axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gdani...@apache.org
Subject cvs commit: xml-axis/java/src/org/apache/axis/security/servlet ServletAuthenticatedUser.java ServletSecurityProvider.java
Date Wed, 12 Sep 2001 18:04:47 GMT
gdaniels    01/09/12 11:04:47

  Added:       java/src/org/apache/axis/security/servlet
                        ServletAuthenticatedUser.java
                        ServletSecurityProvider.java
  Log:
  Add security provider / auth user classes for integrating with app-server
  servlet authentication.
  
  Revision  Changes    Path
  1.1                  xml-axis/java/src/org/apache/axis/security/servlet/ServletAuthenticatedUser.java
  
  Index: ServletAuthenticatedUser.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:  
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.axis.security.servlet;
  
  import org.apache.axis.security.AuthenticatedUser;
  
  import javax.servlet.http.HttpServletRequest;
  import java.security.Principal;
  
  /**
   * ServletAuthenticatedUser is a sligtly odd implementation of
   * AuthenticatedUser.  It serves to store an HttpServletRequest,
   * so that request can be used by the ServletSecurityProvider to
   * check roles.
   *
   * @author Glen Daniels (gdaniels@macromedia.com)
   */
  public class ServletAuthenticatedUser implements AuthenticatedUser {
      private String name;
      private HttpServletRequest req;
  
      public ServletAuthenticatedUser(HttpServletRequest req)
      {
          this.req = req;
          Principal principal = req.getUserPrincipal();
          this.name = (principal == null) ? null : principal.getName();
      }
  
      /** Return a string representation of the user's name.
       *
       * @return the user's name as a String.
       */
      public String getName() {
          return name;
      }
  
      public HttpServletRequest getRequest()
      {
          return req;
      }
  }
  
  
  
  1.1                  xml-axis/java/src/org/apache/axis/security/servlet/ServletSecurityProvider.java
  
  Index: ServletSecurityProvider.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 1999 The Apache Software Foundation.  All rights 
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer. 
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:  
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written 
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  
  package org.apache.axis.security.servlet;
  
  import org.apache.axis.security.SecurityProvider;
  import org.apache.axis.security.AuthenticatedUser;
  import org.apache.axis.security.simple.SimpleAuthenticatedUser;
  import org.apache.axis.MessageContext;
  import org.apache.axis.transport.http.HTTPConstants;
  import org.apache.log4j.Category;
  import org.apache.log4j.Priority;
  
  import javax.servlet.http.HttpServletRequest;
  import java.util.HashMap;
  import java.util.StringTokenizer;
  import java.io.File;
  import java.io.FileReader;
  import java.io.LineNumberReader;
  import java.security.Principal;
  
  /**
   * A ServletSecurityProvider, combined with the ServletAuthenticatedUser
   * class, allows the standard servlet security mechanisms (isUserInRole(),
   * etc.) to integrate with Axis' access control mechanism.
   *
   * By utilizing this class (which the AxisServlet can be configured to
   * do automatically), authentication and role information will come from
   * your servlet engine.
   *
   * @author Glen Daniels (gdaniels@macromedia.com)
   */
  public class ServletSecurityProvider implements SecurityProvider {
      static Category category =
              Category.getInstance(ServletSecurityProvider.class.getName());
  
      static HashMap users = null;
  
      /** Authenticate a user from a username/password pair.
       *
       * @param username the user name to check
       * @param password the password to check
       * @return an AuthenticatedUser or null
       */
      public AuthenticatedUser authenticate(MessageContext msgContext) {
          HttpServletRequest req = (HttpServletRequest)msgContext.getProperty(
                                        HTTPConstants.MC_HTTP_SERVLETREQUEST);
  
          if (req == null)
              return null;
  
          category.debug("Got HttpServletRequest");
  
          Principal principal = req.getUserPrincipal();
          if (principal == null) {
              category.debug("No principal!");
              return null;
          }
  
          category.debug("Got principal : " + principal.getName());
  
          return new ServletAuthenticatedUser(req);
      }
  
      /** See if a user matches a principal name.  The name might be a user
       * or a group.
       *
       * @return true if the user matches the passed name
       */
      public boolean userMatches(AuthenticatedUser user, String principal) {
          if (user == null) return principal == null;
  
          if (user instanceof ServletAuthenticatedUser) {
              ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user;
              return servletUser.getRequest().isUserInRole(principal);
          }
  
          return false;
      }
  }
  
  
  

Mime
View raw message