KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > axis > security > simple > SimpleSecurityProvider


1 /*
2  * The Apache Software License, Version 1.1
3  *
4  *
5  * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
6  * reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. The end-user documentation included with the redistribution,
21  * if any, must include the following acknowledgment:
22  * "This product includes software developed by the
23  * Apache Software Foundation (http://www.apache.org/)."
24  * Alternately, this acknowledgment may appear in the software itself,
25  * if and wherever such third-party acknowledgments normally appear.
26  *
27  * 4. The names "Axis" and "Apache Software Foundation" must
28  * not be used to endorse or promote products derived from this
29  * software without prior written permission. For written
30  * permission, please contact apache@apache.org.
31  *
32  * 5. Products derived from this software may not be called "Apache",
33  * nor may "Apache" appear in their name, without prior written
34  * permission of the Apache Software Foundation.
35  *
36  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
37  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
38  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
39  * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
42  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
43  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
44  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
45  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
46  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47  * SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This software consists of voluntary contributions made by many
51  * individuals on behalf of the Apache Software Foundation. For more
52  * information on the Apache Software Foundation, please see
53  * <http://www.apache.org/>.
54  */
55
56 package org.jboss.axis.security.simple;
57
58 import org.jboss.axis.Constants;
59 import org.jboss.axis.MessageContext;
60 import org.jboss.axis.security.AuthenticatedUser;
61 import org.jboss.axis.security.SecurityProvider;
62 import org.jboss.axis.utils.Messages;
63 import org.jboss.logging.Logger;
64
65 import java.io.File JavaDoc;
66 import java.io.FileReader JavaDoc;
67 import java.io.LineNumberReader JavaDoc;
68 import java.util.HashMap JavaDoc;
69 import java.util.StringTokenizer JavaDoc;
70
71 /**
72  * SimpleSecurityProvider
73  *
74  * @author Glen Daniels (gdaniels@macromedia.com)
75  */
76 public class SimpleSecurityProvider implements SecurityProvider
77 {
78    private static Logger log = Logger.getLogger(SimpleSecurityProvider.class.getName());
79
80    HashMap JavaDoc users = null;
81    HashMap JavaDoc perms = null;
82
83    boolean initialized = false;
84
85    // load the users list
86 private synchronized void initialize(MessageContext msgContext)
87    {
88       if (initialized) return;
89
90       String JavaDoc configPath = msgContext.getStrProp(Constants.MC_CONFIGPATH);
91       if (configPath == null)
92       {
93          configPath = "";
94       }
95       else
96       {
97          configPath += File.separator;
98       }
99       File JavaDoc userFile = new File JavaDoc(configPath + "users.lst");
100       if (userFile.exists())
101       {
102          users = new HashMap JavaDoc();
103
104          try
105          {
106
107             FileReader JavaDoc fr = new FileReader JavaDoc(userFile);
108             LineNumberReader JavaDoc lnr = new LineNumberReader JavaDoc(fr);
109             String JavaDoc line = null;
110
111             // parse lines into user and passwd tokens and add result to hash table
112 while ((line = lnr.readLine()) != null)
113             {
114                StringTokenizer JavaDoc st = new StringTokenizer JavaDoc(line);
115                if (st.hasMoreTokens())
116                {
117                   String JavaDoc userID = st.nextToken();
118                   String JavaDoc passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
119
120                   if (log.isDebugEnabled())
121                   {
122                      log.debug(Messages.getMessage("fromFile00",
123                              userID, passwd));
124                   }
125
126                   users.put(userID, passwd);
127                }
128             }
129
130             lnr.close();
131
132          }
133          catch (Exception JavaDoc e)
134          {
135             log.error(Messages.getMessage("exception00"), e);
136             return;
137          }
138       }
139       initialized = true;
140    }
141
142    /**
143     * Authenticate a user from a username/password pair.
144     *
145     * @param username the user name to check
146     * @param password the password to check
147     * @return an AuthenticatedUser or null
148     */
149    public AuthenticatedUser authenticate(MessageContext msgContext)
150    {
151
152       if (!initialized)
153       {
154          initialize(msgContext);
155       }
156
157       String JavaDoc username = msgContext.getUsername();
158       String JavaDoc password = msgContext.getPassword();
159
160       if (users != null)
161       {
162          if (log.isDebugEnabled())
163          {
164             log.debug(Messages.getMessage("user00", username));
165          }
166
167          // in order to authenticate, the user must exist
168 if (username == null ||
169                  username.equals("") ||
170                  !users.containsKey(username))
171             return null;
172
173          String JavaDoc valid = (String JavaDoc)users.get(username);
174
175          if (log.isDebugEnabled())
176          {
177             log.debug(Messages.getMessage("password00", password));
178          }
179
180          // if a password is defined, then it must match
181 if (valid.length() > 0 && !valid.equals(password))
182             return null;
183
184          if (log.isDebugEnabled())
185          {
186             log.debug(Messages.getMessage("auth00", username));
187          }
188
189          return new SimpleAuthenticatedUser(username);
190       }
191
192       return null;
193    }
194
195    /**
196     * See if a user matches a principal name. The name might be a user
197     * or a group.
198     *
199     * @return true if the user matches the passed name
200     */
201    public boolean userMatches(AuthenticatedUser user, String JavaDoc principal)
202    {
203       if (user == null) return principal == null;
204       return user.getName().compareToIgnoreCase(principal) == 0;
205    }
206 }
207
Popular Tags