Package com.netscape.cms.servlet.base
Class CMSServlet
java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.netscape.cms.servlet.base.CMSServlet
- All Implemented Interfaces:
Serializable
,javax.servlet.Servlet
,javax.servlet.ServletConfig
- Direct Known Subclasses:
CheckIdentity
,CloneServlet
,ConnectorServlet
,DirAuthServlet
,DisableEnrollResult
,DisplayHashUserEnroll
,DisplayHtmlServlet
,DownloadPKCS12
,DynamicVariablesServlet
,EnableEnrollResult
,GetConfigEntries
,GetCookie
,GetOCSPInfo
,GetStats
,GetStatus
,IndexServlet
,MainPageServlet
,OCSPServlet
,PortsServlet
,ProcessReq
,QueryReq
,RegisterUser
,RemoteAuthConfig
,SearchReqs
,TokenAuthenticate
,UpdateDomainXML
,UpdateNumberRange
public abstract class CMSServlet
extends javax.servlet.http.HttpServlet
This is the base class of all CS servlet.
- Version:
- $Revision$, $Date$
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final String
static final String
protected static final String
static final String
static final String
protected static final String
static final String
static final String
protected static final String
protected static final String
static final String
static final String
static final String
static final String
static String
handy routine to check if client want full enrollment responseprotected static final String
protected static final String
protected static final String
protected static final String
static org.slf4j.Logger
protected String
protected String
protected IAuthority
protected AuthzSubsystem
protected String
protected ConfigStore
protected String
protected String
protected String
protected String
protected boolean
protected RequestQueue
protected Hashtable
<Integer, CMSLoadTemplate> protected static final String
protected static final String
protected static final String
protected static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
protected static final String
protected static final String
static final String
static final String
protected static final String
protected static final String
protected static final String
static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected RequestRepository
protected javax.servlet.ServletConfig
protected javax.servlet.ServletContext
static final String
static final String
static final String
protected static final String
protected static final String
static final String
protected static final String
protected static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected String
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.protected String
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.authenticate
(CMSRequest req) authenticate
(CMSRequest req, String authMgrName) authenticate
(javax.servlet.http.HttpServletRequest httpReq) authenticate
(javax.servlet.http.HttpServletRequest httpReq, String authMgrName) AuthenticationAuthorize must occur after Authenticatestatic boolean
clientIsMSIE
(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is msie based on user-agent.static boolean
clientIsNav
(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is navigator based on user-agent.protected static boolean
connectionIsSSL
(javax.servlet.http.HttpServletRequest httpReq) static boolean
doCMMFResponse
(ArgBlock httpParams) static boolean
doFullResponse
(ArgBlock httpParams) protected org.mozilla.jss.netscape.security.x509.RevokedCertImpl
formCRLEntry
(BigInteger serialNo, org.mozilla.jss.netscape.security.x509.RevocationReason reason) make a CRL entry from a serial number and revocation reason.static AuthCredentials
getAuthCreds
(AuthManager authMgr, ArgBlock argBlock, X509Certificate clientCert) construct a authentication credentials to pass into authentication manager.protected AuthToken
getAuthToken
(Request req) protected void
getDontSaveHttpParams
(javax.servlet.ServletConfig sc) get http parameters not to save from configuration.getId()
static File
getLangFile
(javax.servlet.http.HttpServletRequest req, File realpathFile, Locale[] locale) static Locale
protected Locale
getLocale
(javax.servlet.http.HttpServletRequest req) Retrieves locale based on the request.protected void
getSaveHttpHeaders
(javax.servlet.ServletConfig sc) get http headers to save from configuration.protected X509Certificate
getSSLClientCertificate
(javax.servlet.http.HttpServletRequest httpReq) get ssl client authenticated certificateprotected X509Certificate
getSSLClientCertificate
(javax.servlet.http.HttpServletRequest httpReq, boolean clientCertRequired) protected CMSTemplate
getTemplate
(String templateName, javax.servlet.http.HttpServletRequest httpReq, Locale[] locale) get a template based on result status.protected String
hashPassword
(String pwd) void
init
(javax.servlet.ServletConfig sc) initializeAuthz
(javax.servlet.ServletConfig sc, AuthzSubsystem authz, String id) protected static void
invalidateSSLSession
(javax.servlet.http.HttpServletRequest httpReq) Invalidates a SSL Session.boolean
protected CMSRequest
Create a new CMSRequest object.protected ICMSTemplateFiller
newFillerObject
(String fillerClass) instantiate a new filler from a class name,protected void
outputArgBlockAsXML
