1 18 package sync4j.server.admin.ws.axis; 19 20 import java.util.logging.Level ; 21 import java.util.logging.Logger ; 22 23 import org.apache.axis.AxisFault; 24 import org.apache.axis.MessageContext; 25 import org.apache.axis.handlers.BasicHandler; 26 import org.apache.axis.transport.http.HTTPConstants; 27 import org.apache.axis.utils.Messages; 28 29 import sync4j.framework.logging.Sync4jLogger; 30 import sync4j.framework.config.ConfigurationConstants; 31 import sync4j.framework.server.Sync4jUser; 32 import sync4j.framework.server.store.NotFoundException; 33 import sync4j.framework.server.store.PersistentStoreException; 34 35 import sync4j.server.admin.UserManager; 36 37 import sync4j.server.config.Configuration; 38 39 47 public class AdminAuthHandler 48 extends BasicHandler 49 implements ConfigurationConstants { 50 51 public static final String LOG_NAME = "admin"; 53 public static final String ROLE_ADMIN = "sync_administrator"; 54 55 public static final String FAULT_UNAUTHORIZED = "Server.Unauthenticated"; 56 57 private static final String AUTH_ERROR_MESSAGE = 58 "Authentication failed, because the server is unable to access to the datastore. Please see server log for the causes."; 59 60 private Logger log = Sync4jLogger.getLogger(LOG_NAME); 62 private UserManager userManager; 63 64 public AdminAuthHandler() { 66 try { 67 Configuration c = Configuration.getConfiguration(); 68 userManager = (UserManager)c.getUserManager(); 69 } catch (Exception e) { 70 if (log.isLoggable(Level.SEVERE)) { 71 log.severe("Error retrieving the user manager: " + e.getMessage()); 72 } 73 log.throwing(AdminAuthHandler.class.getName(), "AdminAuthHandler", e); 74 } 75 } 76 77 79 86 public void invoke(MessageContext msgContext) throws AxisFault { 87 if (log.isLoggable(Level.FINEST)) { 88 log.finest("Authenticating admin action."); 89 } 90 91 String username = msgContext.getUsername(); 92 if (username == null) { 93 if (log.isLoggable(Level.FINEST)) { 98 log.finest("Credentials not provided."); 99 } 100 AxisFault f = new AxisFault(); 101 f.setFaultCodeAsString("Server.Unauthenticated"); 102 throw f; 103 } 104 105 String password = msgContext.getPassword(); 106 if (password == null) { 107 password = ""; 108 } 109 110 try { 111 Sync4jUser user = new Sync4jUser(); 115 user.setUsername(username); 116 117 userManager.getUser(user); 118 119 if (!password.equals(user.getPassword())) { 120 notAuthorized(); 124 } 125 126 userManager.getUserRoles(user); 130 131 if (!user.hasRole(ROLE_ADMIN)) { 132 if (log.isLoggable(Level.INFO)) { 136 log.info( "Authorization denied: user " 137 + user 138 + " is not an administrator." 139 ); 140 } 141 notAuthorized(); 142 } 143 } catch (NotFoundException e) { 144 145 if (log.isLoggable(Level.SEVERE)) { 146 log.severe("User not found: " + e.getMessage()); 147 } 148 notAuthorized(); 149 150 } catch (Exception e) { 151 152 log.throwing(AdminAuthHandler.class.getName(), "invoke", e); 153 154 if (log.isLoggable(Level.SEVERE)) { 155 log.severe("Error retrieving the user : " + e.getMessage()); 156 } 157 158 AxisFault f = new AxisFault(); 159 f.setFaultString("The server is unable to authenticate the user. Check the server log for details."); 160 throw f; 161 } 162 163 } 164 165 167 172 private void notAuthorized() 173 throws AxisFault { 174 AxisFault f = new AxisFault(); 175 f.setFaultCodeAsString(FAULT_UNAUTHORIZED); 176 throw f; 177 } 178 } 179 | Popular Tags |