You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by gd...@apache.org on 2001/09/10 21:55:53 UTC
cvs commit: xml-axis/java/src/org/apache/axis/handlers SimpleAuthenticationHandler.java SimpleAuthorizationHandler.java
gdaniels 01/09/10 12:55:53
Modified: java/src/org/apache/axis/handlers
SimpleAuthenticationHandler.java
SimpleAuthorizationHandler.java
Log:
Modify auth handlers to use security interfaces. Hardcoded usage
of simple versions for now, will change to configurable version soon.
Authorization is now done by looking up roles specified as service
options:
<service name="foo" request="Authorize">
<option name="allowedRoles" value="managers,sam,rob"/>
...
</service>
Also, the authorization handler itself takes an option, "allowByDefault",
which if set to "true" will authorize users if no service-specific option
is set. If false, services without allowedRoles set will fail by default.
Revision Changes Path
1.17 +14 -42 xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java
Index: SimpleAuthenticationHandler.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthenticationHandler.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- SimpleAuthenticationHandler.java 2001/09/05 17:22:59 1.16
+++ SimpleAuthenticationHandler.java 2001/09/10 19:55:53 1.17
@@ -58,6 +58,8 @@
import java.io.* ;
import java.util.* ;
import org.apache.axis.* ;
+import org.apache.axis.security.simple.SimpleSecurityProvider;
+import org.apache.axis.security.AuthenticatedUser;
import org.apache.axis.utils.* ;
import org.apache.axis.message.* ;
import org.apache.log4j.Category;
@@ -77,43 +79,10 @@
static Category category =
Category.getInstance(SimpleAuthenticationHandler.class.getName());
- // Simple hashtable of user and password. Null means everybody
- // will authenticate (replace with new Hashtable() if you want
- // the default to be that nobody will be authenticated.
- static private Hashtable entries = null;
-
- // load the users list
- static {
- File userFile = new File("users.lst");
- if (userFile.exists()) {
- entries = new Hashtable();
-
- try {
-
- FileReader fr = new FileReader( userFile );
- LineNumberReader lnr = new LineNumberReader( fr );
- String line = null ;
-
- // parse lines into user and passwd tokens and add result to hash table
- while ( (line = lnr.readLine()) != null ) {
- StringTokenizer st = new StringTokenizer( line );
- if ( st.hasMoreTokens() ) {
- String userID = st.nextToken();
- String passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
-
- category.debug( "From file: '" + userID +
- "':'" + passwd + "'" );
- entries.put(userID, passwd);
- }
- }
-
- lnr.close();
-
- } catch( Exception e ) {
- category.error( e );
- }
- }
- }
+ /** !!! Needs to be replaced with a configurable way of getting a
+ * security provider...
+ */
+ static SimpleSecurityProvider provider = new SimpleSecurityProvider();
/**
* Authenticate the user and password from the msgContext
@@ -121,27 +90,30 @@
public void invoke(MessageContext msgContext) throws AxisFault {
category.debug("Enter: SimpleAuthenticationHandler::invoke" );
- if (entries != null) {
+ if (provider != null) {
String userID = (String) msgContext.getProperty( MessageContext.USERID );
category.debug( "User: " + userID );
// in order to authenticate, the user must exist
- if ( userID == null || userID.equals("") || !entries.containsKey(userID) )
+ if ( userID == null || userID.equals(""))
throw new AxisFault( "Server.Unauthenticated",
"User '" + userID + "' not authenticated (unknown user)",
null, null );
String passwd = (String) msgContext.getProperty( MessageContext.PASSWORD );
- String valid = (String) entries.get(userID);
category.debug( "Pass: " + passwd );
+ AuthenticatedUser authUser = provider.authenticate(userID, passwd);
+
// if a password is defined, then it must match
- if ( valid.length()>0 && !valid.equals(passwd) )
+ if ( authUser == null)
throw new AxisFault( "Server.Unauthenticated",
- "User '" + userID + "' not authenticated (bad password)",
+ "User '" + userID + "' not authenticated",
null, null );
category.debug( "User '" + userID + "' authenticated to server" );
+
+ msgContext.setProperty(MessageContext.AUTHUSER, authUser);
}
category.debug("Exit: SimpleAuthenticationHandler::invoke" );
1.18 +55 -64 xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java
Index: SimpleAuthorizationHandler.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/handlers/SimpleAuthorizationHandler.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- SimpleAuthorizationHandler.java 2001/09/05 17:22:59 1.17
+++ SimpleAuthorizationHandler.java 2001/09/10 19:55:53 1.18
