axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gdani...@apache.org
Subject cvs commit: xml-axis/java/src/org/apache/axis/handlers SimpleAuthenticationHandler.java SimpleAuthorizationHandler.java
Date Mon, 10 Sep 2001 19:55:53 GMT
gdaniels    01/09/10 12:55:53

  Modified:    java/src/org/apache/axis/handlers
                        SimpleAuthenticationHandler.java
                        SimpleAuthorizationHandler.java
  Log:
  Modify auth handlers to use security interfaces.  Hardcoded usage
  of simple versions for now, will change to configurable version soon.
  
  Authorization is now done by looking up roles specified as service
  options:
  
  <service name="foo" request="Authorize">
    <option name="allowedRoles" value="managers,sam,rob"/>
    ...
  </service>
  
  Also, the authorization handler itself takes an option, "allowByDefault",
  which if set to "true" will authorize users if no service-specific option
  is set.  If false, services without allowedRoles set will fail by default.
  
  Revision  Changes    Path
  1.17      +14 -42    xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java
  
  Index: SimpleAuthenticationHandler.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- SimpleAuthenticationHandler.java	2001/09/05 17:22:59	1.16
  +++ SimpleAuthenticationHandler.java	2001/09/10 19:55:53	1.17
  @@ -58,6 +58,8 @@
   import java.io.* ;
   import java.util.* ;
   import org.apache.axis.* ;
  +import org.apache.axis.security.simple.SimpleSecurityProvider;
  +import org.apache.axis.security.AuthenticatedUser;
   import org.apache.axis.utils.* ;
   import org.apache.axis.message.* ;
   import org.apache.log4j.Category;
  @@ -77,43 +79,10 @@
       static Category category =
               Category.getInstance(SimpleAuthenticationHandler.class.getName());
   
  -    // Simple hashtable of user and password.  Null means everybody
  -    // will authenticate (replace with new Hashtable() if you want
  -    // the default to be that nobody will be authenticated.
  -    static private Hashtable entries = null;
  -
  -    // load the users list
  -    static {
  -        File userFile = new File("users.lst");
  -        if (userFile.exists()) {
  -            entries = new Hashtable();
  -
  -            try {
  -
  -                FileReader        fr   = new FileReader( userFile );
  -                LineNumberReader  lnr  = new LineNumberReader( fr );
  -                String            line = null ;
  -
  -                // parse lines into user and passwd tokens and add result to hash table
  -                while ( (line = lnr.readLine()) != null ) {
  -                    StringTokenizer  st = new StringTokenizer( line );
  -                    if ( st.hasMoreTokens() ) {
  -                        String userID = st.nextToken();
  -                        String passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
  -
  -                        category.debug( "From file: '" + userID +
  -                                        "':'" + passwd + "'" );
  -                        entries.put(userID, passwd);
  -                    }
  -                }
  -
  -                lnr.close();
  -
  -            } catch( Exception e ) {
  -                category.error( e );
  -            }
  -        }
  -    }
  +    /** !!! Needs to be replaced with a configurable way of getting a
  +     * security provider...
  +     */
  +    static SimpleSecurityProvider provider = new SimpleSecurityProvider();
   
       /**
        * Authenticate the user and password from the msgContext
  @@ -121,27 +90,30 @@
       public void invoke(MessageContext msgContext) throws AxisFault {
           category.debug("Enter: SimpleAuthenticationHandler::invoke" );
   
  -        if (entries != null) {
  +        if (provider != null) {
               String  userID = (String) msgContext.getProperty( MessageContext.USERID );
               category.debug( "User: " + userID );
   
               // in order to authenticate, the user must exist
  -            if ( userID == null || userID.equals("") || !entries.containsKey(userID) )
  +            if ( userID == null || userID.equals(""))
                   throw new AxisFault( "Server.Unauthenticated",
                       "User '" + userID + "' not authenticated (unknown user)",
                       null, null );
   
               String passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
  -            String valid = (String) entries.get(userID);
               category.debug( "Pass: " + passwd );
   
  +            AuthenticatedUser authUser = provider.authenticate(userID, passwd);
  +
               // if a password is defined, then it must match
  -            if ( valid.length()>0 && !valid.equals(passwd) )
  +            if ( authUser == null)
                   throw new AxisFault( "Server.Unauthenticated",
  -                    "User '" + userID + "' not authenticated (bad password)",
  +                    "User '" + userID + "' not authenticated",
                       null, null );
   
               category.debug( "User '" + userID + "' authenticated to server" );
  +
  +            msgContext.setProperty(MessageContext.AUTHUSER, authUser);
           }
   
           category.debug("Exit: SimpleAuthenticationHandler::invoke" );
  
  
  
  1.18      +55 -64    xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java
  
  Index: SimpleAuthorizationHandler.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- SimpleAuthorizationHandler.java	2001/09/05 17:22:59	1.17
  +++ SimpleAuthorizationHandler.java	2001/09/10 19:55:53	1.18
  @@ -55,14 +55,19 @@
   
   package org.apache.axis.handlers ;
   
  -import java.io.* ;
  -import java.util.* ;
  -import org.apache.axis.* ;
  -import org.apache.axis.utils.* ;
  -import org.apache.axis.message.* ;
  -import org.apache.axis.transport.http.HTTPConstants;
  +import org.apache.axis.AxisFault;
  +import org.apache.axis.MessageContext;
  +import org.apache.axis.Handler;
  +import org.apache.axis.security.AuthenticatedUser;
  +import org.apache.axis.security.SecurityProvider;
   import org.apache.log4j.Category;
   
  +import java.io.File;
  +import java.io.FileReader;
  +import java.io.LineNumberReader;
  +import java.util.Hashtable;
  +import java.util.StringTokenizer;
  +
   /**
    * Just a simple Authorization Handler to see if the user
    * specified in the Bag in the MessageContext is allowed to preform this
  @@ -79,76 +84,62 @@
       static Category category =
               Category.getInstance(SimpleAuthorizationHandler.class.getName());
   
  -    // Simple hashtable of users.  Null means everybody
  -    // will authorize (replace with new Hashtable() if you want
  -    // the default to be that nobody is authorized
  -    //
  -    // Values will be hashtables of valid actions for the user
  -    static private Hashtable entries = null;
  -
  -    // load the perms list
  -    static {
  -        File permFile = new File("perms.lst");
  -        if (permFile.exists()) {
  -            entries = new Hashtable();
  -
  -            try {
  -                FileReader        fr   = new FileReader( permFile );
  -                LineNumberReader  lnr  = new LineNumberReader( fr );
  -                String            line = null ;
  -
  -                // parse lines into user and passwd tokens and add result to hash table
  -                while ( (line = lnr.readLine()) != null ) {
  -                    StringTokenizer  st = new StringTokenizer( line );
  -                    if ( st.hasMoreTokens() ) {
  -                        String userID = st.nextToken();
  -                        String action = (st.hasMoreTokens()) ? st.nextToken() : "";
  -
  -                        category.info( "User '" + userID + "' authorized to: " + action
);
  -
  -                        // if we haven't seen this user before, create an entry
  -                        if (!entries.containsKey(userID))
  -                            entries.put(userID, new Hashtable());
  -
  -                        // add this action to the list of actions permitted to this user
  -                        Hashtable authlist = (Hashtable) entries.get(userID);
  -                        authlist.put(action, action);
  -                    }
  -                }
  -
  -                lnr.close();
  -
  -            } catch( Exception e ) {
  -                category.error( e );
  -            }
  -        }
  -    }
  -
       /**
        * Authorize the user and targetService from the msgContext
        */
       public void invoke(MessageContext msgContext) throws AxisFault {
           category.debug("Enter: SimpleAuthorizationHandler::invoke" );
   
  -        String userID = (String) msgContext.getProperty( MessageContext.USERID );
  -        String action = msgContext.getTargetService();
  -
  -        category.debug( "User: '" + userID + "'" );
  -        category.debug( "Action: '" + action + "'" );
  -
  -        if (entries != null) { // perm.list exists
  -
  -            Hashtable authlist = (Hashtable) entries.get(userID);
  -            if ( authlist == null || !authlist.containsKey(action) ) {
  +        boolean allowByDefault = false;
  +        String optVal = (String)getOption("allowByDefault");
  +        if ((optVal != null) && (optVal.equalsIgnoreCase("true")))
  +            allowByDefault = true;
  +
  +        AuthenticatedUser user = (AuthenticatedUser)msgContext.
  +                                         getProperty(MessageContext.AUTHUSER);
  +
  +        if (user == null)
  +            throw new AxisFault("Server.NoUser",
  +                    "Need to specify a user for authorization!", null, null);
  +
  +        String userID = user.getName();
  +        Handler serviceHandler = msgContext.getServiceHandler();
  +
  +        if (serviceHandler == null)
  +            throw new AxisFault("No target service to authorize for!");
  +
  +        String serviceName = serviceHandler.getName();
  +
  +        String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
  +        if (allowedRoles == null) {
  +            String action = allowByDefault ? "allowing." : "disallowing.";
  +            category.info("No roles specified for target service, " + action);
  +            if (!allowByDefault) {
                   throw new AxisFault( "Server.Unauthorized",
  -                    "User '" + userID + "' not authorized to '" + action + "'",
  +                    "User '" + userID + "' not authorized to '" +
  +                    serviceName + "'",
                       null, null );
               }
  +            category.debug("Exit: SimpleAuthorizationHandler::invoke" );
  +            return;
           }
   
  -        category.debug( "User '" + userID + "' authorized to: " + action );
  +        SecurityProvider provider = SimpleAuthenticationHandler.provider;
  +        StringTokenizer st = new StringTokenizer(allowedRoles, ",");
  +        while (st.hasMoreTokens()) {
  +            String thisRole = st.nextToken();
  +            if (provider.userMatches(user, thisRole)) {
  +                category.info("User '" + userID + "' authorized to: "
  +                              + serviceName);
  +                category.debug("Exit: SimpleAuthorizationHandler::invoke" );
  +                return;
  +            }
  +        }
   
  -        category.debug("Exit: SimpleAuthorizationHandler::invoke" );
  +        throw new AxisFault( "Server.Unauthorized",
  +            "User '" + userID + "' not authorized to '" +
  +            serviceName + "'",
  +            null, null );
       }
   
       /**
  
  
  

Mime
View raw message