axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject cvs commit: xml-axis/java/src/org/apache/axis/handlers SimpleAuthenticationHandler.java SimpleAuthorizationHandler.java
Date Tue, 06 Feb 2001 19:51:43 GMT
dug         01/02/06 11:51:43

  Modified:    java/samples/stock README deploy.xml
  Added:       java/samples/stock perms.lst users.lst
               java/src/org/apache/axis/handlers
                        SimpleAuthenticationHandler.java
                        SimpleAuthorizationHandler.java
  Log:
  Adding two new handlers so that people can play with basic
  authentication and authorization.  Not "prime-time" stuff, just
  toy stuff - but it allows us to play with chains more and see
  how it "should" work - esp. in error conditions.
  The GetQuote sample will now use these handlers - look at
  samples/stock/README for more info.
  
  Revision  Changes    Path
  1.3       +19 -6     xml-axis/java/samples/stock/README
  
  Index: README
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/samples/stock/README,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- README	2001/01/27 20:52:41	1.2
  +++ README	2001/02/06 19:51:41	1.3
  @@ -2,11 +2,24 @@
     java org.apache.axis.client.AdminClient deploy.xml
   
   Usage:
  -  java samples.stock.GetQuoteClient <symbol>...
  +  java samples.stock.GetQuote [options] <symbol>...
   
  +  options:
  +    -d           turn on debugging - more 'd means more info
  +    -h<HOST>     server host name
  +    -l<URL>      ie. http://localhost:80/axis/servlet/AxisServlet
  +    -p<PORT#>    server port number
  +    -s<SERVLET>  ie. axis/servlet/AxisServlet
  +    -u<USERID>   user-id
  +    -w<PASSWD>   password
   
  -NOTE!!!
  -  Each symbol will be it's own Body element.  This samples demonstates
  -  that it's possible to have multiple children of the SOAPBody element,
  -  which can be used as an optimization - ie. do multiple RPC calls
  -  with one SOAPEnvelope.
  +If you use the authorization and authentication handlers you'll need
  +to add a couple of files to your Servlet Engine's current dir:
  +
  +users.lst
  + - list of users and passwords
  +
  +perms.lst
  + - list of users and allowable actions per user
  +
  +I've included some samples in this dir.
  
  
  
  1.4       +8 -2      xml-axis/java/samples/stock/deploy.xml
  
  Index: deploy.xml
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/samples/stock/deploy.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- deploy.xml	2001/02/01 22:21:20	1.3
  +++ deploy.xml	2001/02/06 19:51:42	1.4
  @@ -8,11 +8,17 @@
   <!-- This file will be replaced by WSDD once it's ready         -->
   
   <deploy>
  -  <service name="urn:xmltoday-delayed-quotes" handler="RPCDispatcher" >
  +  <handler name="debug"   class="org.apache.axis.handlers.DebugHandler" />
  +  <handler name="authen"  class="org.apache.axis.handlers.SimpleAuthenticationHandler"
/>
  +  <handler name="author"  class="org.apache.axis.handlers.SimpleAuthorizationHandler"
/>
  +  <chain   name="checks"  flow="authen,author" />
  +  <chain   name="rpc"     flow="debug,checks,RPCDispatcher" />
  +
  +  <service name="urn:xmltoday-delayed-quotes" handler="rpc" >
       <option name="className" value="samples.stock.StockQuoteService" />
       <option name="methodName" value="getQuote" />
     </service>
  -  <service name="urn:cominfo" handler="RPCDispatcher" >
  +  <service name="urn:cominfo" handler="rpc" >
       <option name="className" value="samples.stock.ComInfoService" />
       <option name="methodName" value="getInfo" />
     </service>
  
  
  
  1.1                  xml-axis/java/samples/stock/perms.lst
  
  Index: perms.lst
  ===================================================================
  dug urn:xmltoday-delayed-quotes
  keith urn:xmltoday-delayed-quotes
  rick urn:cominfo
  
  
  
  1.1                  xml-axis/java/samples/stock/users.lst
  
  Index: users.lst
  ===================================================================
  dug foo
  keith bar
  rick
  
  
  
  1.1                  xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java
  
  Index: SimpleAuthenticationHandler.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:  
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation and was
   * originally based on software copyright (c) 1999, International
   * Business Machines, Inc., http://www.ibm.com.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.axis.handlers ;
  
  import java.io.* ;
  import java.util.* ;
  import org.apache.axis.* ;
  import org.apache.axis.utils.* ;
  import org.apache.axis.message.* ;
  
  /**
   * Just a simple Authentication Handler to see if the user
   * specified in the Bag in the MessageContext is allowed to continue.
   *
   * Just look for 'user' and 'password' in a file called 'users.lst'.
   *
   * Replace this with your 'real' authenication code.
   *
   * @author Doug Davis (dug@us.ibm.com)
   */
  public class SimpleAuthenticationHandler implements Handler {
    protected Hashtable  options ;
  
    public void init() {
    }
  
    public void cleanup() {
    }
  
    public void invoke(MessageContext msgContext) throws AxisFault {
      Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
      try {
        String  userID = (String) msgContext.getProperty( Constants.MC_USERID );
        String  passwd = (String) msgContext.getProperty( Constants.MC_PASSWORD );
        Debug.Print( 1, "User: " + userID );
        Debug.Print( 2, "Pass: " + passwd );
        if ( userID == null || userID.equals("") )
          throw new AxisFault( "Server.Unauthorized", 
                               "User not authorized",
                               null, null );
  
