You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2001/05/01 16:01:56 UTC
cvs commit: xml-axis/java/src/org/apache/axis/handlers SimpleAuthenticationHandler.java SimpleAuthorizationHandler.java
rubys 01/05/01 07:01:55
Modified: java/src/org/apache/axis/handlers
SimpleAuthenticationHandler.java
SimpleAuthorizationHandler.java
Log:
Just because these are simple, doesn't mean they can't be efficient or
commented! ;-)
Also, shouldn't these be in samples directory? Hmmm...
Revision Changes Path
1.10 +56 -35 xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java
Index: SimpleAuthenticationHandler.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- SimpleAuthenticationHandler.java 2001/04/29 00:38:25 1.9
+++ SimpleAuthenticationHandler.java 2001/05/01 14:01:55 1.10
@@ -70,61 +70,82 @@
* Replace this with your 'real' authenication code.
*
* @author Doug Davis (dug@us.ibm.com)
+ * @author Sam Ruby (rubys@us.ibm.com)
*/
public class SimpleAuthenticationHandler extends BasicHandler {
- public void invoke(MessageContext msgContext) throws AxisFault {
- Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
+ // Simple hashtable of user and password. Null means everybody
+ // will authenticate (replace with new Hashtable() if you want
+ // the default to be that nobody will be authenticated.
+ static private Hashtable entries = null;
+
+ // load the users list
+ static {
File userFile = new File("users.lst");
if (userFile.exists()) {
+ entries = new Hashtable();
+
try {
- String userID = (String) msgContext.getProperty( MessageContext.USERID );
- String passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
- Debug.Print( 1, "User: " + userID );
- Debug.Print( 2, "Pass: " + passwd );
FileReader fr = new FileReader( userFile );
LineNumberReader lnr = new LineNumberReader( fr );
String line = null ;
- boolean done = false ;
-
- if ( userID == null || userID.equals("") )
- throw new AxisFault( "Server.Unauthorized",
- "User not authorized",
- null, null );
+ // parse lines into user and passwd tokens and add result to hash table
while ( (line = lnr.readLine()) != null ) {
StringTokenizer st = new StringTokenizer( line );
- String u = null ,
- p = null ;
-
- if ( st.hasMoreTokens() ) u = st.nextToken();
- if ( st.hasMoreTokens() ) p = st.nextToken();
- Debug.Print( 2, "From file: " + u + ":" + p );
-
- if ( !userID.equals(u) ) continue ;
- if ( passwd == null && p != null ) continue ;
- if ( passwd != null && !passwd.equals(p) ) continue ;
-
- Debug.Print( 1, "User '" + userID + "' authenticated to server" );
- done = true ;
- break ;
+ if ( st.hasMoreTokens() ) {
+ String userID = st.nextToken();
+ String passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
+
+ Debug.Print( 2, "From file: '" + userID + "':'" + passwd + "'" );
+ entries.put(userID, passwd);
+ }
}
+
lnr.close();
- fr.close();
- if ( !done )
- throw new AxisFault( "Server.Unauthorized",
- "User not authenticated",
- null, null );
- }
- catch( Exception e ) {
+
+ } catch( Exception e ) {
Debug.Print( 1, e );
- if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
- throw (AxisFault) e ;
}
}
+ }
+
+ /**
+ * Authenticate the user and password from the msgContext
+ */
+ public void invoke(MessageContext msgContext) throws AxisFault {
+ Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
+
+ if (entries != null) {
+ String userID = (String) msgContext.getProperty( MessageContext.USERID );
+ Debug.Print( 1, "User: " + userID );
+
+ // in order to authenticate, the user must exist
+ if ( userID == null || userID.equals("") || !entries.containsKey(userID) )
+ throw new AxisFault( "Server.Unauthorized",
+ "User not authorized",
+ null, null );
+
+ String passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
+ String valid = (String) entries.get(userID);
+ Debug.Print( 2, "Pass: " + passwd );
+
+ // if a password is defined, then it must match
+ if ( valid.length()>0 && !valid.equals(passwd) )
+ throw new AxisFault( "Server.Unauthorized",
+ "User not authenticated",
+ null, null );
+
+ Debug.Print( 1, "User '" + userID + "' authenticated to server" );
+ }
+
Debug.Print( 1, "Exit: SimpleAuthenticationHandler::invoke" );
}
+
+ /**
+ * Nothing to undo
+ */
public void undo(MessageContext msgContext) {
Debug.Print( 1, "Enter: SimpleAuthenticationHandler::undo" );
Debug.Print( 1, "Exit: SimpleAuthenticationHandler::undo" );
1.11 +60 -36 xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java
Index: SimpleAuthorizationHandler.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- SimpleAuthorizationHandler.java 2001/04/29 00:38:25 1.10
+++ SimpleAuthorizationHandler.java 2001/05/01 14:01:55 1.11
@@ -72,61 +72,85 @@
* Replace this with your 'real' Authorization code.
*
* @author Doug Davis (dug@us.ibm.com)
+ * @author Sam Ruby (rubys@us.ibm.com)
*/
public class SimpleAuthorizationHandler extends BasicHandler {
- public void invoke(MessageContext msgContext) throws AxisFault {
- Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
+
+ // Simple hashtable of users. Null means everybody
+ // will authorize (replace with new Hashtable() if you want
+ // the default to be that nobody is authorized
+ //
+ // Values will be hashtables of valid actions for the user
+ static private Hashtable entries = null;
+
+ // load the perms list
+ static {
File permFile = new File("perms.lst");
if (permFile.exists()) {
- try {
- String userID = (String) msgContext.getProperty( MessageContext.USERID );
- String action = msgContext.getTargetService();
-
- Debug.Print( 1, "User: '" + userID + "'" );
- Debug.Print( 1, "Action: '" + action + "'" );
+ entries = new Hashtable();
+ try {
FileReader fr = new FileReader( permFile );
LineNumberReader lnr = new LineNumberReader( fr );
String line = null ;
- boolean done = false ;
- if ( userID == null || userID.equals("") )
- throw new AxisFault( "Server.Unauthorized",
- "User not authorized",
- null, null );
-
+ // parse lines into user and passwd tokens and add result to hash table
while ( (line = lnr.readLine()) != null ) {
StringTokenizer st = new StringTokenizer( line );
- String u = null ,
- a = null ;
-
- if ( st.hasMoreTokens() ) u = st.nextToken();
- if ( st.hasMoreTokens() ) a = st.nextToken();
- Debug.Print( 2, "From file: '" + u + "':'" + a + "'" );
-
- if ( !userID.equals(u) ) continue ;
- if ( !action.equals(a) ) continue ;
-
- Debug.Print( 1, "User '" + userID + "' authorized to: " + a );
- done = true ;
- break ;
+ if ( st.hasMoreTokens() ) {
+ String userID = st.nextToken();
+ String action = (st.hasMoreTokens()) ? st.nextToken() : "";
+
+ Debug.Print( 1, "User '" + userID + "' authorized to: " + action );
+
+ // if we haven't seen this user before, create an entry
+ if (!entries.containsKey(userID))
+ entries.put(userID, new Hashtable());
+
+ // add this action to the list of actions permitted to this user
+ Hashtable authlist = (Hashtable) entries.get(userID);
+ authlist.put(action, action);
+ }
}
+
lnr.close();
- fr.close();
- if ( !done )
- throw new AxisFault( "Server.Unauthorized",
- "User not authorized",
- null, null );
- }
- catch( Exception e ) {
+
+ } catch( Exception e ) {
Debug.Print( 1, e );
- if ( !(e instanceof AxisFault) ) e = new AxisFault(e);
- throw (AxisFault) e ;
}
}
+ }
+
+ /**
+ * Authorize the user and targetService from the msgContext
+ */
+ public void invoke(MessageContext msgContext) throws AxisFault {
+ Debug.Print( 1, "Enter: SimpleAuthenticationHandler::invoke" );
+
+ String userID = (String) msgContext.getProperty( MessageContext.USERID );
+ String action = msgContext.getTargetService();
+
+ Debug.Print( 1, "User: '" + userID + "'" );
+ Debug.Print( 1, "Action: '" + action + "'" );
+
+ if (entries != null) { // perm.list exists
+
+ Hashtable authlist = (Hashtable) entries.get(userID);
+ if ( authlist == null || !authlist.containsKey(action) ) {
+ throw new AxisFault( "Server.Unauthorized",
+ "User not authorized",
+ null, null );
+ }
+ }
+
+ Debug.Print( 1, "User '" + userID + "' authorized to: " + action );
+
Debug.Print( 1, "Exit: SimpleAuthorizationHandler::invoke" );
}
+ /**
+ * Nothing to undo
+ */
public void undo(MessageContext msgContext) {
Debug.Print( 1, "Enter: SimpleAuthenticationHandler::undo" );
Debug.Print( 1, "Exit: SimpleAuthenticationHandler::undo" );