axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jung, Eric (Contractor)" <ej...@russellmellon.com>
Subject RE: How to register my own SecurityProvider?
Date Wed, 14 Aug 2002 16:02:50 GMT
I haven't done anything with Axis and security, so I'm certainly no
authority here, but why can't you put your SecurityProvider in the
ServletContext?

Something like this:

public class Servlet extends org.apache.axis.transport.http.AxisServlet 
  public void init() {
    getServletContext().setAttribute("SecurityProvider", new
SimpleSecurityProvider());
  }
}

then in the authentication handler:

 MessageContext mc = MessageContext.getCurrentContext();
 ServletContext sc =
((HttpServlet)mc.getProperty(HTTPConstants.MC_HTTP_SERVLET)).getServletConte
xt();
 Object o = sc.getAttribute("SecurityProvider");
 if (o instanceof SimpleSecurityProvider) {
   SimpleSecurityProvider ssp = (SimpleSecurityProvider)o;
   // do stuff
 }

Will this work?
Eric H. Jung



-----Original Message-----
From: Peter Haensgen [mailto:P.Haensgen@intershop.de]
Sent: Wednesday, August 14, 2002 9:46 AM
To: axis
Subject: How to register my own SecurityProvider?



Hi there,

I have written my own security provider that authenticates users against my
database. Now I'm wondering how I can register this provider so that it is
invoked?

Normally, the flow is like this:
- org.apache.axis.handlers.http.HTTPAuthHandler (extracts the username /
password from HTTP headers)
- org.apache.axis.handlers.SimpleAuthenticationHandler (performs
authentication by calling a SecurityProvider implementation).

The SimpleAuthenticationHandler tries to get the SecurityProvider from the
MessageContext, if its not there, it creates a SimpleSecurityProvider
instance. But I don't see any factory class, system property or similar,
where I can register my own implementation.

The only solution I can see is to write my own AuthenticationHandler and not
to use the SimpleAuthenticationHandler, but then the whole SecurityProvider
interface is useless. Alternatively, I I could add a handler that registers
my class at the message context on every call before the
SimpleAuthenticationhandler, but this is a really ugly workaround.

thanx,
Peter

Mime
View raw message