Class CMSServlet

java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.netscape.cms.servlet.base.CMSServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
Direct Known Subclasses:
CheckIdentity, CloneRedirect, CloneServlet, ConnectorServlet, DirAuthServlet, DisableEnrollResult, DisplayHashUserEnroll, DisplayHtmlServlet, DownloadPKCS12, DynamicVariablesServlet, EnableEnrollResult, GetConfigEntries, GetCookie, GetDomainXML, GetOCSPInfo, GetStats, GetStatus, IndexServlet, MainPageServlet, OCSPServlet, PortsServlet, ProcessReq, QueryReq, RegisterUser, RemoteAuthConfig, SearchReqs, TokenAuthenticate, UpdateDomainXML, UpdateNumberRange

public abstract class CMSServlet extends javax.servlet.http.HttpServlet
This is the base class of all CS servlet.
Version:
$Revision$, $Date$
See Also:
  • Field Details

  • Constructor Details

    • CMSServlet

      public CMSServlet()
  • Method Details

    • toHashtable

      public static Hashtable<String,String> toHashtable(javax.servlet.http.HttpServletRequest req)
    • init

      public void init(javax.servlet.ServletConfig sc) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Servlet
      Overrides:
      init in class javax.servlet.GenericServlet
      Throws:
      javax.servlet.ServletException
    • getId

      public String getId()
    • getAuthMgr

      public String getAuthMgr()
    • isClientCertRequired

      public boolean isClientCertRequired()
    • outputHttpParameters

      public void outputHttpParameters(javax.servlet.http.HttpServletRequest httpReq)
    • service

      public void service(javax.servlet.http.HttpServletRequest httpReq, javax.servlet.http.HttpServletResponse httpResp) throws javax.servlet.ServletException, IOException
      Overrides:
      service in class javax.servlet.http.HttpServlet
      Throws:
      javax.servlet.ServletException
      IOException
    • newCMSRequest

      protected CMSRequest newCMSRequest()
      Create a new CMSRequest object. This should be overriden by servlets implementing different types of request
      Returns:
      a new CMSRequest object
    • process

      protected void process(CMSRequest cmsRequest) throws Exception
      process an HTTP request. Servlets must override this with their own implementation
      Throws:
      EBaseException - if the servlet was unable to satisfactorily process the request
      Exception
    • renderResult

      protected void renderResult(CMSRequest cmsReq) throws IOException
      Output a template. If an error occurs while outputing the template the exception template is used to display the error.
      Parameters:
      cmsReq - the CS request
      Throws:
      IOException
    • outputArgBlockAsXML

      protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent, String argBlockName, IArgBlock argBlock)
    • outputXML

      protected void outputXML(javax.servlet.http.HttpServletResponse httpResp, CMSTemplateParams params)
    • renderTemplate

      protected void renderTemplate(CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) throws IOException
      Throws:
      IOException
    • renderException

      protected void renderException(CMSRequest cmsReq, EBaseException e) throws IOException
      Output exception (unexpected error) template This is different from other templates in that if an exception occurs while rendering the exception a message is printed out directly. If the message gets an error an IOException is thrown. In others if an exception occurs while rendering the template the exception template (this) is called.

      Parameters:
      cmsReq - the CS request to pass to template filler if any.
      e - the unexpected exception
      Throws:
      IOException
    • renderFinalError

      public void renderFinalError(CMSRequest cmsReq, Exception ex) throws IOException
      Throws:
      IOException
    • invalidateSSLSession

      protected static void invalidateSSLSession(javax.servlet.http.HttpServletRequest httpReq)
      Invalidates a SSL Session. So client auth will happen again.
    • getAuthCreds

      public static AuthCredentials getAuthCreds(AuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) throws EBaseException
      construct a authentication credentials to pass into authentication manager.
      Throws:
      EBaseException
    • getSSLClientCertificate

      protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
      get ssl client authenticated certificate
      Throws:
      EBaseException
    • getSSLClientCertificate

      protected X509Certificate getSSLClientCertificate(javax.servlet.http.HttpServletRequest httpReq, boolean clientCertRequired) throws EBaseException
      Throws:
      EBaseException
    • getTemplate

      protected CMSTemplate getTemplate(String templateName, javax.servlet.http.HttpServletRequest httpReq, Locale[] locale) throws EBaseException, IOException
      get a template based on result status.
      Throws:
      EBaseException
      IOException
    • getDontSaveHttpParams

      protected void getDontSaveHttpParams(javax.servlet.ServletConfig sc)
      get http parameters not to save from configuration.
    • getSaveHttpHeaders

      protected void getSaveHttpHeaders(javax.servlet.ServletConfig sc)
      get http headers to save from configuration.
    • saveHttpHeaders

      protected void saveHttpHeaders(javax.servlet.http.HttpServletRequest httpReq, Request req) throws EBaseException
      save http headers in a Request.
      Throws:
      EBaseException
    • saveHttpParams

      protected void saveHttpParams(IArgBlock httpParams, Request req)
      save http headers in a Request.
    • getCertRecord

      protected CertRecord getCertRecord(BigInteger serialNo)
      handy routine for getting a cert record given a serial number.
    • isCertFromCA

      protected boolean isCertFromCA(X509Certificate cert)
      handy routine for validating if a cert is from this CA. mAuthority must be a CA.
    • areCertsFromCA

      protected boolean areCertsFromCA(X509Certificate[] certs)
      handy routine for checking if a list of certs is from this CA. mAuthortiy must be a CA.
    • getX509Certificate

      protected X509Certificate getX509Certificate(BigInteger serialNo)
      handy routine for getting a certificate from the certificate repository. mAuthority must be a CA.
    • newFillerObject

      protected ICMSTemplateFiller newFillerObject(String fillerClass)
      instantiate a new filler from a class name,
      Returns:
      null if can't be instantiated, new instance otherwise.
    • setDefaultTemplates

      protected void setDefaultTemplates(javax.servlet.ServletConfig sc)
      set default templates. subclasses can override, and should override at least the success template
    • clientIsNav

      public static boolean clientIsNav(javax.servlet.http.HttpServletRequest httpReq)
      handy routine to check if client is navigator based on user-agent.
    • clientIsMSIE

      public static boolean clientIsMSIE(javax.servlet.http.HttpServletRequest httpReq)
      handy routine to check if client is msie based on user-agent.
    • doCMMFResponse

      public static boolean doCMMFResponse(IArgBlock httpParams)
    • doFullResponse

      public static boolean doFullResponse(IArgBlock httpParams)
    • checkImportCertToNav

      protected boolean checkImportCertToNav(javax.servlet.http.HttpServletResponse httpResp, IArgBlock httpParams, org.mozilla.jss.netscape.security.x509.X509CertImpl cert) throws EBaseException
      Returns:
      false if import cert directly set to false.
      Throws:
      EBaseException
    • importCertToNav

      public void importCertToNav(javax.servlet.http.HttpServletResponse httpResp, org.mozilla.jss.netscape.security.x509.X509CertImpl cert, String contentType, boolean importCAChain) throws EBaseException
      handy routine to import cert to old navigator in nav mime type.
      Throws:
      EBaseException
    • saveAuthToken

      protected static void saveAuthToken(IAuthToken token, Request req)
    • getAuthToken

      protected IAuthToken getAuthToken(Request req)
    • connectionIsSSL

      protected static boolean connectionIsSSL(javax.servlet.http.HttpServletRequest httpReq)
    • getRelPath

      protected String getRelPath(IAuthority authority)
      handy routine for getting agent's relative path
    • isSystemCertificate

      protected boolean isSystemCertificate(BigInteger serialNo) throws EBaseException
      A system certificate such as the CA signing certificate should not be allowed to delete. The main purpose is to avoid revoking the self signed CA certificate accidentially.
      Throws:
      EBaseException
    • formCRLEntry

