axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jung, Eric (Contractor)" <>
Subject RE: How to register my own SecurityProvider?
Date Wed, 14 Aug 2002 16:02:50 GMT
I haven't done anything with Axis and security, so I'm certainly no
authority here, but why can't you put your SecurityProvider in the

Something like this:

public class Servlet extends org.apache.axis.transport.http.AxisServlet 
  public void init() {
    getServletContext().setAttribute("SecurityProvider", new

then in the authentication handler:

 MessageContext mc = MessageContext.getCurrentContext();
 ServletContext sc =
 Object o = sc.getAttribute("SecurityProvider");
 if (o instanceof SimpleSecurityProvider) {
   SimpleSecurityProvider ssp = (SimpleSecurityProvider)o;
   // do stuff

Will this work?
Eric H. Jung

-----Original Message-----
From: Peter Haensgen []
Sent: Wednesday, August 14, 2002 9:46 AM
To: axis
Subject: How to register my own SecurityProvider?

Hi there,

I have written my own security provider that authenticates users against my
database. Now I'm wondering how I can register this provider so that it is

Normally, the flow is like this:
- org.apache.axis.handlers.http.HTTPAuthHandler (extracts the username /
password from HTTP headers)
- org.apache.axis.handlers.SimpleAuthenticationHandler (performs
authentication by calling a SecurityProvider implementation).

The SimpleAuthenticationHandler tries to get the SecurityProvider from the
MessageContext, if its not there, it creates a SimpleSecurityProvider
instance. But I don't see any factory class, system property or similar,
where I can register my own implementation.

The only solution I can see is to write my own AuthenticationHandler and not
to use the SimpleAuthenticationHandler, but then the whole SecurityProvider
interface is useless. Alternatively, I I could add a handler that registers
my class at the message context on every call before the
SimpleAuthenticationhandler, but this is a really ugly workaround.


View raw message