KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > axis > handlers > SimpleAuthorizationHandler


1 /*
2  * The Apache Software License, Version 1.1
3  *
4  *
5  * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
6  * reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. The end-user documentation included with the redistribution,
21  * if any, must include the following acknowledgment:
22  * "This product includes software developed by the
23  * Apache Software Foundation (http://www.apache.org/)."
24  * Alternately, this acknowledgment may appear in the software itself,
25  * if and wherever such third-party acknowledgments normally appear.
26  *
27  * 4. The names "Axis" and "Apache Software Foundation" must
28  * not be used to endorse or promote products derived from this
29  * software without prior written permission. For written
30  * permission, please contact apache@apache.org.
31  *
32  * 5. Products derived from this software may not be called "Apache",
33  * nor may "Apache" appear in their name, without prior written
34  * permission of the Apache Software Foundation.
35  *
36  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
37  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
38  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
39  * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
42  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
43  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
44  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
45  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
46  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47  * SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This software consists of voluntary contributions made by many
51  * individuals on behalf of the Apache Software Foundation. For more
52  * information on the Apache Software Foundation, please see
53  * <http://www.apache.org/>.
54  */
55
56 package org.jboss.axis.handlers;
57
58 import org.jboss.axis.AxisFault;
59 import org.jboss.axis.Handler;
60 import org.jboss.axis.MessageContext;
61 import org.jboss.axis.security.AuthenticatedUser;
62 import org.jboss.axis.security.SecurityProvider;
63 import org.jboss.axis.utils.JavaUtils;
64 import org.jboss.axis.utils.Messages;
65 import org.jboss.logging.Logger;
66
67 import java.util.StringTokenizer JavaDoc;
68
69
70 /**
71  * Just a simple Authorization Handler to see if the user
72  * specified in the Bag in the MessageContext is allowed to preform this
73  * action.
74  * <p/>
75  * Look at the <code>allowedRoles</code> handler parameter to determine if
76  * user has rights to access the service
77  * <p/>
78  * The <code>allowByDefault</code> handler parameter can be used to authorize
79  * all users if the parameter is set to true and the <code>allowedRoles</code>
80  * access control list is not specified.
81  * <p/>
82  * Replace this with your 'real' Authorization code.
83  *
84  * @author Doug Davis (dug@us.ibm.com)
85  * @author Sam Ruby (rubys@us.ibm.com)
86  */
87 public class SimpleAuthorizationHandler extends BasicHandler
88 {
89    private static Logger log = Logger.getLogger(SimpleAuthorizationHandler.class.getName());
90
91    /**
92     * Authorize the user and targetService from the msgContext
93     */
94    public void invoke(MessageContext msgContext) throws AxisFault
95    {
96       if (log.isDebugEnabled())
97       {
98          log.debug("Enter: SimpleAuthorizationHandler::invoke");
99       }
100
101       boolean allowByDefault =
102               JavaUtils.isTrueExplicitly(getOption("allowByDefault"));
103
104       AuthenticatedUser user = (AuthenticatedUser)msgContext.
105               getProperty(MessageContext.AUTHUSER);
106
107       if (user == null)
108          throw new AxisFault("Server.NoUser",
109                  Messages.getMessage("needUser00"), null, null);
110
111       String JavaDoc userID = user.getName();
112       Handler serviceHandler = msgContext.getService();
113
114       if (serviceHandler == null)
115          throw new AxisFault(Messages.getMessage("needService00"));
116
117       String JavaDoc serviceName = serviceHandler.getName();
118
119       String JavaDoc allowedRoles = (String JavaDoc)serviceHandler.getOption("allowedRoles");
120       if (allowedRoles == null)
121       {
122          if (allowByDefault)
123          {
124             if (log.isDebugEnabled())
125             {
126                log.debug(Messages.getMessage("noRoles00"));
127             }
128          }
129          else
130          {
131             if (log.isDebugEnabled())
132             {
133                log.debug(Messages.getMessage("noRoles01"));
134             }
135
136             throw new AxisFault("Server.Unauthorized",
137                     Messages.getMessage("notAuth00", userID, serviceName),
138                     null, null);
139          }
140
141          if (log.isDebugEnabled())
142          {
143             log.debug("Exit: SimpleAuthorizationHandler::invoke");
144          }
145          return;
146       }
147
148       SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
149       if (provider == null)
150          throw new AxisFault(Messages.getMessage("noSecurity00"));
151
152       StringTokenizer JavaDoc st = new StringTokenizer JavaDoc(allowedRoles, ",");
153       while (st.hasMoreTokens())
154       {
155          String JavaDoc thisRole = st.nextToken();
156          if (provider.userMatches(user, thisRole))
157          {
158
159             if (log.isDebugEnabled())
160             {
161                log.debug(Messages.getMessage("auth01",
162                        userID, serviceName));
163             }
164
165             if (log.isDebugEnabled())
166             {
167                log.debug("Exit: SimpleAuthorizationHandler::invoke");
168             }
169             return;
170          }
171       }
172
173       throw new AxisFault("Server.Unauthorized",
174               Messages.getMessage("cantAuth02", userID, serviceName),
175               null, null);
176    }
177
178    /**
179     * Nothing to undo
180     */
181    public void onFault(MessageContext msgContext)
182    {
183       if (log.isDebugEnabled())
184       {
185          log.debug("Enter: SimpleAuthorizationHandler::onFault");
186          log.debug("Exit: SimpleAuthorizationHandler::onFault");
187       }
188    }
189 }
190
191 ;
192
Popular Tags