All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.security.auth.jaspi.impl.ServletMessageInfo Maven / Gradle / Ivy

Go to download

This artifact provides a single jar that contains all classes required to use remote Jakarta Enterprise Beans and Jakarta Messaging, including all dependencies. It is intended for use by those not using maven, maven users should just import the Jakarta Enterprise Beans and Jakarta Messaging BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).

There is a newer version: 35.0.0.Final
Show newest version
/*
 * Copyright 2018 Red Hat, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.auth.jaspi.impl;

import static org.wildfly.common.Assert.checkNotNullParam;
import static org.wildfly.security.auth.jaspi._private.ElytronMessages.log;

import javax.security.auth.message.MessageInfo;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.ServletResponse;
import javax.servlet.ServletResponseWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * A servlet profile specific {@link MessageInfo} that ensures the request and response types remain valid and allows wrapping
 * an existing message info during validateRequest and unwrapping during secureResponse.
 *
 * @author Darran Lofthouse
 */
public class ServletMessageInfo extends ElytronMessageInfo {

    /*
     * Referenced in the Elytron Web Integration.
     */

    /**
     * Set the request message ensuring that it is an instance of {@link HttpServletRequest}, also ensure wrapping only occurs
     * during calls to validateRequest and unwrapping occurs during calls to secureResponse.
     *
     * @param requestMessage the request message.
     */
    @Override
    public void setRequestMessage(Object requestMessage) {
        checkNotNullParam("requestMessage", requestMessage);
        if (requestMessage instanceof HttpServletRequest == false) {
            throw log.invalidMessageType(requestMessage.getClass().getName(), HttpServletRequest.class.getName());
        }

        switch (getState()) {
            case NEW:
                super.setRequestMessage(requestMessage);
                break;
            case VALIDATE: {
                ServletRequest current = (ServletRequest) getRequestMessage();
                ServletRequest unwrapped = (HttpServletRequest) requestMessage;
                while (unwrapped != null) {
                    if (unwrapped == current) {
                        super.setRequestMessage(requestMessage);
                        return;
                    }
                    unwrapped = unwrap(unwrapped);
                }
                throw log.messageDoesNotWrapExistingMessage(HttpServletRequest.class.getName());
            }
            case SECURE: {
                ServletRequest unwrapped = (ServletRequest) getRequestMessage();
                while (unwrapped != null) {
                    if (requestMessage == unwrapped) {
                        super.setRequestMessage(requestMessage);
                        return;
                    }
                    unwrapped = unwrap(unwrapped);
                }
                throw log.messageDoesNotUnWrapExistingMessage(HttpServletRequest.class.getName());
            }
            default:
                throw log.messageSettingNotAllowed(HttpServletRequest.class.getName());
        }
    }

    /**
     * Set the response message ensuring that it is an instance of {@link HttpServletResponse}, also ensure wrapping only occurs
     * during calls to validateRequest and unwrapping occurs during calls to secureResponse.
     *
     * @param responseMessage the response message.
     */
    @Override
    public void setResponseMessage(Object responseMessage) {
        checkNotNullParam("responseMessage", responseMessage);
        if (responseMessage instanceof HttpServletResponse == false) {
            throw log.invalidMessageType(responseMessage.getClass().getName(), HttpServletResponse.class.getName());
        }

        switch (getState()) {
            case NEW:
                super.setResponseMessage(responseMessage);
                break;
            case VALIDATE: {
                ServletResponse current = (ServletResponse) getResponseMessage();
                ServletResponse unwrapped = (HttpServletResponse) responseMessage;
                while (unwrapped != null) {
                    if (unwrapped == current) {
                        super.setResponseMessage(responseMessage);
                        return;
                    }
                    unwrapped = unwrap(unwrapped);
                }
                throw log.messageDoesNotWrapExistingMessage(HttpServletResponse.class.getName());
            }
            case SECURE: {
                ServletResponse unwrapped = (ServletResponse) getRequestMessage();
                while (unwrapped != null) {
                    if (responseMessage == unwrapped) {
                        super.setResponseMessage(responseMessage);
                        return;
                    }
                    unwrapped = unwrap(unwrapped);
                }
                throw log.messageDoesNotUnWrapExistingMessage(HttpServletResponse.class.getName());
            }
            default:
                throw log.messageSettingNotAllowed(HttpServletResponse.class.getName());
        }
    }

    private ServletRequest unwrap(ServletRequest servletRequest) {
        if (servletRequest instanceof ServletRequestWrapper) {
            return ((ServletRequestWrapper) servletRequest).getRequest();
        }

        return null;
    }

    private ServletResponse unwrap(ServletResponse servletResponse) {
        if (servletResponse instanceof ServletResponseWrapper) {
            return ((ServletResponseWrapper) servletResponse).getResponse();
        }

        return null;
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy