axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ru...@apache.org
Subject cvs commit: xml-axis/java/src/org/apache/axis/handlers SimpleAuthenticationHandler.java SimpleAuthorizationHandler.java
Date Tue, 01 May 2001 14:01:56 GMT
rubys       01/05/01 07:01:55

  Modified:    java/src/org/apache/axis/handlers
                        SimpleAuthenticationHandler.java
                        SimpleAuthorizationHandler.java
  Log:
  Just because these are simple, doesn't mean they can't be efficient or
  commented!  ;-)
  
  Also, shouldn't these be in samples directory?  Hmmm...
  
  Revision  Changes    Path
  1.10      +56 -35    xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java
  
  Index: SimpleAuthenticationHandler.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- SimpleAuthenticationHandler.java	2001/04/29 00:38:25	1.9
  +++ SimpleAuthenticationHandler.java	2001/05/01 14:01:55	1.10
  @@ -70,61 +70,82 @@
    * Replace this with your 'real' authenication code.
    *
    * @author Doug Davis (dug@us.ibm.com)
  + * @author Sam Ruby (rubys@us.ibm.com)
    */
   public class SimpleAuthenticationHandler extends BasicHandler {
  -  public void invoke(MessageContext msgContext) throws AxisFault {
  -    Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
       
  +  // Simple hashtable of user and password.  Null means everybody
  +  // will authenticate (replace with new Hashtable() if you want 
  +  // the default to be that nobody will be authenticated.
  +  static private Hashtable entries = null;
  +
  +  // load the users list
  +  static {
       File userFile = new File("users.lst");
       if (userFile.exists()) {
  +      entries = new Hashtable();
  +
         try {
  -        String  userID = (String) msgContext.getProperty( MessageContext.USERID );
  -        String  passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
  -        Debug.Print( 1, "User: " + userID );
  -        Debug.Print( 2, "Pass: " + passwd );
   
           FileReader        fr   = new FileReader( userFile );
           LineNumberReader  lnr  = new LineNumberReader( fr );
           String            line = null ;
  -        boolean           done = false ;
  -
  -        if ( userID == null || userID.equals("") )
  -          throw new AxisFault( "Server.Unauthorized", 
  -            "User not authorized",
  -            null, null );
   
  +        // parse lines into user and passwd tokens and add result to hash table
           while ( (line = lnr.readLine()) != null ) {
             StringTokenizer  st = new StringTokenizer( line );
  -          String           u  = null ,
  -            p  = null ;
  -
  -          if ( st.hasMoreTokens() ) u = st.nextToken();
  -          if ( st.hasMoreTokens() ) p = st.nextToken();
  -          Debug.Print( 2, "From file: " + u + ":" + p );
  -
  -          if ( !userID.equals(u) ) continue ;
  -          if ( passwd == null && p != null ) continue ;
  -          if ( passwd != null && !passwd.equals(p) ) continue ;
  -
  -          Debug.Print( 1, "User '" + userID + "' authenticated to server" );
  -          done = true ;
  -          break ;
  +          if ( st.hasMoreTokens() ) {
  +            String userID = st.nextToken();
  +            String passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
  +
  +            Debug.Print( 2, "From file: '" + userID + "':'" + passwd + "'" );
  +            entries.put(userID, passwd);
  +          }
           }
  +
           lnr.close();
  -        fr.close();
  -        if ( !done ) 
  -          throw new AxisFault( "Server.Unauthorized", 
  -            "User not authenticated",
  -            null, null );
  -      }
  -      catch( Exception e ) {
  +
  +      } catch( Exception e ) {
           Debug.Print( 1, e );
  -        if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
  -        throw (AxisFault) e ;
         }
       }
  +  }
  +
  +  /**
  +   * Authenticate the user and password from the msgContext
  +   */
  +  public void invoke(MessageContext msgContext) throws AxisFault {
  +    Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
  +
  +    if (entries != null) {
  +      String  userID = (String) msgContext.getProperty( MessageContext.USERID );
  +      Debug.Print( 1, "User: " + userID );
  +
  +      // in order to authenticate, the user must exist
  +      if ( userID == null || userID.equals("") || !entries.containsKey(userID) )
  +        throw new AxisFault( "Server.Unauthorized", 
  +          "User not authorized",
  +          null, null );
  +  
  +      String passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
  +      String valid = (String) entries.get(userID);
  +      Debug.Print( 2, "Pass: " + passwd );
  +  
  +      // if a password is defined, then it must match
  +      if ( valid.length()>0 && !valid.equals(passwd) ) 
  +        throw new AxisFault( "Server.Unauthorized", 
  +          "User not authenticated",
  +          null, null );
  +
  +      Debug.Print( 1, "User '" + userID + "' authenticated to server" );
  +    }
  +
       Debug.Print( 1, "Exit: SimpleAuthenticationHandler::invoke" );
     }
  +
  +  /**
  +   * Nothing to undo
  +   */
     public void undo(MessageContext msgContext) {
       Debug.Print( 1, "Enter: SimpleAuthenticationHandler::undo" );
       Debug.Print( 1, "Exit: SimpleAuthenticationHandler::undo" );
  
