Examples of org.apache.catalina.connector.Request

• org.apache.catalina.connector.Request
  Wrapper object for the Coyote request. @author Remy Maucherat @author Craig R. McClanahan @version $Revision: 901 $ $Date: 2009-01-15 10:49:36 -0500 (Thu, 15 Jan 2009) $

        boolean event = false;

        // Get the request facade object
        RequestFacade requestFacade = null;
        if (request instanceof Request) {
            Request coreRequest = (Request) request;
            event = coreRequest.isEventMode();
            requestFacade = (RequestFacade) coreRequest.getRequest();
        } else {
            ServletRequest current = request;
            while (current != null) {
                // If we run into the container request we are done
                if (current instanceof RequestFacade) {

    public boolean hasRole(Principal principal, String role) {
        boolean authzDecision = true;
        boolean baseDecision = super.hasRole(principal, role);
        // if the RealmBase check has passed, then we can go to authz framework
        if (baseDecision && useJBossAuthorization) {
            Request request = SecurityContextAssociationValve.getActiveRequest();
            String servletName = null;
            Wrapper servlet = request.getWrapper();
            if (servlet != null) {
                servletName = getServletName(servlet);
            }
            if (servletName == null)
                throw new IllegalStateException("servletName is null");

        return webMetaData;
    }

    public static void invokeRequest(Manager manager, RequestHandler handler, String sessionId) throws ServletException, IOException {
        Valve valve = setupPipeline(manager, handler);
        Request request = setupRequest(manager, sessionId);
        invokeRequest(valve, request);
    }

   public boolean hasRole(Principal principal, String role)
   {
      String servletName = null;
      //WebProgrammaticAuthentication does not go through hasResourcePermission
      //and hence the activeRequest thread local may not be set
      Request req = (Request) SecurityAssociationValve.activeRequest.get();
      Wrapper servlet = req.getWrapper();
      if (servlet != null)
      {
         servletName = getServletName(servlet);
      }

        @Override
        public void run() {
            try {
                BasicRequestHandler getHandler = new BasicRequestHandler(attributeKeys, false);
                concurrentHandler.registerHandler(getHandler);
                Request request = SessionTestUtil.setupRequest(manager, sessionId);
                startingGun.countDown();
                startingGun.await();

                SessionTestUtil.invokeRequest(pipelineHead, request);
                this.checkedAttributes = getHandler.getCheckedAttributes();

    }

    @Override
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
            throws AuthException {
        Request request = (Request) messageInfo.getRequestMessage();
        Response response = (Response) messageInfo.getResponseMessage();

        Principal principal;
        context = request.getContext();

        X509Certificate[] certs = (X509Certificate[]) request.getAttribute(CERTIFICATES_ATTR);
        if ((certs == null) || (certs.length < 1)) {
            request.getCoyoteRequest().action(ActionCode.ACTION_REQ_SSL_CERTIFICATE, null);
            certs = (X509Certificate[]) request.getAttribute(CERTIFICATES_ATTR);
        }
        if ((certs == null) || (certs.length < 1)) {
            WebLogger.WEB_SECURITY_LOGGER.debugf("No certificates included with this request");
            try {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, sm.getString("authenticator.certificates"));

    @Override
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
            throws AuthException {

        Request request = (Request) messageInfo.getRequestMessage();
        Response response = (Response) messageInfo.getResponseMessage();

        Principal principal;
        context = request.getContext();
        LoginConfig config = context.getLoginConfig();

        // references to objects we will need later.
        Session session = null;

        // lets find out if the cache is enabled or not.
        cache = Boolean.valueOf((String) messageInfo.getMap().get("CACHE"));

        // have we authenticated this user before but have caching disabled?
        if (!cache) {
            session = request.getSessionInternal(true);
            WebLogger.WEB_SECURITY_LOGGER.debugf("Checking for reauthenticate in session %s", session.getIdInternal());
            String username = (String) session.getNote(Constants.SESS_USERNAME_NOTE);
            String password = (String) session.getNote(Constants.SESS_PASSWORD_NOTE);
            if ((username != null) && (password != null)) {
                WebLogger.WEB_SECURITY_LOGGER.debugf("Reauthenticating username '%s'", username);
                principal = context.getRealm().authenticate(username, password);
                if (principal != null) {
                    session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
                    if (!matchRequest(request)) {
                        registerWithCallbackHandler(principal, username, password);
                        return AuthStatus.SUCCESS;
                    }
                }
                WebLogger.WEB_SECURITY_LOGGER.tracef("Reauthentication failed, proceed normally");
            }
        }

