DeadboltHandler xref

View Javadoc

1   /*--
2    Copyright (C) 2005 Tim Solley.
3    All rights reserved.
4   
5    Redistribution and use in source and binary forms, with or without
6    modification, are permitted provided that the following conditions
7    are met:
8   
9    1. Redistributions of source code must retain the above copyright
10   notice, this list of conditions, and the following disclaimer.
11  
12   2. Redistributions in binary form must reproduce the above copyright
13   notice, this list of conditions, and the disclaimer that follows
14   these conditions in the documentation and/or other materials
15   provided with the distribution.
16  
17   3. The name "Deadbolt" may be used to endorse or promote products
18   derived from this software without prior written permission.
19  
20   4. Products derived from this software may not be called "Deadbolt", nor
21   may "Deadbolt" appear in their name, without prior written permission
22   from the Deadbolt Project Management timsolley@yahoo.com.
23  
24   In addition, we request (but do not require) that you include in the
25   end-user documentation provided with the redistribution and/or in the
26   software itself an acknowledgement equivalent to the following:
27   "This product includes software developed by the
28   Deadbolt Project (http://deadbolt.sourceforge.net/)."
29   Alternatively, the acknowledgment may be graphical using the logos
30   available at http://deadbolt.sourceforge.net.
31  
32   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
33   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
34   OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
35   DISCLAIMED.  IN NO EVENT SHALL THE DEADBOLT AUTHORS OR THE PROJECT
36   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
37   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
38   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
39   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
40   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
41   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
42   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43   SUCH DAMAGE.
44  
45   This software consists of voluntary contributions made by many
46   individuals on behalf of the Deadbolt Project and was originally
47   created by Tim Solley timsolley@yahoo.com.  For more information
48   on the Deadbolt Project, please see <http://deadbolt.sourceforge.net/>.
49   */
50  
51  package net.sf.deadbolt.handlers;
52  
53  import java.util.ArrayList;
54  import java.util.List;
55  import java.util.Map;
56  
57  import javax.servlet.http.HttpServletRequest;
58  import javax.servlet.http.HttpServletResponse;
59  
60  import net.sf.deadbolt.DeadboltEnvironment;
61  import net.sf.deadbolt.DeadboltFilter;
62  import net.sf.deadbolt.model.Room;
63  
64  import org.apache.log4j.Logger;
65  
66  /***
67   * This is the base class that all handlers extend from. The handler that you
68   * write only needs to override the <code>authenticate</code> method that will
69   * be called when a resource is requested that is protected by a room with your
70   * handler defined.
71   * 
72   * @author Tim Solley <timsolley@yahoo.com>
73   */
74  public abstract class DeadboltHandler {
75      private static Logger logger = Logger.getLogger(DeadboltHandler.class.getName());
76  
77      /***
78       * This method is the main body of the handler, which will tell the
79       * framework whether to let the user in or not. You can do whatever you like
80       * in this method, such as checking a user's digital certificate, checking
81       * LDAP, checking user information stored in the session, or even checking a
82       * database. Other uses might be for logging or statistical purposes.
83       * 
84       * Handlers can be chained in Deadbolt, as specified in the
85       * deadbolt-config.xml file. It's important to remember that if you're
86       * chaining handlers, and one handler depends on information obtained in the
87       * previous handler, that the previous handler should put this information
88       * in a well known place, such as in the HttpServletRequest.
89       * 
90       * @param request
91       * @param response
92       * @return Whether to let the user pass this handler or not.
93       */
94      public abstract boolean authenticate(HttpServletRequest request,
95              HttpServletResponse response, Room room);
96  
97      /***
98       * This method will add an error to the request, which can later be used by
99       * the <code>DisplayErrorsTag</code> custom tag in a JSP error page.
100      * 
101      * In a user defined handler, just call this method, passing in the request
102      * and a error key, as defined in the deadbolt-config.xml file. This will
103      * put the actual text of the error message in the request for the JSP page.
104      * 
105      * It's important for a developer writing a handler to make sure that the
106      * spelling of the error key is correct. If not, then no message will be
107      * found.
108      * 
109      * @param request
110      * @param errorKey
111      */
112     public void addErrorKey(HttpServletRequest request, String errorKey) {
113         logger.info("ENTERING: addError");
114         // Get the collection of error messages that pertain to the application
115         Map errors = DeadboltFilter.getErrorMessages();
116         // Get the actual error message based on the key
117         String errorMessage = (String) errors.get(errorKey);
118         if (errorMessage == null) {
119             logger.warn("The error key: " + errorKey
120                     + " was not found!  Check your deadbolt-config.xml file.");
121         } else {
122             addErrorMessage(request, errorMessage);
123         }
124         logger.info("EXITING: addError");
125     }
126 
127     /***
128      * This method does the same thing as the <code>addError</code> method,
129      * but takes in a <code>List</code> as a parameter. This <code>List</code>
130      * must contain only <code>String</code> objects.
131      * 
132      * @param request
133      * @param errors
134      *            A List of errors
135      */
136     public void addErrors(HttpServletRequest request, List errors) {
137         logger.info("ENTERING: addErrors");
138 
139         if (request.getAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY) == null) {
140             request.setAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY,
141                     new ArrayList());
142         }
143         ((List) request.getAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY))
144                 .addAll(errors);
145 
146         logger.info("EXITING: addErrors");
147     }
148     
149     /***
150      * This method adds an error message without the need for a key.  This is
151      * mostly used internally for one off messages.
152      * 
153      * @param request
154      * @param errorMessage
155      */
156     public void addErrorMessage(HttpServletRequest request, String errorMessage) {
157         /*
158          * If this is the first time an error has been added during this
159          * request, we'll need to create an attribute in the request object. *
160          */
161         if (request.getAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY) == null) {
162             request.setAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY,
163                     new ArrayList());
164         }
165         // Add the error to the list in the request
166         ((List) request.getAttribute(DeadboltEnvironment.GLOBAL_ERROR_KEY))
167                 .add(errorMessage);
168     }
169 }