@@ -55,14 +55,19 @@
package org.apache.axis.handlers ;
-import java.io.* ;
-import java.util.* ;
-import org.apache.axis.* ;
-import org.apache.axis.utils.* ;
-import org.apache.axis.message.* ;
-import org.apache.axis.transport.http.HTTPConstants;
+import org.apache.axis.AxisFault;
+import org.apache.axis.MessageContext;
+import org.apache.axis.Handler;
+import org.apache.axis.security.AuthenticatedUser;
+import org.apache.axis.security.SecurityProvider;
import org.apache.log4j.Category;
+import java.io.File;
+import java.io.FileReader;
+import java.io.LineNumberReader;
+import java.util.Hashtable;
+import java.util.StringTokenizer;
+
/**
* Just a simple Authorization Handler to see if the user
* specified in the Bag in the MessageContext is allowed to preform this
@@ -79,76 +84,62 @@
static Category category =
Category.getInstance(SimpleAuthorizationHandler.class.getName());
- // Simple hashtable of users. Null means everybody
- // will authorize (replace with new Hashtable() if you want
- // the default to be that nobody is authorized
- //
- // Values will be hashtables of valid actions for the user
- static private Hashtable entries = null;
-
- // load the perms list
- static {
- File permFile = new File("perms.lst");
- if (permFile.exists()) {
- entries = new Hashtable();
-
- try {
- FileReader fr = new FileReader( permFile );
- LineNumberReader lnr = new LineNumberReader( fr );
- String line = null ;
-
- // parse lines into user and passwd tokens and add result to hash table
- while ( (line = lnr.readLine()) != null ) {
- StringTokenizer st = new StringTokenizer( line );
- if ( st.hasMoreTokens() ) {
- String userID = st.nextToken();
- String action = (st.hasMoreTokens()) ? st.nextToken() : "";
-
- category.info( "User '" + userID + "' authorized to: " + action );
-
- // if we haven't seen this user before, create an entry
- if (!entries.containsKey(userID))
- entries.put(userID, new Hashtable());
-
- // add this action to the list of actions permitted to this user
- Hashtable authlist = (Hashtable) entries.get(userID);
- authlist.put(action, action);
- }
- }
-
- lnr.close();
-
- } catch( Exception e ) {
- category.error( e );
- }
- }
- }
-
/**
* Authorize the user and targetService from the msgContext
*/
public void invoke(MessageContext msgContext) throws AxisFault {
category.debug("Enter: SimpleAuthorizationHandler::invoke" );
- String userID = (String) msgContext.getProperty( MessageContext.USERID );
- String action = msgContext.getTargetService();
-
- category.debug( "User: '" + userID + "'" );
- category.debug( "Action: '" + action + "'" );
-
- if (entries != null) { // perm.list exists
-
- Hashtable authlist = (Hashtable) entries.get(userID);
- if ( authlist == null || !authlist.containsKey(action) ) {
+ boolean allowByDefault = false;
+ String optVal = (String)getOption("allowByDefault");
+ if ((optVal != null) && (optVal.equalsIgnoreCase("true")))
+ allowByDefault = true;
+
+ AuthenticatedUser user = (AuthenticatedUser)msgContext.
+ getProperty(MessageContext.AUTHUSER);
+
+ if (user == null)
+ throw new AxisFault("Server.NoUser",
+ "Need to specify a user for authorization!", null, null);
+
+ String userID = user.getName();
+ Handler serviceHandler = msgContext.getServiceHandler();
+
+ if (serviceHandler == null)
+ throw new AxisFault("No target service to authorize for!");
+
+ String serviceName = serviceHandler.getName();
+
+ String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
+ if (allowedRoles == null) {
+ String action = allowByDefault ? "allowing." : "disallowing.";
+ category.info("No roles specified for target service, " + action);
+ if (!allowByDefault) {
throw new AxisFault( "Server.Unauthorized",
- "User '" + userID + "' not authorized to '" + action + "'",
+ "User '" + userID + "' not authorized to '" +
+ serviceName + "'",
null, null );
}
+ category.debug("Exit: SimpleAuthorizationHandler::invoke" );
+ return;
}
- category.debug( "User '" + userID + "' authorized to: " + action );
+ SecurityProvider provider = SimpleAuthenticationHandler.provider;
+ StringTokenizer st = new StringTokenizer(allowedRoles, ",");
+ while (st.hasMoreTokens()) {
+ String thisRole = st.nextToken();
+ if (provider.userMatches(user, thisRole)) {
+ category.info("User '" + userID + "' authorized to: "
+ + serviceName);
+ category.debug("Exit: SimpleAuthorizationHandler::invoke" );
+ return;
+ }
+ }
- category.debug("Exit: SimpleAuthorizationHandler::invoke" );
+ throw new AxisFault( "Server.Unauthorized",
+ "User '" + userID + "' not authorized to '" +
+ serviceName + "'",
+ null, null );
}
/**