SimpleAuthenticationHandler


1   /*
2    * Copyright 2001-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.axis.handlers ;
18  
19  import org.apache.axis.AxisFault;
20  import org.apache.axis.MessageContext;
21  import org.apache.axis.components.logger.LogFactory;
22  import org.apache.axis.security.AuthenticatedUser;
23  import org.apache.axis.security.SecurityProvider;
24  import org.apache.axis.security.simple.SimpleSecurityProvider;
25  import org.apache.axis.utils.Messages;
26  import org.apache.commons.logging.Log;
27  
28  
29  /**
30   * Just a simple Authentication Handler to see if the user
31   * specified in the Bag in the MessageContext is allowed to continue.
32   *
33   * Just look for 'user' and 'password' in a file called 'users.lst'.
34   *
35   * Replace this with your 'real' authenication code.
36   *
37   * @author Doug Davis (dug@us.ibm.com)
38   * @author Sam Ruby (rubys@us.ibm.com)
39   */
40  public class SimpleAuthenticationHandler extends BasicHandler {
41      protected static Log log =
42          LogFactory.getLog(SimpleAuthenticationHandler.class.getName());
43  
44      /**
45       * Authenticate the user and password from the msgContext
46       */
47      public void invoke(MessageContext msgContext) throws AxisFault {
48          if (log.isDebugEnabled()) {
49              log.debug("Enter: SimpleAuthenticationHandler::invoke");
50          }
51  
52          SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
53          if (provider == null) {
54              provider = new SimpleSecurityProvider();
55              msgContext.setProperty(MessageContext.SECURITY_PROVIDER, provider);
56          }
57  
58          if (provider != null) {
59              String    userID = msgContext.getUsername();
60              if (log.isDebugEnabled()) {
61                  log.debug( Messages.getMessage("user00", userID) );
62              }
63  
64              // in order to authenticate, the user must exist
65              if ( userID == null || userID.equals(""))
66                  throw new AxisFault( "Server.Unauthenticated",
67                      Messages.getMessage("cantAuth00", userID),
68                      null, null );
69  
70              String   passwd = msgContext.getPassword();
71              if (log.isDebugEnabled()) {
72                  log.debug( Messages.getMessage("password00", passwd) );
73              }
74  
75              AuthenticatedUser authUser = provider.authenticate(msgContext);
76  
77              // if a password is defined, then it must match
78              if ( authUser == null)
79                  throw new AxisFault( "Server.Unauthenticated",
80                      Messages.getMessage("cantAuth01", userID),
81                      null, null );
82  
83              if (log.isDebugEnabled()) {
84                  log.debug( Messages.getMessage("auth00", userID) );
85              }
86  
87              msgContext.setProperty(MessageContext.AUTHUSER, authUser);
88          }
89  
90          if (log.isDebugEnabled()) {
91              log.debug("Exit: SimpleAuthenticationHandler::invoke");
92          }
93      }
94  };
95
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags