org.apache.tomcat.core
Class SimpleRequestSecurityProviderImpl
java.lang.Object
|
+--org.apache.tomcat.core.SimpleRequestSecurityProviderImpl
- public class SimpleRequestSecurityProviderImpl
- extends java.lang.Object
- implements RequestSecurityProvider
Experimental implementation of a RequestSecurityProvider, based
on the org.apache.tomcat.request.SecurityCheck.MemoryRealm class.
An instance of this class is set as the RequestSecurityProvider for
a Context by the SecurityCheck interceptor if the Context doesn't
have a RequestSecurityProvider.
Since the whole security implementation is still experimental,
and the RequestSecurityProvider interface has been deprecated, this
class will likely be replaced soon.
- Author:
- Hans Bergsten
|
Method Summary |
java.security.Principal |
getUserPrincipal(Context context,
javax.servlet.http.HttpServletRequest req)
Returns a java.security.Principal object containing the name of
the current authenticated user. |
boolean |
isSecure(Context context,
javax.servlet.http.HttpServletRequest req)
Returns a boolean indicating whether this request was made
using a secure channel, such as HTTPS |
boolean |
isUserInRole(Context context,
javax.servlet.http.HttpServletRequest req,
java.lang.String role)
Returns a boolean indicating whether the authenticated user
is included in the specified logical "role". |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
SimpleRequestSecurityProviderImpl
public SimpleRequestSecurityProviderImpl(java.util.Hashtable roles)
isUserInRole
public boolean isUserInRole(Context context,
javax.servlet.http.HttpServletRequest req,
java.lang.String role)
- Returns a boolean indicating whether the authenticated user
is included in the specified logical "role". Roles and role
membership can be defined using deployment descriptors. If
the user has not been authenticated, the method returns false.
- Specified by:
- isUserInRole in interface RequestSecurityProvider
- Parameters:
context - not used. One instance of this class is associated
with one Context. The parameter is left over from a J2EE impl.req - the request to get the current user fromrole - the role name to check- Returns:
- true if the user is in the role, false if not or if the
request user is not authenticated
getUserPrincipal
public java.security.Principal getUserPrincipal(Context context,
javax.servlet.http.HttpServletRequest req)
- Returns a java.security.Principal object containing the name of
the current authenticated user.
- Specified by:
- getUserPrincipal in interface RequestSecurityProvider
- Parameters:
context - not used. One instance of this class is associated
with one Context. The parameter is left over from a J2EE impl.req - the request to get the current user from- Returns:
- a java.security.Principal containing the name of the
user making this request; null if the user has not been
authenticated
isSecure
public boolean isSecure(Context context,
javax.servlet.http.HttpServletRequest req)
- Returns a boolean indicating whether this request was made
using a secure channel, such as HTTPS
- Specified by:
- isSecure in interface RequestSecurityProvider
- Parameters:
context - not used. One instance of this class is associated
with one Context. The parameter is left over from a J2EE impl.req - the request- Returns:
- a boolean indicating if the request was made using
a secure channel
Copyright © 2000 Apache Software Foundation. All Rights Reserved.