        FileReader        fr   = new FileReader( "users.lst" );
        LineNumberReader  lnr  = new LineNumberReader( fr );
        String            line = null ;
        boolean           done = false ;
        while ( (line = lnr.readLine()) != null ) {
          StringTokenizer  st = new StringTokenizer( line );
          String           u  = null ,
                           p  = null ;
  
          if ( st.hasMoreTokens() ) u = st.nextToken();
          if ( st.hasMoreTokens() ) p = st.nextToken();
          Debug.Print( 2, "From file: " + u + ":" + p );
  
          if ( !userID.equals(u) ) continue ;
          if ( passwd == null && p != null ) continue ;
          if ( passwd != null && !passwd.equals(p) ) continue ;
  
          Debug.Print( 1, "User '" + userID + "' authenicated to server" );
          done = true ;
          break ;
        }
        lnr.close();
        fr.close();
        if ( !done ) 
          throw new AxisFault( "Server.Unauthorized", 
                               "User not authenticated",
                               null, null );
      }
      catch( Exception e ) {
        Debug.Print( 1, e );
        if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
        throw (AxisFault) e ;
      }
      Debug.Print( 1, "Exit: SimpleAuthenticationHandler::invoke" );
    }
  
    public void undo(MessageContext msgContext) {
      Debug.Print( 1, "Enter: SimpleAuthenticationHandler::undo" );
      Debug.Print( 1, "Exit: SimpleAuthenticationHandler::undo" );
    }
  
    public boolean canHandleBlock(QName qname) {
      return( false );
    }
  
    /**
     * Add the given option (name/value) to this handler's bag of options
     */
    public void addOption(String name, Object value) {
      if ( options == null ) options = new Hashtable();
      options.put( name, value );
    }
  
    /**
     * Returns the option corresponding to the 'name' given
     */
    public Object getOption(String name) {
      if ( options == null ) return( null );
      return( options.get(name) );
    }
  
    /**
     * Return the entire list of options
     */
    public Hashtable getOptions() {
      return( options );
    }
  
    public void setOptions(Hashtable opts) {
      options = opts ;
    }
  
  };
  
  
  
  1.1                  xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java
  
  Index: SimpleAuthorizationHandler.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:  
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation and was
   * originally based on software copyright (c) 1999, International
   * Business Machines, Inc., http://www.ibm.com.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.axis.handlers ;
  
  import java.io.* ;
  import java.util.* ;
  import org.apache.axis.* ;
  import org.apache.axis.utils.* ;
  import org.apache.axis.message.* ;
  
  /**
   * Just a simple Authorization Handler to see if the user
   * specified in the Bag in the MessageContext is allowed to preform this
   * action.
   *
   * Just look for 'user' and 'action' in a file called 'perms.lst'
   *
   * Replace this with your 'real' Authorization code.
   *
   * @author Doug Davis (dug@us.ibm.com)
   */
  public class SimpleAuthorizationHandler implements Handler {
    protected Hashtable  options ;
  
    public void init() {
    }
  
    public void cleanup() {
    }
  
    public void invoke(MessageContext msgContext) throws AxisFault {
      Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
      try {
        String  userID = (String) msgContext.getProperty( Constants.MC_USERID );
        String  action = (String) msgContext.getProperty( Constants.MC_TARGET );
  
        Debug.Print( 1, "User: " + userID );
        Debug.Print( 1, "Action: " + action );
  
        if ( userID == null || userID.equals("") )
          throw new AxisFault( "Server.Unauthorized", 
                               "User not authorized",
                               null, null );
  
        FileReader        fr   = new FileReader( "perms.lst" );
        LineNumberReader  lnr  = new LineNumberReader( fr );
        String            line = null ;
        boolean           done = false ;
        while ( (line = lnr.readLine()) != null ) {
          StringTokenizer  st = new StringTokenizer( line );
          String           u  = null ,
                           a  = null ;
  
          if ( st.hasMoreTokens() ) u = st.nextToken();
          if ( st.hasMoreTokens() ) a = st.nextToken();
          Debug.Print( 2, "From file: " + u + ":" + a );
  
          if ( !userID.equals(u) ) continue ;
          if ( !action.equals(a) ) continue ;
  
          Debug.Print( 1, "User '" + userID + "' authorized to: " +a );
          done = true ;
          break ;
        }
        lnr.close();
        fr.close();
        if ( !done ) 
          throw new AxisFault( "Server.Unauthorized", 
                               "User not authorized",
                               null, null );
      }
      catch( Exception e ) {
        Debug.Print( 1, e );
        if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
        throw (AxisFault) e ;
      }
      Debug.Print( 1, "Exit: SimpleAuthorizationHandler::invoke" );
    }
  
    public void undo(MessageContext msgContext) {
      Debug.Print( 1, "Enter: SimpleAuthorizationHandler::undo" );
      Debug.Print( 1, "Exit: SimpleAuthorizationHandler::undo" );
    }
  
    public boolean canHandleBlock(QName qname) {
      return( false );
    }
  
    /**
     * Add the given option (name/value) to this handler's bag of options
     */
    public void addOption(String name, Object value) {
      if ( options == null ) options = new Hashtable();
      options.put( name, value );
    }
  
    /**
     * Returns the option corresponding to the 'name' given
     */
    public Object getOption(String name) {
      if ( options == null ) return( null );
      return( options.get(name) );
    }
  
    /**
     * Return the entire list of options
     */
    public Hashtable getOptions() {
      return( options );
    }
  
    public void setOptions(Hashtable opts) {
      options = opts ;
    }
  
  };
  
  
  

Mime
View raw message