(XMLObject xmlObj, Node parent, String argBlockName, ArgBlock argBlock) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String errorString) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String errorString, String requestId) protected void
outputError
(javax.servlet.http.HttpServletResponse httpResp, String status, String errorString, String requestId) void
outputHttpParameters
(javax.servlet.http.HttpServletRequest httpReq) protected void
outputResult
(javax.servlet.http.HttpServletResponse httpResp, String contentType, byte[] content) protected void
outputXML
(javax.servlet.http.HttpServletResponse httpResp, CMSTemplateParams params) protected void
process
(CMSRequest cmsRequest) process an HTTP request.protected void
renderException
(CMSRequest cmsReq, EBaseException e) Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly.void
renderFinalError
(CMSRequest cmsReq, Exception ex) protected void
renderResult
(CMSRequest cmsReq) Output a template.protected void
renderTemplate
(CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) protected static void
saveAuthToken
(AuthToken token, Request req) protected void
saveHttpHeaders
(javax.servlet.http.HttpServletRequest httpReq, Request req) save http headers in a Request.protected void
saveHttpParams
(ArgBlock httpParams, Request req) save http headers in a Request.void
service
(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) protected void
setDefaultTemplates
(javax.servlet.ServletConfig sc) set default templates.toHashtable
(javax.servlet.http.HttpServletRequest req) Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log
-
Field Details
-
logger
public static org.slf4j.Logger logger -
SUCCESS
- See Also:
-
FAILURE
- See Also:
-
AUTH_FAILURE
- See Also:
-
PROP_ID
- See Also:
-
PROP_AUTHORITY
- See Also:
-
PROP_AUTHORITYID
- See Also:
-
PROP_AUTHMGR
- See Also:
-
PROP_CLIENTAUTH
- See Also:
-
PROP_RESOURCEID
- See Also:
-
PROP_AUTHZ_MGR
- See Also:
-
PROP_ACL
- See Also:
-
AUTHZ_MGR_BASIC
- See Also:
-
AUTHZ_MGR_LDAP
- See Also:
-
PROP_FINAL_ERROR_MSG
- See Also:
-
ERROR_MSG_TOKEN
- See Also:
-
FINAL_ERROR_MSG
- See Also:
-
PROP_UNAUTHORIZED_TEMPLATE
- See Also:
-
UNAUTHORIZED_TEMPLATE
- See Also:
-
PROP_SUCCESS_TEMPLATE
- See Also:
-
SUCCESS_TEMPLATE
- See Also:
-
PROP_PENDING_TEMPLATE
- See Also:
-
PENDING_TEMPLATE
- See Also:
-
PROP_SVC_PENDING_TEMPLATE
- See Also:
-
SVC_PENDING_TEMPLATE
- See Also:
-
PROP_REJECTED_TEMPLATE
- See Also:
-
REJECTED_TEMPLATE
- See Also:
-
PROP_ERROR_TEMPLATE
- See Also:
-
ERROR_TEMPLATE
- See Also:
-
PROP_EXCEPTION_TEMPLATE
- See Also:
-
EXCEPTION_TEMPLATE
- See Also:
-
PROP_SUCCESS_TEMPLATE_FILLER
- See Also:
-
PROP_PENDING_TEMPLATE_FILLER
- See Also:
-
RA_AGENT_GROUP
- See Also:
-
CA_AGENT_GROUP
- See Also:
-
KRA_AGENT_GROUP
- See Also:
-
OCSP_AGENT_GROUP
- See Also:
-
TRUSTED_RA_GROUP
- See Also:
-
ADMIN_GROUP
- See Also:
-
PFX_HTTP_HEADER
- See Also:
-
PFX_HTTP_PARAM
- See Also:
-
PFX_AUTH_TOKEN
- See Also:
-
AUTHMGR_PARAM
- See Also:
-
CERT_ATTR
- See Also:
-
servletConfig
protected javax.servlet.ServletConfig servletConfig -
servletContext
protected javax.servlet.ServletContext servletContext -
mRenderResult
protected boolean mRenderResult -
mFinalErrorMsg
-
mTemplates
-
mDontSaveHttpParams
-
mSaveHttpHeaders
-
mId
-
mConfig
-
mAuthority
-
requestRepository
-
mRequestQueue
-
mGetClientCert
-
mAuthMgr
-
mAuthz
-
mAclMethod
-
mAuthzResourceName
-
mOutputTemplatePath
-
TEMPLATE_NAME
- See Also:
-
IMPORT_CERT
- See Also:
-
IMPORT_CHAIN
- See Also:
-
IMPORT_CERT_MIME_TYPE
- See Also:
-
NS_X509_USER_CERT
- See Also:
-
NS_X509_EMAIL_CERT
- See Also:
-
SIMPLE_ENROLLMENT_REQUEST
- See Also:
-
SIMPLE_ENROLLMENT_RESPONSE
- See Also:
-
FULL_ENROLLMENT_REQUEST
- See Also:
-
FULL_ENROLLMENT_RESPONSE
- See Also:
-
FULL_RESPONSE
handy routine to check if client want full enrollment response
-
-
Constructor Details
-
CMSServlet
public CMSServlet()
-
-
Method Details
-
toHashtable
-
getCMSEngine
-
initializeAuthz
public String initializeAuthz(javax.servlet.ServletConfig sc, AuthzSubsystem authz, String id) throws EBaseException - Throws:
EBaseException
-
init
public void init(javax.servlet.ServletConfig sc) throws javax.servlet.ServletException - Specified by:
init
in interfacejavax.servlet.Servlet
- Overrides:
init
in classjavax.servlet.GenericServlet
- Throws:
javax.servlet.ServletException
-
getId
-
getAuthMgr
-
isClientCertRequired
public boolean isClientCertRequired() -
outputHttpParameters
public void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq) -
service
public void service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) throws javax.servlet.ServletException, IOException - Overrides:
service
in classjavax.servlet.http.HttpServlet
- Throws:
javax.servlet.ServletException
IOException
-
newCMSRequest
Create a new CMSRequest object. This should be overriden by servlets implementing different types of request- Returns:
- a new CMSRequest object
-
process
process an HTTP request. Servlets must override this with their own implementation- Throws:
EBaseException
- if the servlet was unable to satisfactorily process the requestException
-
renderResult
Output a template. If an error occurs while outputing the template the exception template is used to display the error.- Parameters:
cmsReq
- the CS request- Throws:
IOException
-
outputArgBlockAsXML
-
outputXML
-
renderTemplate
protected void renderTemplate(CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) throws IOException - Throws:
IOException
-
renderException
Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.- Parameters:
cmsReq
- the CS request to pass to template filler if any.e
- the unexpected exception- Throws:
IOException
-
renderFinalError
- Throws:
IOException
-
invalidateSSLSession
protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq) Invalidates a SSL Session. So client auth will happen again. -
getAuthCreds
public static AuthCredentials getAuthCreds(AuthManager authMgr, ArgBlock argBlock, X509Certificate clientCert) throws EBaseException construct a authentication credentials to pass into authentication manager.- Throws:
EBaseException
-
getSSLClientCertificate
protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException get ssl client authenticated certificate- Throws:
EBaseException
-
getSSLClientCertificate
protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq, boolean clientCertRequired) throws EBaseException - Throws:
EBaseException
-
getTemplate
protected CMSTemplate getTemplate(String templateName, javax.servlet.http.HttpServletRequest httpReq, Locale[] locale) throws EBaseException, IOException get a template based on result status.- Throws:
EBaseException
IOException
-
getDontSaveHttpParams
protected void getDontSaveHttpParams(javax.servlet.ServletConfig sc) get http parameters not to save from configuration. -
getSaveHttpHeaders
protected void getSaveHttpHeaders(javax.servlet.ServletConfig sc) get http headers to save from configuration. -
saveHttpHeaders
protected void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq, Request req) throws EBaseException save http headers in a Request.- Throws:
EBaseException
-
saveHttpParams
save http headers in a Request. -
newFillerObject
instantiate a new filler from a class name,- Returns:
- null if can't be instantiated, new instance otherwise.
-
setDefaultTemplates
protected void setDefaultTemplates(javax.servlet.ServletConfig sc) set default templates. subclasses can override, and should override at least the success template -
clientIsMSIE
public static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq) handy routine to check if client is msie based on user-agent. -
doCMMFResponse
-
doFullResponse
-
saveAuthToken
-
getAuthToken
-
connectionIsSSL
protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq) -
formCRLEntry
protected org.mozilla.jss.netscape.security.x509.RevokedCertImpl formCRLEntry(BigInteger serialNo, org.mozilla.jss.netscape.security.x509.RevocationReason reason) throws EBaseException make a CRL entry from a serial number and revocation reason.- Returns:
- a RevokedCertImpl that can be entered in a CRL.
- Throws:
EBaseException
-
hashPassword
-
getLangFile
public static File getLangFile(javax.servlet.http.HttpServletRequest req, File realpathFile, Locale[] locale) throws IOException - Parameters:
req
- http servlet requestrealpathFile
- the file to get.locale
- array of at least one to be filled with locale found.- Throws:
IOException
-
getLocale
-
authenticate
- Throws:
EBaseException
-
authenticate
- Throws:
EBaseException
-
authenticate
- Throws:
EBaseException
-
authenticate
public AuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq, String authMgrName) throws EBaseException Authentication- signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
- signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
- Throws:
EBaseException
- an error has occurred
-
authorize
public AuthzToken authorize(String authzMgrName, String resource, AuthToken authToken, String exp) throws EBaseException - Throws:
EBaseException
-
authorize
public AuthzToken authorize(String authzMgrName, AuthToken authToken, String resource, String operation) throws EBaseException Authorize must occur after Authenticate- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
- signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
- signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
- Parameters:
authzMgrName
- string representing the name of the authorization managerauthToken
- the authentication tokenresource
- a string representing the ACL resource id as defined in the ACL resource listoperation
- a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")- Returns:
- the authorization token
- Throws:
EBaseException
- an error has occurred
-
auditSubjectID
Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.- Returns:
- id string containing the signed audit log message SubjectID
-
auditGroupID
Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.- Returns:
- id string containing the signed audit log message SubjectID
-
getLocale
Retrieves locale based on the request. -
outputResult
protected void outputResult(javax.servlet.http.HttpServletResponse httpResp, String contentType, byte[] content) -
outputError
-
outputError
-
outputError
-