DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone >

Overriding Tomcat Valve To Return Extended Login Failure Status

Nicholas Sushkin user avatar by
Nicholas Sushkin
·
Mar. 22, 07 · · Code Snippet
Like (0)
Save
Tweet
1.46K Views

Join the DZone community and get the full member experience.

Join For Free
See Shade Grown Code for more information.

ExtendedStatusSetter.java

package com.ofc.tomcat;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Interface flagging that the implementing Realm can set request
 * headers providing additional information about an authentication
 * failure.
 *
 * @author Nicholas Sushkin
 */
public interface ExtendedStatusSetter
{

    /**
     * The request attribute under which we forward an extended failure status message
     * (as an object of type String) to a login error page.
     */
    public static String LOGIN_FAILURE_MESSAGE_ATTR = 
        "com.ofc.tomcat.LOGIN_FAILURE_MESSAGE";
    
    public void setExtendedStatus(String username, HttpServletRequest request, HttpServletResponse response);
}


ExtendedStatusFormAuthenticator.java

package com.ofc.tomcat;

import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.servlet.RequestDispatcher;

/**
 * Adds extended authentication failure status to tomcat FormAuthenticator.
 *
 * @author Nicholas Sushkin
 */
public class ExtendedStatusFormAuthenticator extends FormAuthenticator
{
    /**
     * Descriptive information about this implementation.
     */
    protected static final String info =
        "com.ofc.tomcat.ExtendedStatusFormAuthenticator/1.0";

    private static Log log = LogFactory.getLog(ExtendedStatusFormAuthenticator.class);

    // ------------------------------------------------------------- Properties
    /**
     * Return descriptive information about this Valve implementation.
     */
    @Override
    public String getInfo() 
    {
        return info;
    }

    // ------------------------------------------------------------- Overridden behavior
    /**
     * Called to forward to the error page
     * 
     * @param request Request we are processing
     * @param response Response we are creating
     * @param config    Login configuration describing how authentication
     *              should be performed
     */
    @Override
    protected void forwardToErrorPage(Request request, Response response, LoginConfig config) 
    {
        Realm realm = context.getRealm();

        if (realm instanceof ExtendedStatusSetter)
        {
            log.debug("realm implements ExtendedStatusSetter, setting extended status for error page");
            String username = request.getParameter(Constants.FORM_USERNAME);
            ((ExtendedStatusSetter) realm).setExtendedStatus(username, request.getRequest(), response.getResponse());
        }
        else
        {
            log.debug("realm does not implement ExtendedStatusSetter, NOT setting extended status for error page");
        }

        RequestDispatcher disp =
            context.getServletContext().getRequestDispatcher
            (config.getErrorPage());
        try {
            disp.forward(request.getRequest(), response.getResponse());
            response.finishResponse();
        } catch (Throwable t) {
            log.warn("Unexpected error forwarding to error page", t);
        }
    }
}


Realm implementation will include the following

public class AccountLockoutDatasourceRealm extends DataSourceRealm implements ExtendedStatusSetter
{
    // ...

    public void setExtendedStatus(String username, HttpServletRequest request, HttpServletResponse response)
    {
        setMessage(request, "Account locked");
    }

    protected void setMessage(HttpServletRequest request, String message)
    {
        request.setAttribute(ExtendedStatusSetter.LOGIN_FAILURE_MESSAGE_ATTR, message);
    }
}
Apache Tomcat

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • OPC-UA, MQTT, and Apache Kafka: The Trinity of Data Streaming in IoT
  • Refactoring Java Application: Object-Oriented And Functional Approaches
  • Don't Underestimate Documentation
  • Portfolio Architecture Examples: Retail Collection

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo