20e64df104f617cbb4bf45dbad01acae89d1823f
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / utils / KerberosPrincipalFilter.java
1 /*
2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package edu.internet2.middleware.shibboleth.utils;
18
19 import java.io.IOException;
20 import java.security.Principal;
21
22 import javax.servlet.Filter;
23 import javax.servlet.FilterChain;
24 import javax.servlet.FilterConfig;
25 import javax.servlet.ServletException;
26 import javax.servlet.ServletRequest;
27 import javax.servlet.ServletResponse;
28 import javax.servlet.http.HttpServletRequest;
29 import javax.servlet.http.HttpServletRequestWrapper;
30 import javax.servlet.http.HttpServletResponse;
31
32 import org.apache.log4j.Logger;
33 import org.apache.log4j.MDC;
34
35 /**
36  * Simple Servlet Filter that strips realm information from Kerberos authenticated container-managed security
37  * 
38  * @author Scott Cantor
39  */
40 public class KerberosPrincipalFilter implements Filter {
41
42         private static Logger log = Logger.getLogger(KerberosPrincipalFilter.class.getName());
43
44         /**
45          * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
46          */
47         public void init(FilterConfig config) throws ServletException {
48
49         }
50
51         /**
52          * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
53          *      javax.servlet.FilterChain)
54          */
55         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
56                         ServletException {
57
58                 if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
59                         MDC.put("serviceId", "[Kerberos Principal Filter]");
60                         log.error("Only HTTP(s) requests are supported by the KerberosPrincipalFilter.");
61                         return;
62                 }
63                 HttpServletRequest httpRequest = (HttpServletRequest) request;
64
65                 String name = httpRequest.getRemoteUser();
66                 if (name != null) {
67                         int split = name.indexOf('@');
68                         if (split > -1) {
69                                 name = name.substring(0, split);
70                                 chain.doFilter(new KerberosPrincipalWrapper(httpRequest, new PrincipalImpl(name)), response);
71                                 return;
72                         }
73                 }
74                 chain.doFilter(request, response);
75         }
76
77         /**
78          * @see javax.servlet.Filter#destroy()
79          */
80         public void destroy() {
81
82         }
83
84         class KerberosPrincipalWrapper extends HttpServletRequestWrapper {
85
86                 Principal principal;
87
88                 KerberosPrincipalWrapper(HttpServletRequest request, Principal principal) {
89
90                         super(request);
91                         this.principal = principal;
92                 }
93
94                 /**
95                  * @see javax.servlet.http.HttpServletRequest#getRemoteUser()
96                  */
97                 public String getRemoteUser() {
98
99                         return principal.getName();
100                 }
101
102                 /**
103                  * @see javax.servlet.http.HttpServletRequest#getUserPrincipal()
104                  */
105                 public Principal getUserPrincipal() {
106
107                         return principal;
108                 }
109         }
110
111         class PrincipalImpl implements Principal {
112
113                 private String name = null;
114
115                 PrincipalImpl(String name) {
116
117                         this.name = name;
118                 }
119
120                 /**
121                  * @see java.security.Principal#getName()
122                  */
123                 public String getName() {
124
125                         return name;
126                 }
127
128                 /**
129                  * @see java.lang.Object#equals(java.lang.Object)
130                  */
131                 public boolean equals(Object obj) {
132
133                         return name.equals(obj);
134                 }
135
136                 /**
137                  * @see java.lang.Object#toString()
138                  */
139                 public String toString() {
140
141                         return name;
142                 }
143
144         }
145 }