2 // Mainsoft.Web.Security.J2EEAuthenticationModule
5 // Eyal Alaluf (eyala@mainsoft.com)
7 // (C) 2006 Mainsoft Co. (http://www.mainsoft.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Security.Principal;
35 using System.Web.Configuration;
36 using System.Web.Util;
38 using javax.servlet.http;
40 namespace Mainsoft.Web.Security
42 public sealed class J2EEAuthenticationModule : IHttpModule
44 public void Dispose ()
48 public void Init (HttpApplication app)
50 app.AuthenticateRequest += new EventHandler (OnAuthenticateRequest);
53 void OnAuthenticateRequest (object sender, EventArgs args)
55 HttpApplication app = (HttpApplication) sender;
56 HttpServletRequest req = app.Context.Request.ServletWorkerRequest.ServletRequest;
57 if (req.getRemoteUser() != null)
58 app.Context.User = new J2EEPrincipal(req);
62 internal class J2EEPrincipal : IPrincipal
64 HttpServletRequest _request;
67 public J2EEPrincipal(HttpServletRequest req)
70 string authType = req.getAuthType();
73 _identity = new GenericIdentity(req.getRemoteUser(), authType);
76 public bool IsInRole(string role)
78 return _request.isUserInRole(role);
81 public IIdentity Identity { get { return _identity; } }