src/edu/internet2/middleware/shibboleth/utils/KerberosPrincipalFilter.java

   1 /*
   2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package edu.internet2.middleware.shibboleth.utils;
  18
  19 import java.io.IOException;
  20 import java.security.Principal;
  21
  22 import javax.servlet.Filter;
  23 import javax.servlet.FilterChain;
  24 import javax.servlet.FilterConfig;
  25 import javax.servlet.ServletException;
  26 import javax.servlet.ServletRequest;
  27 import javax.servlet.ServletResponse;
  28 import javax.servlet.http.HttpServletRequest;
  29 import javax.servlet.http.HttpServletRequestWrapper;
  30 import javax.servlet.http.HttpServletResponse;
  31
  32 import org.apache.log4j.Logger;
  33 import org.apache.log4j.MDC;
  34
  35 /**
  36  * Simple Servlet Filter that strips realm information from Kerberos authenticated container-managed security
  37  *
  38  * @author Scott Cantor
  39  */
  40 public class KerberosPrincipalFilter implements Filter {
  41
  42         private static Logger log = Logger.getLogger(KerberosPrincipalFilter.class.getName());
  43
  44         /**
  45          * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
  46          */
  47         public void init(FilterConfig config) throws ServletException {
  48
  49         }
  50
  51         /**
  52          * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
  53          *      javax.servlet.FilterChain)
  54          */
  55         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
  56                         ServletException {
  57
  58                 if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse)) {
  59                         MDC.put("serviceId", "[Kerberos Principal Filter]");
  60                         log.error("Only HTTP(s) requests are supported by the KerberosPrincipalFilter.");
  61                         return;
  62                 }
  63                 HttpServletRequest httpRequest = (HttpServletRequest) request;
  64
  65                 String name = httpRequest.getRemoteUser();
  66                 int split = name.indexOf('@');
  67                 if (split > -1) name = name.substring(0, split);
  68
  69                 chain.doFilter(new KerberosPrincipalWrapper(httpRequest, new PrincipalImpl(name)), response);
  70         }
  71
  72         /**
  73          * @see javax.servlet.Filter#destroy()
  74          */
  75         public void destroy() {
  76
  77         }
  78
  79         class KerberosPrincipalWrapper extends HttpServletRequestWrapper {
  80
  81                 Principal principal;
  82
  83                 KerberosPrincipalWrapper(HttpServletRequest request, Principal principal) {
  84
  85                         super(request);
  86                         this.principal = principal;
  87                 }
  88
  89                 /**
  90                  * @see javax.servlet.http.HttpServletRequest#getRemoteUser()
  91                  */
  92                 public String getRemoteUser() {
  93
  94                         return principal.getName();
  95                 }
  96
  97                 /**
  98                  * @see javax.servlet.http.HttpServletRequest#getUserPrincipal()
  99                  */
 100                 public Principal getUserPrincipal() {
 101
 102                         return principal;
 103                 }
 104         }
 105
 106         class PrincipalImpl implements Principal {
 107
 108                 private String name = null;
 109
 110                 PrincipalImpl(String name) {
 111
 112                         this.name = name;
 113                 }
 114
 115                 /**
 116                  * @see java.security.Principal#getName()
 117                  */
 118                 public String getName() {
 119
 120                         return name;
 121                 }
 122
 123                 /**
 124                  * @see java.lang.Object#equals(java.lang.Object)
 125                  */
 126                 public boolean equals(Object obj) {
 127
 128                         return name.equals(obj);
 129                 }
 130
 131                 /**
 132                  * @see java.lang.Object#toString()
 133                  */
 134                 public String toString() {
 135
 136                         return name;
 137                 }
 138
 139         }
 140 }