user's login name
Principal	getUserPrincipal() Get a Principal object for the current user.
boolean	isUserInRole(String role) Check if a user is in a role.
void	setRequest(javax.servlet.ServletRequest request) Set the request that is to be wrapped.
void	setUserPrincipal(Principal principal) Set the username of the current user.

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid

Methods inherited from class javax.servlet.ServletRequestWrapper

getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding

Field Detail

PRINCIPAL_SESSION_KEY

public static final String PRINCIPAL_SESSION_KEY

Constructor Detail

SecurityRequestWrapper

public SecurityRequestWrapper(javax.servlet.http.HttpServletRequest request,
                              SavedRequest savedRequest,
                              SecurityRealmInterface realm,
                              String authType)

Construct a new SecurityRequestWrapper.

Parameters:

request - the request to wrap

realm - the SecurityRealmInterface implementation

savedRequest - SavedRequest (usually null, unless this is the request that invoked the authorization sequence)

Method Detail

getCurrentRequest

public javax.servlet.http.HttpServletRequest getCurrentRequest()

Get the original HttpServletRequest object.

getParameter

public String getParameter(String s)

Get a parameter value by name. If multiple values are available, the first value is returned.

Specified by:

getParameter in interface javax.servlet.ServletRequest

Overrides:

getParameter in class javax.servlet.ServletRequestWrapper

Parameters:

s - parameter name

getParameterMap

public Map getParameterMap()

Get a map of parameter values for this request.

Specified by:

getParameterMap in interface javax.servlet.ServletRequest

Overrides:

getParameterMap in class javax.servlet.ServletRequestWrapper

getParameterNames

public Enumeration getParameterNames()

Get an enumeration of paramaeter names for this request.

Specified by:

getParameterNames in interface javax.servlet.ServletRequest

Overrides:

getParameterNames in class javax.servlet.ServletRequestWrapper

getParameterValues

public String[] getParameterValues(String s)

Get an array of values for a parameter.

Specified by:

getParameterValues in interface javax.servlet.ServletRequest

Overrides:

getParameterValues in class javax.servlet.ServletRequestWrapper

Parameters:

s - parameter name

setRequest

public void setRequest(javax.servlet.ServletRequest request)

Set the request that is to be wrapped.

Overrides:

setRequest in class javax.servlet.ServletRequestWrapper

Parameters:

request - wrap this request

isUserInRole

public boolean isUserInRole(String role)

Check if a user is in a role.

Specified by:

isUserInRole in interface javax.servlet.http.HttpServletRequest

Overrides:

isUserInRole in class javax.servlet.http.HttpServletRequestWrapper

Parameters:

role - name of role to check

getRemoteUser

public String getRemoteUser()

Get the remote user's login name

Specified by:

getRemoteUser in interface javax.servlet.http.HttpServletRequest

Overrides:

getRemoteUser in class javax.servlet.http.HttpServletRequestWrapper

getUserPrincipal

public Principal getUserPrincipal()

Get a Principal object for the current user.

Specified by:

getUserPrincipal in interface javax.servlet.http.HttpServletRequest

Overrides:

getUserPrincipal in class javax.servlet.http.HttpServletRequestWrapper

getInputStream

public javax.servlet.ServletInputStream getInputStream()
                                                throws IOException

This method is provided to restore functionality of this method in case the wrapper class we are extending has disabled it. This method is needed to process multi-part requests downstream, and it appears that some wrapper implementations just return null. WebLogic 6.1.2.0 is one such implementation.

Specified by:

getInputStream in interface javax.servlet.ServletRequest

Overrides:

getInputStream in class javax.servlet.ServletRequestWrapper

Throws:

IOException

setUserPrincipal

public void setUserPrincipal(Principal principal)

Set the username of the current user. WARNING: Calling this method will set the user for this session -- authenticate the user before calling this method.

Parameters:

principal - the user Principal object

getAuthType

public String getAuthType()

Returns the auth type (e.g. FORM, BASIC, etc.).

Specified by:

getAuthType in interface javax.servlet.http.HttpServletRequest

Overrides:

getAuthType in class javax.servlet.http.HttpServletRequestWrapper

getMethod

public String getMethod()

Returns the HTTP method used to make this request. If the savedRequest is non-null, the HTTP method of the saved request will be returned.

Specified by:

getMethod in interface javax.servlet.http.HttpServletRequest

Overrides:

getMethod in class javax.servlet.http.HttpServletRequestWrapper

getMatchableURL

public String getMatchableURL()

Get a URL that can be matched against security URL patterns. This is the part after the contextPath, with the pathInfo, but without the query string. http://server:8080/contextPath/someURL.jsp?param=value becomes /someURL.jsp