All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class org.apache.tomcat.core.SimpleRequestSecurityProviderImpl

java.lang.Object
   |
   +----org.apache.tomcat.core.SimpleRequestSecurityProviderImpl

public class SimpleRequestSecurityProviderImpl
extends Object
implements RequestSecurityProvider
Experimental implementation of a RequestSecurityProvider, based on the org.apache.tomcat.request.SecurityCheck.MemoryRealm class. An instance of this class is set as the RequestSecurityProvider for a Context by the SecurityCheck interceptor if the Context doesn't have a RequestSecurityProvider.

Since the whole security implementation is still experimental, and the RequestSecurityProvider interface has been deprecated, this class will likely be replaced soon.

Author:
Hans Bergsten

Constructor Index

 o SimpleRequestSecurityProviderImpl(Hashtable)

Method Index

 o getUserPrincipal(Context, HttpServletRequest)
Returns a java.security.Principal object containing the name of the current authenticated user.
 o isSecure(Context, HttpServletRequest)
Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS
 o isUserInRole(Context, HttpServletRequest, String)
Returns a boolean indicating whether the authenticated user is included in the specified logical "role".

Constructors

 o SimpleRequestSecurityProviderImpl
 public SimpleRequestSecurityProviderImpl(Hashtable roles)

Methods

 o isUserInRole
 public boolean isUserInRole(Context context,
                             HttpServletRequest req,
                             String role)
Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returns false.

Parameters:
context - not used. One instance of this class is associated with one Context. The parameter is left over from a J2EE impl.
req - the request to get the current user from
role - the role name to check
Returns:
true if the user is in the role, false if not or if the request user is not authenticated
 o getUserPrincipal
 public Principal getUserPrincipal(Context context,
                                   HttpServletRequest req)
Returns a java.security.Principal object containing the name of the current authenticated user.

Parameters:
context - not used. One instance of this class is associated with one Context. The parameter is left over from a J2EE impl.
req - the request to get the current user from
Returns:
a java.security.Principal containing the name of the user making this request; null if the user has not been authenticated
 o isSecure
 public boolean isSecure(Context context,
                         HttpServletRequest req)
Returns a boolean indicating whether this request was made using a secure channel, such as HTTPS

Parameters:
context - not used. One instance of this class is associated with one Context. The parameter is left over from a J2EE impl.
req - the request
Returns:
a boolean indicating if the request was made using a secure channel

All Packages  Class Hierarchy  This Package  Previous  Next  Index