uk.ac.ed.epcc.webapp.servlet

Class DefaultServletService

java.lang.Object

uk.ac.ed.epcc.webapp.servlet.DefaultServletService

All Implemented Interfaces:

AppContextCleanup, AppContextService<ServletService>, Contexed, ServletService

Direct Known Subclasses:

MultiPartServletService, Servlet3MultiPartServletService

public class DefaultServletService
extends java.lang.Object
implements ServletService

A default implementation for ServletService for a HTTP servlet application. This class implements the following strategy for extracting a user from a HTTP request If the the feature EXTERNAL_AUTH_ONLY_FEATURE is defined then web-names will be used to resolve the current user for all URLs (even if not true then a explicit authentication servlet can set session in this way, which is the normal mechanism if external and password authentication is needed). web-names can be taken from the REMOTE_USER or user certificate DN if present.

If the parameter basic_auth.realm is defined then missing authentication will trigger HTTP Basic auth with the specified realm (obviously the login factory needs to contain a PasswordAuthComposite for this to succeed.

Note that as this parameter can be set for specific servlets via serlvet init-parameters. This can be used to replace the custom login page entirely if set globally but should probably not be done unless this is the only authentication mechanism. On the other hand it is a good choice for servlets that take form posts and urls where the credentials should be remembered by the browser

Failing the above authentication failure will redirect to the login page.

Field Summary

Fields

Modifier and Type	Field and Description
static Feature	ALLOW_EXTERNAL_AUTH_FEATURE Feature to allow external auth logins if a webname is present.
static Feature	ALLOW_INSECURE
static java.lang.String	ARG_TERRMINATOR
static java.lang.String	BASIC_AUTH_REALM_PARAM
protected AppContext	conn
static Feature	EXTERNAL_AUTH_ONLY_FEATURE Feature to require external auth logins for all sessions.
static Feature	EXTERNAL_AUTH_VIA_LOGIN_FEATURE
static Feature	NEED_CERTIFICATE_FEATURE
static java.lang.String	PARAMS_KEY_NAME
static Feature	REDIRECT_TO_LOGIN_FEATURE

Fields inherited from interface uk.ac.ed.epcc.webapp.servlet.ServletService

DEFAULT_PAYLOAD_PARAM

Constructor Summary

Constructors

Constructor and Description
DefaultServletService(AppContext conn, ServletContext ctx, ServletRequest req, ServletResponse res)

Method Summary

Modifier and Type	Method and Description
void	addCookie(Cookie c)
void	addErrorProps(java.util.Map props) Add additional information about the request to the properties of a debugging error report email.
void	cleanup() AppContext is being closed.
protected static java.lang.String	decode(java.lang.String base64)
java.lang.String	defaultCharset() Return the default charset we want to use.
java.lang.String	encodePage() request page when ServletAppContext was created.
java.lang.String	encodeURL(java.lang.String url) Add the context path to a url path
void	forward(java.lang.String url) Forward request to a different page.
java.util.LinkedList<java.lang.String>	getArgs() Get the ServletPath as a list of strings A path element of "-" terminates the list.
java.lang.Iterable<java.lang.String>	getAttributeNames()
AppContext	getContext()
java.util.Map<java.lang.String,java.lang.Object>	getParams() Extract a Map of the request parameters from the request.
HttpServletRequest	getRequest()
java.lang.Object	getRequestAttribute(java.lang.String name) Retrieve an object from the current request.
HttpSession	getSession()
HttpSession	getSession(boolean make_session)
java.lang.Class<? super ServletService>	getType() Returns the type of service the class should be registered under.
java.lang.String	getWebName() get the authenticated name for the current user as provided by the web-server/container authorisation layer.
boolean	isComitted() Has the response been comitted.
void	logout(boolean remove_cookie) invalidate the servlet session and optionally remove the session cookie.
java.util.Map<java.lang.String,java.lang.Object>	makeParams(HttpServletRequest req) create a Map of request parameters from scratch.
void	message(java.lang.String message, java.lang.Object... args)
void	noCache() Identify the current request as containing sensative data that should not be cached.
<A extends AppUser> void	populateSession(SessionService<A> sess) Populate a session automatically using information from the request.
void	redirect(java.lang.String url) Redirect request to a different page.
void	redirect(java.net.URI url) Redirect to an external URI This is intended for external URLs so session is never encoded
<A extends AppUser> void	requestAuthentication(SessionService<A> sess) Authentication is required for this request but credentials are not available.
<A extends AppUser> void	requestLogin(SessionService<A> sess, java.lang.String page) Go to the login page to request a login.
void	setRequestAttribute(java.lang.String name, java.lang.Object value) Store an object in the current request
void	setTimeout(int seconds) Set an inactivity timeout if supported
boolean	supportsMime(java.lang.String type) Is the specified mime-type supported by the client.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface uk.ac.ed.epcc.webapp.servlet.ServletService

