%line	%branch
org.apache.jetspeed.security.impl.ntlm.NtlmHttpServletRequestWrapper	0%	0%

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.security.impl.ntlm;
18
19		import java.security.Principal;
20
21		import javax.servlet.http.HttpServletRequest;
22		import javax.servlet.http.HttpServletRequestWrapper;
23
24		import org.apache.commons.lang.ArrayUtils;
25		import org.apache.commons.lang.StringUtils;
26
27		/**
28		* NtlmHttpServletRequestWrapper should be used in combination with an Ntml authentication filter (jCIFS).
29		* This filter wraps the original request, setting the principal and remoteUser retrieved by Ntml
30		* authentication with the client. The wrapper Request sets the principal and remoteUser, <i>regardless</i>
31		* of the principal already present in the original request. This HttpServletRequestWrapper returns the principal
32		* from the original request when it's there, and otherwise returns the Ntml principal. When the
33		* the Ntml principal is actually returned can be influenced by a comma-separated list of servlet urls:
34		* only for these urls the Ntlm principal / remoteUser is ignored.
35		* @see NtlmHttpServletRequestFilter
36		* @author <a href="mailto:d.dam@hippo.nl">Dennis Dam</a>
37		* @version $Id$
38		*/
39		public class NtlmHttpServletRequestWrapper extends HttpServletRequestWrapper {
40		private Principal principal;
41		private String remoteUser;
42
43		public NtlmHttpServletRequestWrapper(HttpServletRequest req, String ignoreNtmlUrls) {
44	0	super(req);
45	0	if (req instanceof HttpServletRequestWrapper){
46	0	String[] urls = ignoreNtmlUrls != null ? StringUtils.split(ignoreNtmlUrls, ',') : new String[]{};
47	0	String servletUrl = req.getServletPath();
48	0	Principal reqPrincipal = req.getUserPrincipal();
49	0	HttpServletRequest originalRequest = (HttpServletRequest)((HttpServletRequestWrapper) req).getRequest();
50		/*
51		* Original request principal has precedence over Ntml authenticated principal. This is needed
52		* in the case that the Ntlm authenticated principal is not authorized by Jetspeed: a fallback login
53		* method can then be used. If Ntml authentication succeeds, then the principal from the
54		* original request will be null.
55		*/
56	0	if (originalRequest.getUserPrincipal() != null){
57	0	principal = originalRequest.getUserPrincipal();
58		} else
59		/*
60		* If no principal in the original request, take principal from Ntlm authentication, but
61		* only if the current servlet url is not in the ignore list. The last
62		* requirement is necessary when falling back to another authentication method, e.g. container-based
63		* form authentication: these authentication methods might only work if there is no
64		* principal in the request.
65		*/
66	0	if (!ArrayUtils.contains(urls,servletUrl) && reqPrincipal != null && req.getRemoteUser() != class="keyword">null){
67	0	principal = reqPrincipal;
68	0	remoteUser = req.getRemoteUser();
69		}
70	0	} else {
71	0	principal = super.getUserPrincipal();
72		}
73	0	}
74
75		public Principal getUserPrincipal() {
76	0	return principal;
77		}
78
79		public String getRemoteUser() {
80	0	return remoteUser;
81		}
82
83		}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.