axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Davis" <...@us.ibm.com>
Subject Re: cvs commit: xml-axis/java/src/org/apache/axis/security AuthenticatedUser.java SecurityProvider.java
Date Tue, 31 Jul 2001 14:35:19 GMT
I think this might warrant some kind of design discussion
(on the mailing list) before we go too far.  When people think
about Web resources (servlets, JSPs...) each one does not
define it's own way of doing security/authentication.  They tend
to use the built-in functions of the Application Server they
are running in (either directly or implicitly thru configuration).
Perhaps it would make more sense to look at Web services in the
same way and see if we could leverage the same mechanisms that
are already used/tested/proven.  Maybe a more knowledgeable J2EE
person could give some input on this?
-Dug


gdaniels@apache.org on 07/31/2001 08:39:06 AM

Please respond to axis-dev@xml.apache.org

To:   xml-axis-cvs@apache.org
cc:
Subject:  cvs commit: xml-axis/java/src/org/apache/axis/security
      AuthenticatedUser.java SecurityProvider.java



gdaniels    01/07/31 05:39:06

  Added:       java/src/org/apache/axis/security AuthenticatedUser.java
                        SecurityProvider.java
  Log:
  Check in first versions of security interfaces - no implementations yet.

  Revision  Changes    Path
  1.1
xml-axis/java/src/org/apache/axis/security/AuthenticatedUser.java

  Index: AuthenticatedUser.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *    Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */

  package org.apache.axis.security;

  /** A small (mostly marker) interface for wrapping provider-specific
   * user classes.
   *
   * @author Glen Daniels (gdaniels@macromedia.com)
   */
  public interface AuthenticatedUser
  {
      /** Return a string representation of the user's name.
       *
       * @return the user's name as a String.
       */
      public String getName();
  }



  1.1
xml-axis/java/src/org/apache/axis/security/SecurityProvider.java

  Index: SecurityProvider.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *    Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */

  package org.apache.axis.security;

  /** The Axis security provider interface
   *
   * As Axis is designed for use in embedded environments, those
   * environments will often contain their own security databases and
   * potentially authentication managers.  This interface allows Axis
   * to obtain authentication information from an opaque source which
   * will presumably be configured into the engine at startup time.
   *
   * @author Glen Daniels (gdaniels@macromedia.com)
   */
  public interface SecurityProvider
  {
      /** Authenticate a user from a username/password pair.
       *
       * @param username the user name to check
       * @param password the password to check
       * @return an AuthenticatedUser or null
       *
       * NOTE: Since the classes implementing this are going to need to
       * be Axis-aware anyway, we might just pass the MessageContext
       * here instead, and let the provider authenticate against whatever
       * it wants...?
       */
      public AuthenticatedUser authenticate(String username, String
password);

      /** See if a user matches a principal name.  The name might be a user
       * or a group.
       *
       * @return true if the user matches the passed name
       */
      public boolean userMatches(AuthenticatedUser user, String principal);
  }






Mime
View raw message