Added a ContextHolderAwareRequestWrapper to integrate with getRemoteUser() and isUserInRole(String). Thanks to Orlando Garcia Carmona ("paramosyermos" on Spring forums).

core/src/main/java/org/acegisecurity/ui/wrapper/ContextHolderAwareRequestFilter.java

@@ -0,0 +1,54 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.ui.wrapper;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+
+/**
+ * A <code>Filter</code> which populates the <code>ServletRequest</code> with
+ * an {@link ContextHolderAwareRequestWrapper}.
+ *
+ * @author Orlando Garcia Carmona
+ * @version $Id$
+ */
+public class ContextHolderAwareRequestFilter implements Filter {
+    //~ Methods ================================================================
+
+    public void destroy() {}
+
+    public void doFilter(ServletRequest servletRequest,
+        ServletResponse servletResponse, FilterChain filterChain)
+        throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+
+        if (!(request instanceof ContextHolderAwareRequestWrapper)) {
+            request = new ContextHolderAwareRequestWrapper(request);
+        }
+
+        filterChain.doFilter(request, servletResponse);
+    }
+
+    public void init(FilterConfig filterConfig) throws ServletException {}
+}

core/src/main/java/org/acegisecurity/ui/wrapper/ContextHolderAwareRequestWrapper.java

@@ -0,0 +1,117 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.ui.wrapper;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.UserDetails;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.SecureContext;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+
+/**
+ * An Acegi Security-aware <code>HttpServletRequestWrapper</code>, which uses
+ * the <code>ContextHolder</code>-defined <code>Authentication</code> object
+ * for {@link ContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)}
+ * and {@link javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()}
+ * responses.
+ *
+ * @author Orlando Garcia Carmona
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class ContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
+    //~ Constructors ===========================================================
+
+    public ContextHolderAwareRequestWrapper(HttpServletRequest request) {
+        super(request);
+    }
+
+    //~ Methods ================================================================
+
+    /**
+     * Returns the principal's name, as obtained from the
+     * <code>ContextHolder</code>. Properly handles both
+     * <code>String</code>-based and <code>UserDetails</code>-based
+     * principals.
+     *
+     * @return the username or <code>null</code> if unavailable
+     */
+    public String getRemoteUser() {
+        Authentication auth = getAuthentication();
+
+        if ((auth == null) || (auth.getPrincipal() == null)) {
+            return null;
+        }
+
+        if (auth.getPrincipal() instanceof UserDetails) {
+            return ((UserDetails) auth.getPrincipal()).getUsername();
+        }
+
+        return auth.getPrincipal().toString();
+    }
+
+    /**
+     * Simple searches for an exactly matching {@link
+     * GrantedAuthority#getAuthority()}.
+     * 
+     * <p>
+     * Will always return <code>false</code> if the <code>ContextHolder</code>
+     * contains an <code>Authentication</code> with
+     * <code>null</code><code>principal</code> and/or
+     * <code>GrantedAuthority[]</code> objects.
+     * </p>
+     *
+     * @param role the <code>GrantedAuthority</code><code>String</code>
+     *        representation to check for
+     *
+     * @return <code>true</code> if an <b>exact</b> (case sensitive) matching
+     *         granted authority is located, <code>false</code> otherwise
+     */
+    public boolean isUserInRole(String role) {
+        return isGranted(role);
+    }
+
+    private Authentication getAuthentication() {
+        if ((ContextHolder.getContext() != null)
+            && ContextHolder.getContext() instanceof SecureContext) {
+            return ((SecureContext) ContextHolder.getContext())
+            .getAuthentication();
+        }
+
+        return null;
+    }
+
+    private boolean isGranted(String role) {
+        Authentication auth = getAuthentication();
+
+        if ((auth == null) || (auth.getPrincipal() == null)
+            || (auth.getAuthorities() == null)) {
+            return false;
+        }
+
+        for (int i = 0; i < auth.getAuthorities().length; i++) {
+            if (role.equals(auth.getAuthorities()[i].getAuthority())) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}

core/src/main/java/org/acegisecurity/ui/wrapper/package.html

@@ -0,0 +1,9 @@
+<html>
+<body>
+Populates a Servlet request with a new Acegi Security compliant
+<code>HttpServletRequestWrapper</code>.
+
+<p>To use, simply add the <code>ContextHolderAwareRequestFilter</code>
+to <code>web.xml</code>.
+</body>
+</html>

core/src/test/java/org/acegisecurity/ui/wrapper/ContextHolderAwareRequestFilterTests.java

@@ -0,0 +1,94 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.ui.wrapper;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.MockFilterConfig;
+import net.sf.acegisecurity.MockHttpServletRequest;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+
+/**
+ * Tests {@link ContextHolderAwareRequestFilter}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class ContextHolderAwareRequestFilterTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public ContextHolderAwareRequestFilterTests() {
+        super();
+    }
+
+    public ContextHolderAwareRequestFilterTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(ContextHolderAwareRequestFilterTests.class);
+    }
+
+    public void testCorrectOperation() throws Exception {
+        ContextHolderAwareRequestFilter filter = new ContextHolderAwareRequestFilter();
+        filter.init(new MockFilterConfig());
+        filter.doFilter(new MockHttpServletRequest(null, null), null,
+            new MockFilterChain(ContextHolderAwareRequestWrapper.class));
+
+        // Now re-execute the filter, ensuring our replacement wrapper is still used
+        filter.doFilter(new MockHttpServletRequest(null, null), null,
+            new MockFilterChain(ContextHolderAwareRequestWrapper.class));
+
+        filter.destroy();
+    }
+
+    //~ Inner Classes ==========================================================
+
+    private class MockFilterChain implements FilterChain {
+        private Class expectedServletRequest;
+
+        public MockFilterChain(Class expectedServletRequest) {
+            this.expectedServletRequest = expectedServletRequest;
+        }
+
+        private MockFilterChain() {
+            super();
+        }
+
+        public void doFilter(ServletRequest request, ServletResponse response)
+            throws IOException, ServletException {
+            if (request.getClass().isAssignableFrom(expectedServletRequest)) {
+                assertTrue(true);
+            } else {
+                fail("Expected class to be of type " + expectedServletRequest
+                    + " but was: " + request.getClass());
+            }
+        }
+    }
+}

core/src/test/java/org/acegisecurity/ui/wrapper/ContextHolderAwareRequestWrapperTests.java

