public class HttpSecurityServletRequest
extends javax.servlet.http.HttpServletRequestWrapper
HttpSecurityService
. This class is public to allow the developer to access the underlying SecurityProvider
from within a Servlet or JSP and in turn all of the functionality that is offered by it.
For example, assuming the NtlmSecurityProvider was used to authenticate clients, the SID of the authenticated user may be retrieved using the getSecurityProvider()
method as illustrated by the following JSP fragment:
<%@ page import="jespa.http.HttpSecurityServletRequest" %> <%@ page import="jespa.ntlm.NtlmSecurityProvider" %> <%@ page import="jespa.security.Account" %> <% HttpSecurityServletRequest req = (HttpSecurityServletRequest)request; NtlmSecurityProvider provider = (NtlmSecurityProvider)req.getSecurityProvider(); Account account = provider.getAccount(null, null); out.println("objectSid: " + account.get("objectSid")); // output: // objectSid: S-1-5-21-2779991729-652803122-3494501911-13031 %>
The names and value types of Account
attributes are specific to the SecurityProvider from which it was acquired. See the NtlmSecurityProvider.getAccount(java.lang.String, java.lang.String[])
documentation for a description of Account attributes supported by the NTLM security provider.
Constructor and Description |
---|
HttpSecurityServletRequest(javax.servlet.http.HttpServletRequest req,
HttpSecurityService service,
SecurityProvider provider) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getAuthType()
If the NtlmSecurityProvider was used to authenticate this request, this method returns "NTLM".
|
java.lang.String |
getRemoteUser()
Return the canonicalized username of the authenticated user.
|
SecurityProvider |
getSecurityProvider()
Return the SecurityProvider used to authenticate the user.
|
java.security.Principal |
getUserPrincipal()
Returns an instance of
SecurityPrincipal . |
boolean |
isUserInRole(java.lang.String role)
Returns true if the authenticated user is in the supplied Windows group or if the name refers to their own account name.
|
authenticate, getContextPath, getCookies, getDateHeader, getHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, login, logout
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
public HttpSecurityServletRequest(javax.servlet.http.HttpServletRequest req, HttpSecurityService service, SecurityProvider provider)
public SecurityProvider getSecurityProvider()
public java.lang.String getAuthType()
getAuthType
in interface javax.servlet.http.HttpServletRequest
getAuthType
in class javax.servlet.http.HttpServletRequestWrapper
public java.lang.String getRemoteUser()
HttpSecurityService
to specify how account names should be canonicalized (such as alice@exmaple.com as opposed to EXAMPLE\alice or just alice).getRemoteUser
in interface javax.servlet.http.HttpServletRequest
getRemoteUser
in class javax.servlet.http.HttpServletRequestWrapper
public java.security.Principal getUserPrincipal()
SecurityPrincipal
. The name of the principal will be canonicalized as specified by the jespa.account.canonicalForm init-param.getUserPrincipal
in interface javax.servlet.http.HttpServletRequest
getUserPrincipal
in class javax.servlet.http.HttpServletRequestWrapper
public boolean isUserInRole(java.lang.String role)
Windows group names (and account names) should be qualified with either a DNS or NetBIOS domain such as EXAMPLE\Domain Users or example.com\Domain Users or alice@EXAMPLE.COM. If the name is not qualified with a domain, a default domain will be chosen which could yield ambiguous results in a multi-domain environment.
Note that these access checks are fast when the supplied name can be resolved. If the name cannot be resolved, noticable delays may occur. For example, if domain of the name is invalid or is not accessible, a delay of several seconds may occur and the result may be unexpectedly false.
isUserInRole
in interface javax.servlet.http.HttpServletRequest
isUserInRole
in class javax.servlet.http.HttpServletRequestWrapper