        // is this the re-submit of the original request URI after successful authentication?  If so, forward the *original* request instead.
        if (matchRequest(request)) {
            session = request.getSessionInternal(true);
            WebLogger.WEB_SECURITY_LOGGER.tracef("Restore request from session '%s'", session.getIdInternal());
            principal = (Principal) session.getNote(Constants.FORM_PRINCIPAL_NOTE);

            registerWithCallbackHandler(principal,
                    (String) session.getNote(Constants.SESS_USERNAME_NOTE),
                    (String) session.getNote(Constants.SESS_PASSWORD_NOTE));

            // if we're caching principals we no longer need the username and password in the session, so remove them.
            if (cache) {
                session.removeNote(Constants.SESS_USERNAME_NOTE);
                session.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
            if (restoreRequest(request, session)) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("Proceed to restored request");
                return (AuthStatus.SUCCESS);
            } else {
                WebLogger.WEB_SECURITY_LOGGER.tracef("Restore of original request failed");

                try {
                    response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                } catch (IOException e) {
                 // Ignore IOException here (client disconnect)
                }
                return AuthStatus.FAILURE;
            }
        }

        // acquire references to objects we will need to evaluate.
        MessageBytes uriMB = MessageBytes.newInstance();
        CharChunk uriCC = uriMB.getCharChunk();
        uriCC.setLimit(-1);
        String contextPath = request.getContextPath();
        String requestURI = request.getDecodedRequestURI();

        // is this the action request from the login page?
        boolean loginAction = requestURI.startsWith(contextPath) && requestURI.endsWith(Constants.FORM_ACTION);

        // no - save this request and redirect to the form login page.
        if (!loginAction) {
            session = request.getSessionInternal(true);
            WebLogger.WEB_SECURITY_LOGGER.tracef("Save request in session '%s'", session.getIdInternal());
            try {
                saveRequest(request, session);
            } catch (IOException ioe) {
                WebLogger.WEB_SECURITY_LOGGER.tracef("Request body too big to save during authentication");
                try {
                    response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("authenticator.requestBodyTooBig"));
                } catch (IOException e) {
                 // Ignore IOException here (client disconnect)
                    throw new AuthException(e.getLocalizedMessage());
                }
                return (AuthStatus.FAILURE);
            }
            forwardToLoginPage(request, response, config);
            return (AuthStatus.SEND_CONTINUE);
        }

        // yes - validate the specified credentials and redirect to the error page if they are not correct
        Realm realm = context.getRealm();
        String characterEncoding = request.getCharacterEncoding();
        if (characterEncoding != null) {
            try {
                request.setCharacterEncoding(characterEncoding);
            } catch (UnsupportedEncodingException e) {
                WebLogger.WEB_SECURITY_LOGGER.unsupportedEncoding(e.getLocalizedMessage());
            }
        }
        String username = request.getParameter(Constants.FORM_USERNAME);
        String password = request.getParameter(Constants.FORM_PASSWORD);

        WebLogger.WEB_SECURITY_LOGGER.tracef("Authenticating username '%s'", username);
        principal = realm.authenticate(username, password);
        if (principal == null) {
            forwardToErrorPage(request, response, config);
            return (AuthStatus.FAILURE);
        }

        WebLogger.WEB_SECURITY_LOGGER.tracef("Authentication of '%s' was successful", username);
        if (session == null)
            session = request.getSessionInternal(false);
        if (session == null) {
            WebLogger.WEB_SECURITY_LOGGER.tracef("User took so long to log on the session expired");
            try {
                response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString("authenticator.sessionExpired"));
            } catch (IOException e) {

    * @return Authenticated User Principal
    */
   public boolean login(X509Certificate[] certs)
   {
      //Get the active request
      Request request = SecurityAssociationValve.activeRequest.get();
      if (request == null)
         throw new IllegalStateException("request is null");
      Principal p = request.getContext().getRealm().authenticate(certs);
      if (p != null)
      {
         register(request, p, null, null);
      }
      return p != null;

    * @throws NamingException
    */
   public boolean login(String username, Object credential)
   {
      //Get the active request
      Request request = SecurityAssociationValve.activeRequest.get();
      if (request == null)
         throw new IllegalStateException("request is null");

      Principal p = null;
      if (credential instanceof String)
      {
         p = request.getContext().getRealm().authenticate(username, (String) credential);
      }
      else if (credential instanceof byte[])
      {
         p = request.getContext().getRealm().authenticate(username, (byte[]) credential);
      }
      if (p != null)
      {
         register(request, p, username, credential);
      }

    *
    */
   public void logout()
   {
      //Get the active request
      Request request = SecurityAssociationValve.activeRequest.get();
      if (request == null)
         throw new IllegalStateException("request is null");
      unregister(request);
   }