@@ -0,0 +1,139 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.ui.wrapper;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.MockHttpServletRequest;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.SecureContext;
+import net.sf.acegisecurity.context.SecureContextImpl;
+import net.sf.acegisecurity.providers.TestingAuthenticationToken;
+import net.sf.acegisecurity.providers.dao.User;
+
+
+/**
+ * Tests {@link ContextHolderAwareRequestWrapper}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class ContextHolderAwareRequestWrapperTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public ContextHolderAwareRequestWrapperTests() {
+        super();
+    }
+
+    public ContextHolderAwareRequestWrapperTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(ContextHolderAwareRequestWrapperTests.class);
+    }
+
+    public void testCorrectOperationWithStringBasedPrincipal()
+        throws Exception {
+        SecureContext sc = new SecureContextImpl();
+        Authentication auth = new TestingAuthenticationToken("marissa",
+                "koala",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_FOO")});
+        sc.setAuthentication(auth);
+        ContextHolder.setContext(sc);
+
+        ContextHolderAwareRequestWrapper wrapper = new ContextHolderAwareRequestWrapper(new MockHttpServletRequest(
+                    "/"));
+
+        assertEquals("marissa", wrapper.getRemoteUser());
+        assertTrue(wrapper.isUserInRole("ROLE_FOO"));
+        assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
+
+        ContextHolder.setContext(null);
+    }
+
+    public void testCorrectOperationWithUserDetailsBasedPrincipal()
+        throws Exception {
+        SecureContext sc = new SecureContextImpl();
+        Authentication auth = new TestingAuthenticationToken(new User(
+                    "marissaAsUserDetails", "koala", true,
+                    new GrantedAuthority[] {}), "koala",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl(
+                        "ROLE_FOOBAR")});
+        sc.setAuthentication(auth);
+        ContextHolder.setContext(sc);
+
+        ContextHolderAwareRequestWrapper wrapper = new ContextHolderAwareRequestWrapper(new MockHttpServletRequest(
+                    "/"));
+
+        assertEquals("marissaAsUserDetails", wrapper.getRemoteUser());
+        assertFalse(wrapper.isUserInRole("ROLE_FOO"));
+        assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
+        assertTrue(wrapper.isUserInRole("ROLE_FOOBAR"));
+        assertTrue(wrapper.isUserInRole("ROLE_HELLO"));
+
+        ContextHolder.setContext(null);
+    }
+
+    public void testNullAuthenticationHandling() throws Exception {
+        SecureContext sc = new SecureContextImpl();
+        sc.setAuthentication(null);
+        ContextHolder.setContext(sc);
+
+        ContextHolderAwareRequestWrapper wrapper = new ContextHolderAwareRequestWrapper(new MockHttpServletRequest(
+                    "/"));
+        assertNull(wrapper.getRemoteUser());
+        assertFalse(wrapper.isUserInRole("ROLE_ANY"));
+
+        ContextHolder.setContext(null);
+    }
+
+    public void testNullContextHolderHandling() throws Exception {
+        ContextHolder.setContext(null);
+
+        ContextHolderAwareRequestWrapper wrapper = new ContextHolderAwareRequestWrapper(new MockHttpServletRequest(
+                    "/"));
+        assertNull(wrapper.getRemoteUser());
+        assertFalse(wrapper.isUserInRole("ROLE_ANY"));
+    }
+
+    public void testNullPrincipalHandling() throws Exception {
+        SecureContext sc = new SecureContextImpl();
+        Authentication auth = new TestingAuthenticationToken(null, "koala",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_HELLO"), new GrantedAuthorityImpl(
+                        "ROLE_FOOBAR")});
+        sc.setAuthentication(auth);
+        ContextHolder.setContext(sc);
+
+        ContextHolderAwareRequestWrapper wrapper = new ContextHolderAwareRequestWrapper(new MockHttpServletRequest(
+                    "/"));
+
+        assertNull(wrapper.getRemoteUser());
+        assertFalse(wrapper.isUserInRole("ROLE_HELLO")); // principal is null, so reject
+        assertFalse(wrapper.isUserInRole("ROLE_FOOBAR")); // principal is null, so reject
+
+        ContextHolder.setContext(null);
+    }
+}

doc/xdocs/changes.xml

@@ -43,6 +43,7 @@
       <action dev="benalex" type="add">Added BasicAclExtendedDao interface and JdbcExtendedDaoImpl for ACL CRUD</action>
       <action dev="benalex" type="add">Added additional remoting protocol demonstrations to Contacts sample</action>
       <action dev="benalex" type="add">Added AbstractProcessingFilter property to always use defaultTargetUrl</action>
+      <action dev="benalex" type="add">Added ContextHolderAwareRequestWrapper to integrate with getRemoteUser()</action>
       <action dev="benalex" type="update">Improved BasicAclProvider to only respond to specified ACL object requests</action>
       <action dev="benalex" type="update">Refactored MethodDefinitionSource to work with Method, not MethodInvocation</action>
       <action dev="benalex" type="update">Refactored AbstractFilterInvocationDefinitionSource to work with URL Strings alone</action>

project.xml

@@ -126,6 +126,9 @@
     <contributor>
       <name>Aaron Tang</name>
     </contributor>
+    <contributor>
+      <name>Orlando Garcia Carmona</name>
+    </contributor>
   </contributors>
   <dependencies>
     <dependency>