KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > beehive > wsm > axis > security > model > ServletSecurityModel


1 package org.apache.beehive.wsm.axis.security.model;
2
3 /*
4  * DropInDeploymentHandler.java
5  *
6  * Copyright 2001-2004 The Apache Software Foundation.
7  *
8  *
9  * Licensed under the Apache License, Version 2.0 (the "License");
10  * you may not use this file except in compliance with the License.
11  * You may obtain a copy of the License at
12  *
13  * http://www.apache.org/licenses/LICENSE-2.0
14  *
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS,
17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20  *
21  */

22
23 import java.util.Collection JavaDoc;
24
25 import org.apache.beehive.wsm.axis.security.SecurityModel ;
26
27 import org.apache.axis.MessageContext;
28 import org.apache.axis.components.logger.LogFactory;
29 import org.apache.axis.security.AuthenticatedUser;
30 import org.apache.axis.security.SecurityProvider;
31 import org.apache.axis.security.simple.SimpleSecurityProvider;
32 import org.apache.log4j.Logger;
33
34 public class ServletSecurityModel implements SecurityModel {
35
36     protected static Logger logger = Logger.getLogger(ServletSecurityModel.class);
37
38     public void init ( MessageContext msgContext )
39     {
40         // do nothing
41
}
42
43     /**
44      * mostly copied from org/apache/axis/handlers/SimpleAuthenticationHandler.java
45      */

46     public boolean isUserInRole ( MessageContext msgContext, Collection JavaDoc<String JavaDoc> rolesAllowed ){
47
48         if (logger.isDebugEnabled()) {
49             logger.debug("Enter: ServletSecurityModel::isUserInRole");
50         }
51
52         SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
53         if (provider == null) {
54             provider = new SimpleSecurityProvider();
55             msgContext.setProperty(MessageContext.SECURITY_PROVIDER, provider);
56         }
57
58         if (provider != null) {
59             String JavaDoc userID = msgContext.getUsername();
60             if (logger.isDebugEnabled()) {
61                 logger.debug("user : " + userID );
62             }
63
64             // in order to authenticate, the user must exist
65
if ( userID == null || userID.equals("") )
66             {
67                 logger.debug("userID is null");
68                 return false;
69             }
70
71             String JavaDoc passwd = msgContext.getPassword();
72             if (logger.isDebugEnabled()) {
73                 logger.debug("password : " + passwd );
74             }
75
76             AuthenticatedUser authUser = provider.authenticate(msgContext);
77
78             // if a password is defined, then it must match
79
if ( authUser == null) {
80                 logger.debug("authuser is null");
81                 return false;
82             }
83
84             for ( String JavaDoc role : rolesAllowed )
85             {
86                 if (provider.userMatches( authUser, role ) )
87                 {
88                     // BINGO !!
89

90                     if (logger.isDebugEnabled()) {
91                         logger.debug( "auth : " + userID + " is in role [" + role + "]");
92                     }
93                     msgContext.setProperty(SecurityModel.BEEHIVE_AUTHUSER, authUser);
94                     return true;
95                 }
96             }
97         }
98
99         if (logger.isDebugEnabled()) {
100             logger.debug("Exit: ServletSecurityModel::isUserInRole");
101         }
102
103         return false;
104     }
105
106
107 }
108
Popular Tags