getStreamParam, getTextParameter

Field Detail

BASIC_AUTH_REALM_PARAM

public static final java.lang.String BASIC_AUTH_REALM_PARAM

See Also:

Constant Field Values

NEED_CERTIFICATE_FEATURE

public static final Feature NEED_CERTIFICATE_FEATURE

PARAMS_KEY_NAME

public static final java.lang.String PARAMS_KEY_NAME

See Also:

Constant Field Values

ARG_TERRMINATOR

public static final java.lang.String ARG_TERRMINATOR

See Also:

Constant Field Values

conn

protected final AppContext conn

ALLOW_EXTERNAL_AUTH_FEATURE

public static final Feature ALLOW_EXTERNAL_AUTH_FEATURE

Feature to allow external auth logins if a webname is present. As this applies to all locations only a single default realm can be used.

EXTERNAL_AUTH_ONLY_FEATURE

public static final Feature EXTERNAL_AUTH_ONLY_FEATURE

Feature to require external auth logins for all sessions.

EXTERNAL_AUTH_VIA_LOGIN_FEATURE

public static final Feature EXTERNAL_AUTH_VIA_LOGIN_FEATURE

ALLOW_INSECURE

public static final Feature ALLOW_INSECURE

REDIRECT_TO_LOGIN_FEATURE

public static final Feature REDIRECT_TO_LOGIN_FEATURE

Constructor Detail

DefaultServletService

public DefaultServletService(AppContext conn,
                             ServletContext ctx,
                             ServletRequest req,
                             ServletResponse res)

Method Detail

defaultCharset

public java.lang.String defaultCharset()

Description copied from interface: ServletService

Return the default charset we want to use.

Specified by:

defaultCharset in interface ServletService

Returns:

cleanup

public void cleanup()

Description copied from interface: AppContextCleanup

AppContext is being closed. Only use this for cleanup that can't be handled by normal garbage collection or for state which is never returned by reference.

Specified by:

cleanup in interface AppContextCleanup

getType

public java.lang.Class<? super ServletService> getType()

Description copied from interface: AppContextService

Returns the type of service the class should be registered under.

Specified by:

getType in interface AppContextService<ServletService>

Returns:

registration type

encodePage

public java.lang.String encodePage()

request page when ServletAppContext was created. This uses a cached request object because the request URL will be re-written if the request is forwarded to a different servlet/jsp.

Specified by:

encodePage in interface ServletService

Returns:

String URL

encodeURL

public java.lang.String encodeURL(java.lang.String url)

Add the context path to a url path

Specified by:

encodeURL in interface ServletService

Parameters:

url -

Returns:

String

forward

public void forward(java.lang.String url)
             throws ServletException,
                    java.io.IOException

Forward request to a different page.

Specified by:

forward in interface ServletService

Parameters:

url - String page to forward to

Throws:

ServletException

java.io.IOException

redirect

public void redirect(java.lang.String url)
              throws java.io.IOException

Description copied from interface: ServletService

Redirect request to a different page.

Specified by:

redirect in interface ServletService

Parameters:

url - String page to forward to relative to the context path

Throws:

java.io.IOException

redirect

public void redirect(java.net.URI url)
              throws java.io.IOException

Description copied from interface: ServletService

Redirect to an external URI This is intended for external URLs so session is never encoded

Specified by:

redirect in interface ServletService

Throws:

java.io.IOException

message

public void message(java.lang.String message,
                    java.lang.Object... args)
             throws java.io.IOException,
                    ServletException

Throws:

java.io.IOException

ServletException

getParams

public java.util.Map<java.lang.String,java.lang.Object> getParams()

Extract a Map of the request parameters from the request. This is made a method on the ServletAppContext to allow access to logging/configuration and to allow the application specific customisation.

Specified by:

getParams in interface ServletService

Returns:

Map of parameters

getArgs

public java.util.LinkedList<java.lang.String> getArgs()

Get the ServletPath as a list of strings A path element of "-" terminates the list. This is to allow parameters to be passed on the path at the same time as an arguemnt path.

Specified by:

getArgs in interface ServletService

Returns:

LinkedList arguments in order.

getWebName

public java.lang.String getWebName()

get the authenticated name for the current user as provided by the web-server/container authorisation layer. This will be null unless the container/web-server has authorisation turned on for this URL.

Specified by:

getWebName in interface ServletService

Returns:

String webname

makeParams

public java.util.Map<java.lang.String,java.lang.Object> makeParams(HttpServletRequest req)

create a Map of request parameters from scratch. Application specific sub-classes can override this to customise the behaviour. For example to parse MultiPart forms in order to support file upload.

Parameters:

req -

Returns:

Map of request parameters

getSession

public HttpSession getSession()

getSession

public HttpSession getSession(boolean make_session)

getRequest

public HttpServletRequest getRequest()

supportsMime

public boolean supportsMime(java.lang.String type)

Is the specified mime-type supported by the client.

Parameters:

type -

Returns:

boolean true if mime type supported

getContext

public AppContext getContext()

Specified by:

getContext in interface Contexed

requestAuthentication

public <A extends AppUser> void requestAuthentication(SessionService<A> sess)
                                               throws java.io.IOException,
                                                      ServletException

Description copied from interface: ServletService

Authentication is required for this request but credentials are not available. If possible this should request the client to re-send the request with correct authorisation. e.g. by redirecting to a login page or requesting basic authentication. The request could take account of authentication errors from an earlier call to ServletService.populateSession(SessionService). These can be cahce din the request. The SessionService is provided as a parameter to be queried for its capabilities.

Specified by:

requestAuthentication in interface ServletService

Parameters:

sess - SessionService

Throws:

java.io.IOException

ServletException

requestLogin

public <A extends AppUser> void requestLogin(SessionService<A> sess,
                                             java.lang.String page)
                                      throws java.io.IOException,
                                             ServletException

Description copied from interface: ServletService

Go to the login page to request a login.

Specified by:

requestLogin in interface ServletService

Parameters:

sess - SessionService

page - page to return to

Throws:

java.io.IOException

ServletException

populateSession

public <A extends AppUser> void populateSession(SessionService<A> sess)

Description copied from interface: ServletService

Populate a session automatically using information from the request. This is invoked by the ServletSessionService if a person is requested and the current person is not stored in the session. It handles authentication mechanisms that don't use a specific login url. If the session is not populated here it may trigger a call to ServletService.requestAuthentication(SessionService) later. Any authentication errors could be cached in the request and handled there.

Specified by:

populateSession in interface ServletService

Parameters:

sess - SessionService

logout

public void logout(boolean remove_cookie)

invalidate the servlet session and optionally remove the session cookie.

Parameters:

remove_cookie - should cookie be removed

addCookie

public void addCookie(Cookie c)

decode

protected static java.lang.String decode(java.lang.String base64)

isComitted

public boolean isComitted()

Description copied from interface: ServletService

Has the response been comitted.

Specified by:

isComitted in interface ServletService

Returns:

addErrorProps

public void addErrorProps(java.util.Map props)

Description copied from interface: ServletService

Add additional information about the request to the properties of a debugging error report email.

Specified by:

addErrorProps in interface ServletService

noCache

public void noCache()

Description copied from interface: ServletService

Identify the current request as containing sensative data that should not be cached.

Specified by:

noCache in interface ServletService

setRequestAttribute

public void setRequestAttribute(java.lang.String name,
                                java.lang.Object value)

Description copied from interface: ServletService

Store an object in the current request

Specified by:

setRequestAttribute in interface ServletService

getRequestAttribute

public java.lang.Object getRequestAttribute(java.lang.String name)

Description copied from interface: ServletService

Retrieve an object from the current request.

Specified by:

getRequestAttribute in interface ServletService

Returns:

getAttributeNames

public java.lang.Iterable<java.lang.String> getAttributeNames()

Specified by:

getAttributeNames in interface ServletService

setTimeout

public void setTimeout(int seconds)

Description copied from interface: ServletService

Set an inactivity timeout if supported

Specified by:

setTimeout in interface ServletService