KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > sync4j > server > admin > ws > axis > AdminAuthHandler


1 /**
2  * Copyright (C) 2003-2005 Funambol
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  */

18 package sync4j.server.admin.ws.axis;
19
20 import java.util.logging.Level JavaDoc;
21 import java.util.logging.Logger JavaDoc;
22
23 import org.apache.axis.AxisFault;
24 import org.apache.axis.MessageContext;
25 import org.apache.axis.handlers.BasicHandler;
26 import org.apache.axis.transport.http.HTTPConstants;
27 import org.apache.axis.utils.Messages;
28
29 import sync4j.framework.logging.Sync4jLogger;
30 import sync4j.framework.config.ConfigurationConstants;
31 import sync4j.framework.server.Sync4jUser;
32 import sync4j.framework.server.store.NotFoundException;
33 import sync4j.framework.server.store.PersistentStoreException;
34
35 import sync4j.server.admin.UserManager;
36
37 import sync4j.server.config.Configuration;
38
39 /**
40  * This is an Axis authentication handler used to authenticate the user trying
41  * to perform administration tasks on the Admin web service. Authentication is
42  * currently performed with the Basic scheme.
43  *
44  * @author Stefano Fornari @ Funambol
45  * @version $Id: AdminAuthHandler.java,v 1.6 2005/07/19 12:40:50 nichele Exp $
46  */

47 public class AdminAuthHandler
48 extends BasicHandler
49 implements ConfigurationConstants {
50
51     // --------------------------------------------------------------- Constants
52
public static final String JavaDoc LOG_NAME = "admin";
53     public static final String JavaDoc ROLE_ADMIN = "sync_administrator";
54
55     public static final String JavaDoc FAULT_UNAUTHORIZED = "Server.Unauthenticated";
56
57     private static final String JavaDoc AUTH_ERROR_MESSAGE =
58         "Authentication failed, because the server is unable to access to the datastore. Please see server log for the causes.";
59
60     // ------------------------------------------------------------ Private data
61
private Logger JavaDoc log = Sync4jLogger.getLogger(LOG_NAME);
62     private UserManager userManager;
63
64     // ------------------------------------------------------------ Constructors
65
public AdminAuthHandler() {
66         try {
67             Configuration c = Configuration.getConfiguration();
68             userManager = (UserManager)c.getUserManager();
69         } catch (Exception JavaDoc e) {
70             if (log.isLoggable(Level.SEVERE)) {
71                 log.severe("Error retrieving the user manager: " + e.getMessage());
72             }
73             log.throwing(AdminAuthHandler.class.getName(), "AdminAuthHandler", e);
74         }
75     }
76
77     // ---------------------------------------------------------- Public methods
78

79     /**
80      * Redefines the BasicHandler's invoke method.
81      *
82      * @param msgContext the Axis message context
83      *
84      * @throws AxisFault if authentication fails.
85      */

86     public void invoke(MessageContext msgContext) throws AxisFault {
87         if (log.isLoggable(Level.FINEST)) {
88             log.finest("Authenticating admin action.");
89         }
90
91         String JavaDoc username = msgContext.getUsername();
92         if (username == null) {
93             //
94
// Hey! no auth here!
95
// This will make axis return a 401
96
//
97
if (log.isLoggable(Level.FINEST)) {
98                 log.finest("Credentials not provided.");
99             }
100             AxisFault f = new AxisFault();
101             f.setFaultCodeAsString("Server.Unauthenticated");
102             throw f;
103         }
104
105         String JavaDoc password = msgContext.getPassword();
106         if (password == null) {
107             password = "";
108         }
109
110         try {
111             //
112
// First of all: is the user authenticated?
113
//
114
Sync4jUser user = new Sync4jUser();
115             user.setUsername(username);
116
117             userManager.getUser(user);
118
119             if (!password.equals(user.getPassword())) {
120                 //
121
// Authentication failed!
122
//
123
notAuthorized();
124             }
125
126             //
127
// Is the user a sync admin user?
128
//
129
userManager.getUserRoles(user);
130
131             if (!user.hasRole(ROLE_ADMIN)) {
132                 //
133
// The user is not an administrator
134
//
135
if (log.isLoggable(Level.INFO)) {
136                     log.info( "Authorization denied: user "
137                             + user
138                             + " is not an administrator."
139                             );
140                 }
141                 notAuthorized();
142             }
143         } catch (NotFoundException e) {
144
145             if (log.isLoggable(Level.SEVERE)) {
146                 log.severe("User not found: " + e.getMessage());
147             }
148             notAuthorized();
149
150         } catch (Exception JavaDoc e) {
151
152             log.throwing(AdminAuthHandler.class.getName(), "invoke", e);
153
154             if (log.isLoggable(Level.SEVERE)) {
155                 log.severe("Error retrieving the user : " + e.getMessage());
156             }
157
158             AxisFault f = new AxisFault();
159             f.setFaultString("The server is unable to authenticate the user. Check the server log for details.");
160             throw f;
161         }
162
163     }
164
165     // --------------------------------------------------------- Private methods
166

167     /**
168      * Throws the AxisFault representing "not authorized".
169      *
170      * @throws AxisFault
171      */

172     private void notAuthorized()
173     throws AxisFault {
174         AxisFault f = new AxisFault();
175         f.setFaultCodeAsString(FAULT_UNAUTHORIZED);
176         throw f;
177     }
178 }
179
Popular Tags