KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > axis > security > servlet > ServletSecurityProvider


1 /*
2  * Copyright 2001-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.axis.security.servlet;
18
19 import org.apache.axis.MessageContext;
20 import org.apache.axis.components.logger.LogFactory;
21 import org.apache.axis.security.AuthenticatedUser;
22 import org.apache.axis.security.SecurityProvider;
23 import org.apache.axis.transport.http.HTTPConstants;
24 import org.apache.axis.utils.Messages;
25 import org.apache.commons.logging.Log;
26
27 import javax.servlet.http.HttpServletRequest JavaDoc;
28 import java.security.Principal JavaDoc;
29 import java.util.HashMap JavaDoc;
30
31
32 /**
33  * A ServletSecurityProvider, combined with the ServletAuthenticatedUser
34  * class, allows the standard servlet security mechanisms (isUserInRole(),
35  * etc.) to integrate with Axis' access control mechanism.
36  *
37  * By utilizing this class (which the AxisServlet can be configured to
38  * do automatically), authentication and role information will come from
39  * your servlet engine.
40  *
41  * @author Glen Daniels (gdaniels@apache.org)
42  */
43 public class ServletSecurityProvider implements SecurityProvider {
44     protected static Log log =
45         LogFactory.getLog(ServletSecurityProvider.class.getName());
46
47     static HashMap JavaDoc users = null;
48
49     /** Authenticate a user from a username/password pair.
50      *
51      * @param username the user name to check
52      * @param password the password to check
53      * @return an AuthenticatedUser or null
54      */
55     public AuthenticatedUser authenticate(MessageContext msgContext) {
56         HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc)msgContext.getProperty(
57                                       HTTPConstants.MC_HTTP_SERVLETREQUEST);
58
59         if (req == null)
60             return null;
61
62         log.debug(Messages.getMessage("got00", "HttpServletRequest"));
63
64         Principal JavaDoc principal = req.getUserPrincipal();
65         if (principal == null) {
66             log.debug(Messages.getMessage("noPrincipal00"));
67             return null;
68         }
69
70         log.debug(Messages.getMessage("gotPrincipal00", principal.getName()));
71
72         return new ServletAuthenticatedUser(req);
73     }
74
75     /** See if a user matches a principal name. The name might be a user
76      * or a group.
77      *
78      * @return true if the user matches the passed name
79      */
80     public boolean userMatches(AuthenticatedUser user, String JavaDoc principal) {
81         if (user == null) return principal == null;
82
83         if (user instanceof ServletAuthenticatedUser) {
84             ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user;
85             return servletUser.getRequest().isUserInRole(principal);
86         }
87
88         return false;
89     }
90 }
91
Popular Tags