ServletSecurityProvider


1   /*
2    * The Apache Software License, Version 1.1
3    *
4    *
5    * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
6    * reserved.
7    *
8    * Redistribution and use in source and binary forms, with or without
9    * modification, are permitted provided that the following conditions
10   * are met:
11   *
12   * 1. Redistributions of source code must retain the above copyright
13   *    notice, this list of conditions and the following disclaimer. 
14   *
15   * 2. Redistributions in binary form must reproduce the above copyright
16   *    notice, this list of conditions and the following disclaimer in
17   *    the documentation and/or other materials provided with the
18   *    distribution.
19   *
20   * 3. The end-user documentation included with the redistribution,
21   *    if any, must include the following acknowledgment:  
22   *       "This product includes software developed by the
23   *        Apache Software Foundation (http://www.apache.org/)."
24   *    Alternately, this acknowledgment may appear in the software itself,
25   *    if and wherever such third-party acknowledgments normally appear.
26   *
27   * 4. The names "Axis" and "Apache Software Foundation" must
28   *    not be used to endorse or promote products derived from this
29   *    software without prior written permission. For written 
30   *    permission, please contact apache@apache.org.
31   *
32   * 5. Products derived from this software may not be called "Apache",
33   *    nor may "Apache" appear in their name, without prior written
34   *    permission of the Apache Software Foundation.
35   *
36   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
37   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
38   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
39   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
40   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
42   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
43   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
44   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
45   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
46   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47   * SUCH DAMAGE.
48   * ====================================================================
49   *
50   * This software consists of voluntary contributions made by many
51   * individuals on behalf of the Apache Software Foundation.  For more
52   * information on the Apache Software Foundation, please see
53   * <http://www.apache.org/>.
54   */
55  
56  package org.jboss.axis.security.servlet;
57  
58  import org.jboss.axis.MessageContext;
59  import org.jboss.axis.security.AuthenticatedUser;
60  import org.jboss.axis.security.SecurityProvider;
61  import org.jboss.axis.transport.http.HTTPConstants;
62  import org.jboss.axis.utils.Messages;
63  import org.jboss.logging.Logger;
64  
65  import javax.servlet.http.HttpServletRequest  ;
66  import java.security.Principal  ;
67  import java.util.HashMap  ;
68  
69  
70  /**
71   * A ServletSecurityProvider, combined with the ServletAuthenticatedUser
72   * class, allows the standard servlet security mechanisms (isUserInRole(),
73   * etc.) to integrate with Axis' access control mechanism.
74   * <p/>
75   * By utilizing this class (which the AxisServlet can be configured to
76   * do automatically), authentication and role information will come from
77   * your servlet engine.
78   *
79   * @author Glen Daniels (gdaniels@macromedia.com)
80   */
81  public class ServletSecurityProvider implements SecurityProvider
82  {
83     private static Logger log = Logger.getLogger(ServletSecurityProvider.class.getName());
84  
85     static HashMap   users = null;
86  
87     /**
88      * Authenticate a user from a username/password pair.
89      *
90      * @param username the user name to check
91      * @param password the password to check
92      * @return an AuthenticatedUser or null
93      */
94     public AuthenticatedUser authenticate(MessageContext msgContext)
95     {
96        HttpServletRequest   req = (HttpServletRequest  )msgContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
97  
98        if (req == null)
99           return null;
100 
101       log.debug(Messages.getMessage("got00", "HttpServletRequest"));
102 
103       Principal   principal = req.getUserPrincipal();
104       if (principal == null)
105       {
106          log.debug(Messages.getMessage("noPrincipal00"));
107          return null;
108       }
109 
110       log.debug(Messages.getMessage("gotPrincipal00", principal.getName()));
111 
112       return new ServletAuthenticatedUser(req);
113    }
114 
115    /**
116     * See if a user matches a principal name.  The name might be a user
117     * or a group.
118     *
119     * @return true if the user matches the passed name
120     */
121    public boolean userMatches(AuthenticatedUser user, String   principal)
122    {
123       if (user == null) return principal == null;
124 
125       if (user instanceof ServletAuthenticatedUser)
126       {
127          ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user;
128          return servletUser.getRequest().isUserInRole(principal);
129       }
130 
131       return false;
132    }
133 }
134
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags