package com.eldermoraes.ch05.authentication; import javax.annotation.security.DeclareRoles; import javax.inject.Inject; import javax.security.enterprise.AuthenticationStatus; import javax.security.enterprise.SecurityContext; import javax.security.enterprise.credential.CallerOnlyCredential; import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @DeclareRoles({"role1", "role2", "role3"}) @WebServlet(name = "/UserAuthenticationServlet", urlPatterns = {"/UserAuthenticationServlet"}) public class UserAuthenticationServlet extends HttpServlet { private static final long serialVersionUID = 1L; @Inject private SecurityContext securityContext; @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String name = request.getParameter("name"); if (null != name || !"".equals(name)) { AuthenticationStatus status = securityContext.authenticate( request, response, AuthenticationParameters.withParams().credential(new CallerOnlyCredential(name))); response.getWriter().write("Authentication status: " + status.name() + "\n"); } String principal = null; if (request.getUserPrincipal() != null) { principal = request.getUserPrincipal().getName(); } response.getWriter().write("User: " + principal + "\n"); response.getWriter().write("Role \"role1\" access: " + request.isUserInRole("role1") + "\n"); response.getWriter().write("Role \"role2\" access: " + request.isUserInRole("role2") + "\n"); response.getWriter().write("Role \"role3\" access: " + request.isUserInRole("role3") + "\n"); response.getWriter().write("Access to /authServlet? " + securityContext.hasAccessToWebResource("/authServlet") + "\n"); } }