  
  
  1.11      +60 -36    xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java
  
  Index: SimpleAuthorizationHandler.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- SimpleAuthorizationHandler.java	2001/04/29 00:38:25	1.10
  +++ SimpleAuthorizationHandler.java	2001/05/01 14:01:55	1.11
  @@ -72,61 +72,85 @@
    * Replace this with your 'real' Authorization code.
    *
    * @author Doug Davis (dug@us.ibm.com)
  + * @author Sam Ruby (rubys@us.ibm.com)
    */
   public class SimpleAuthorizationHandler extends BasicHandler {
  -  public void invoke(MessageContext msgContext) throws AxisFault {
  -    Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
  +    
  +  // Simple hashtable of users.  Null means everybody
  +  // will authorize (replace with new Hashtable() if you want 
  +  // the default to be that nobody is authorized
  +  //
  +  // Values will be hashtables of valid actions for the user
  +  static private Hashtable entries = null;
  +
  +  // load the perms list
  +  static {
       File permFile = new File("perms.lst");
       if (permFile.exists()) {
  -      try {
  -        String  userID = (String) msgContext.getProperty( MessageContext.USERID );
  -        String  action = msgContext.getTargetService();
  -
  -        Debug.Print( 1, "User: '" + userID + "'" );
  -        Debug.Print( 1, "Action: '" + action + "'" );
  +      entries = new Hashtable();
   
  +      try {
           FileReader        fr   = new FileReader( permFile );
           LineNumberReader  lnr  = new LineNumberReader( fr );
           String            line = null ;
  -        boolean           done = false ;
   
  -        if ( userID == null || userID.equals("") )
  -          throw new AxisFault( "Server.Unauthorized", 
  -            "User not authorized",
  -            null, null );
  -
  +        // parse lines into user and passwd tokens and add result to hash table
           while ( (line = lnr.readLine()) != null ) {
             StringTokenizer  st = new StringTokenizer( line );
  -          String           u  = null ,
  -            a  = null ;
  -
  -          if ( st.hasMoreTokens() ) u = st.nextToken();
  -          if ( st.hasMoreTokens() ) a = st.nextToken();
  -          Debug.Print( 2, "From file: '" + u + "':'" + a + "'" );
  -
  -          if ( !userID.equals(u) ) continue ;
  -          if ( !action.equals(a) ) continue ;
  -
  -          Debug.Print( 1, "User '" + userID + "' authorized to: " + a );
  -          done = true ;
  -          break ;
  +          if ( st.hasMoreTokens() ) {
  +            String userID = st.nextToken();
  +            String action = (st.hasMoreTokens()) ? st.nextToken() : "";
  +
  +            Debug.Print( 1, "User '" + userID + "' authorized to: " + action );
  +
  +            // if we haven't seen this user before, create an entry 
  +            if (!entries.containsKey(userID))
  +              entries.put(userID, new Hashtable());
  +
  +            // add this action to the list of actions permitted to this user
  +            Hashtable authlist = (Hashtable) entries.get(userID);
  +            authlist.put(action, action);
  +          }
           }
  +
           lnr.close();
  -        fr.close();
  -        if ( !done ) 
  -          throw new AxisFault( "Server.Unauthorized", 
  -            "User not authorized",
  -            null, null );
  -      }
  -      catch( Exception e ) {
  +
  +      } catch( Exception e ) {
           Debug.Print( 1, e );
  -        if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
  -        throw (AxisFault) e ;
         }
       }
  +  }
  +
  +  /**
  +   * Authorize the user and targetService from the msgContext
  +   */
  +  public void invoke(MessageContext msgContext) throws AxisFault {
  +    Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
  +
  +    String userID = (String) msgContext.getProperty( MessageContext.USERID );
  +    String action = msgContext.getTargetService();
  +
  +    Debug.Print( 1, "User: '" + userID + "'" );
  +    Debug.Print( 1, "Action: '" + action + "'" );
  +
  +    if (entries != null) { // perm.list exists
  +
  +      Hashtable authlist = (Hashtable) entries.get(userID);
  +      if ( authlist == null || !authlist.containsKey(action) ) {
  +        throw new AxisFault( "Server.Unauthorized", 
  +          "User not authorized",
  +          null, null );
  +      }
  +    }
  +
  +    Debug.Print( 1, "User '" + userID + "' authorized to: " + action );
  +
       Debug.Print( 1, "Exit: SimpleAuthorizationHandler::invoke" );
     }
   
  +  /**
  +   * Nothing to undo
  +   */
     public void undo(MessageContext msgContext) {
       Debug.Print( 1, "Enter: SimpleAuthenticationHandler::undo" );
       Debug.Print( 1, "Exit: SimpleAuthenticationHandler::undo" );
  
  
  

Mime
View raw message