Docjar: A Java Source and Docuemnt Enginecom.*    java.*    javax.*    org.*    all    new    plug-in

Quick Search    Search Deep
Home >> All >> org >> apache >> axis >> [ handlers Javadoc ]

Source code: org/apache/axis/handlers/SimpleAuthorizationHandler.java


1   /*
2    * Copyright 2001-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.axis.handlers ;
18  
19  import org.apache.axis.AxisFault;
20  import org.apache.axis.Handler;
21  import org.apache.axis.MessageContext;
22  import org.apache.axis.components.logger.LogFactory;
23  import org.apache.axis.security.AuthenticatedUser;
24  import org.apache.axis.security.SecurityProvider;
25  import org.apache.axis.utils.JavaUtils;
26  import org.apache.axis.utils.Messages;
27  import org.apache.commons.logging.Log;
28  
29  import java.util.StringTokenizer;
30  
31  
32  /**
33   * Just a simple Authorization Handler to see if the user
34   * specified in the Bag in the MessageContext is allowed to preform this
35   * action.
36   *
37   * Look at the <code>allowedRoles</code> handler parameter to determine if
38   * user has rights to access the service
39   *
40   * The <code>allowByDefault</code> handler parameter can be used to authorize
41   * all users if the parameter is set to true and the <code>allowedRoles</code>
42   * access control list is not specified.
43   *
44   * Replace this with your 'real' Authorization code.
45   *
46   * @author Doug Davis (dug@us.ibm.com)
47   * @author Sam Ruby (rubys@us.ibm.com)
48   */
49  public class SimpleAuthorizationHandler extends BasicHandler {
50      protected static Log log =
51          LogFactory.getLog(SimpleAuthorizationHandler.class.getName());
52  
53      /**
54       * Authorize the user and targetService from the msgContext
55       */
56      public void invoke(MessageContext msgContext) throws AxisFault {
57          if (log.isDebugEnabled()) {
58              log.debug("Enter: SimpleAuthorizationHandler::invoke");
59          }
60  
61          boolean allowByDefault =
62              JavaUtils.isTrueExplicitly(getOption("allowByDefault"));
63  
64          AuthenticatedUser user = (AuthenticatedUser)msgContext.
65                                           getProperty(MessageContext.AUTHUSER);
66  
67          if (user == null)
68              throw new AxisFault("Server.NoUser",
69                      Messages.getMessage("needUser00"), null, null);
70  
71          String userID = user.getName();
72          Handler serviceHandler = msgContext.getService();
73  
74          if (serviceHandler == null)
75              throw new AxisFault(Messages.getMessage("needService00"));
76  
77          String serviceName = serviceHandler.getName();
78  
79          String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
80          if (allowedRoles == null) {
81              if (allowByDefault) {
82                  if (log.isDebugEnabled()) {
83                      log.debug(Messages.getMessage( "noRoles00"));
84                  }
85              }
86              else {
87                  if (log.isDebugEnabled()) {
88                      log.debug(Messages.getMessage( "noRoles01"));
89                  }
90  
91                  throw new AxisFault( "Server.Unauthorized",
92                      Messages.getMessage("notAuth00", userID, serviceName),
93                      null, null );
94              }
95  
96              if (log.isDebugEnabled()) {
97                  log.debug("Exit: SimpleAuthorizationHandler::invoke");
98              }
99              return;
100         }
101 
102         SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
103         if (provider == null)
104             throw new AxisFault(Messages.getMessage("noSecurity00"));
105 
106         StringTokenizer st = new StringTokenizer(allowedRoles, ",");
107         while (st.hasMoreTokens()) {
108             String thisRole = st.nextToken();
109             if (provider.userMatches(user, thisRole)) {
110 
111                 if (log.isDebugEnabled()) {
112                     log.debug(Messages.getMessage("auth01",
113                         userID, serviceName));
114                 }
115 
116                 if (log.isDebugEnabled()) {
117                     log.debug("Exit: SimpleAuthorizationHandler::invoke");
118                 }
119                 return;
120             }
121         }
122 
123         throw new AxisFault( "Server.Unauthorized",
124             Messages.getMessage("cantAuth02", userID, serviceName),
125             null, null );
126     }
127 
128     /**
129      * Nothing to undo
130      */
131     public void onFault(MessageContext msgContext) {
132         if (log.isDebugEnabled()) {
133             log.debug("Enter: SimpleAuthorizationHandler::onFault");
134             log.debug("Exit: SimpleAuthorizationHandler::onFault");
135         }
136     }
137 };