      protected org.mozilla.jss.netscape.security.x509.RevokedCertImpl formCRLEntry(BigInteger serialNo, org.mozilla.jss.netscape.security.x509.RevocationReason reason) throws EBaseException
      make a CRL entry from a serial number and revocation reason.
      Returns:
      a RevokedCertImpl that can be entered in a CRL.
      Throws:
      EBaseException
    • certIsRevoked

      protected boolean certIsRevoked(BigInteger serialNum) throws EBaseException
      check if a certificate (serial number) is revoked on a CA.
      Returns:
      true if cert is marked revoked in the CA's database.
      Throws:
      EBaseException
    • generateSalt

      public static String generateSalt()
    • hashPassword

      protected String hashPassword(String pwd)
    • getLangFile

      public static File getLangFile(javax.servlet.http.HttpServletRequest req, File realpathFile, Locale[] locale) throws IOException
      Parameters:
      req - http servlet request
      realpathFile - the file to get.
      locale - array of at least one to be filled with locale found.
      Throws:
      IOException
    • getLocale

      public static Locale getLocale(String lang)
    • authenticate

      public IAuthToken authenticate(CMSRequest req) throws EBaseException
      Throws:
      EBaseException
    • authenticate

      public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq) throws EBaseException
      Throws:
      EBaseException
    • authenticate

      public IAuthToken authenticate(CMSRequest req, String authMgrName) throws EBaseException
      Throws:
      EBaseException
    • authenticate

      public IAuthToken authenticate(javax.servlet.http.HttpServletRequest httpReq, String authMgrName) throws EBaseException
      Authentication

      • signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication fails (in case of SSL-client auth, only webserver env can pick up the SSL violation; CS authMgr can pick up cert mis-match, so this event is used)
      • signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication succeeded
      Throws:
      EBaseException - an error has occurred
    • authorize

      public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken, String exp) throws EBaseException
      Throws:
      EBaseException
    • authorize

      public AuthzToken authorize(String authzMgrName, IAuthToken authToken, String resource, String operation) throws EBaseException
      Authorize must occur after Authenticate

      • signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization has failed
      • signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization is successful
      • signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a role (in current CS that's when one accesses a role port)
      Parameters:
      authzMgrName - string representing the name of the authorization manager
      authToken - the authentication token
      resource - a string representing the ACL resource id as defined in the ACL resource list
      operation - a string representing one of the operations as defined within the ACL statement (e. g. - "read" for an ACL statement containing "(read,write)")
      Returns:
      the authorization token
      Throws:
      EBaseException - an error has occurred
    • audit

      protected void audit(String msg)
      Signed Audit Log This method is inherited by all extended "CMSServlet"s, and is called to store messages to the signed audit log.

      Parameters:
      msg - signed audit log message
    • audit

      protected void audit(LogEvent event)
    • auditSubjectID

      protected String auditSubjectID()
      Signed Audit Log Subject ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "SubjectID" for a signed audit log message.

      Returns:
      id string containing the signed audit log message SubjectID
    • auditGroupID

      protected String auditGroupID()
      Signed Audit Log Group ID This method is inherited by all extended "CMSServlet"s, and is called to obtain the "gid" for a signed audit log message.

      Returns:
      id string containing the signed audit log message SubjectID
    • getLocale

      protected Locale getLocale(javax.servlet.http.HttpServletRequest req)
      Retrieves locale based on the request.
    • outputResult

      protected void outputResult(javax.servlet.http.HttpServletResponse httpResp, String contentType, byte[] content)
    • outputError

      protected void outputError(javax.servlet.http.HttpServletResponse httpResp, String errorString)
    • outputError

      protected void outputError(javax.servlet.http.HttpServletResponse httpResp, String errorString, String requestId)
    • outputError

      protected void outputError(javax.servlet.http.HttpServletResponse httpResp, String status, String errorString, String requestId)