2 * Copyright (c) 2014, 2015 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.aaa.federation;
11 import java.io.IOException;
12 import javax.servlet.Filter;
13 import javax.servlet.FilterChain;
14 import javax.servlet.FilterConfig;
15 import javax.servlet.ServletException;
16 import javax.servlet.ServletRequest;
17 import javax.servlet.ServletResponse;
18 import javax.servlet.http.HttpServletRequest;
19 import javax.servlet.http.HttpServletRequestWrapper;
21 class SssdHeadersRequest extends HttpServletRequestWrapper {
22 private static final String headerPrefix = "X-SSSD-";
24 public SssdHeadersRequest(HttpServletRequest request) {
28 public Object getAttribute(String name) {
29 HttpServletRequest request = (HttpServletRequest) getRequest();
32 headerValue = request.getHeader(headerPrefix + name);
33 if (headerValue != null) {
36 return request.getAttribute(name);
41 public String getRemoteUser() {
42 HttpServletRequest request = (HttpServletRequest) getRequest();
45 headerValue = request.getHeader(headerPrefix + "REMOTE_USER");
46 if (headerValue != null) {
49 return request.getRemoteUser();
54 public String getAuthType() {
55 HttpServletRequest request = (HttpServletRequest) getRequest();
58 headerValue = request.getHeader(headerPrefix + "AUTH_TYPE");
59 if (headerValue != null) {
62 return request.getAuthType();
67 public String getRemoteAddr() {
68 HttpServletRequest request = (HttpServletRequest) getRequest();
71 headerValue = request.getHeader(headerPrefix + "REMOTE_ADDR");
72 if (headerValue != null) {
75 return request.getRemoteAddr();
80 public String getRemoteHost() {
81 HttpServletRequest request = (HttpServletRequest) getRequest();
84 headerValue = request.getHeader(headerPrefix + "REMOTE_HOST");
85 if (headerValue != null) {
88 return request.getRemoteHost();
93 public int getRemotePort() {
94 HttpServletRequest request = (HttpServletRequest) getRequest();
97 headerValue = request.getHeader(headerPrefix + "REMOTE_PORT");
98 if (headerValue != null) {
99 return Integer.parseInt(headerValue);
101 return request.getRemotePort();
108 * Populate HttpRequestServlet API data from HTTP extension headers.
110 * When SSSD is used for authentication and identity lookup those actions occur
111 * in an Apache HTTP server which is fronting the servlet container. After
112 * successful authentication Apache will proxy the request to the container
113 * along with additional authentication and identity metadata.
115 * The preferred way to transport the metadata and have it appear seamlessly in
116 * the servlet API is via the AJP protocol. However AJP may not be available or
117 * desirable. An alternative method is to transport the metadata in extension
118 * HTTP headers. However we still want the standard servlet request API methods
119 * to work. Another way to say this is we do not want upper layers to be aware
120 * of the transport mechanism. To achieve this we wrap the HttpServletRequest
121 * class and override specific methods which need to extract the data from the
122 * extension HTTP headers. (This is roughly equivalent to what happens when AJP
123 * is implemented natively in the container).
125 * The extension HTTP headers are identified by the prefix "X-SSSD-". The
126 * overridden methods check for the existence of the appropriate extension
127 * header and if present returns the value found in the extension header,
128 * otherwise it returns the value from the method it's wrapping.
131 public class SssdFilter implements Filter {
133 public void init(FilterConfig fc) throws ServletException {
137 public void destroy() {
141 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
142 FilterChain filterChain) throws IOException, ServletException {
143 if (servletRequest instanceof HttpServletRequest) {
144 HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
145 SssdHeadersRequest request = new SssdHeadersRequest(httpServletRequest);
146 filterChain.doFilter(request, servletResponse);
148 filterChain.doFilter(servletRequest, servletResponse);