axis-rt-core/src/main/java/org/apache/axis/handlers/SimpleAuthorizationHandler.java - axis-axis1-java - Git at Google

 /*
  * Copyright 2001-2004 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.axis.handlers ;

 import org.apache.axis.AxisFault;
 import org.apache.axis.Handler;
 import org.apache.axis.MessageContext;
 import org.apache.axis.components.logger.LogFactory;
 import org.apache.axis.security.AuthenticatedUser;
 import org.apache.axis.security.SecurityProvider;
 import org.apache.axis.utils.JavaUtils;
 import org.apache.axis.utils.Messages;
 import org.apache.commons.logging.Log;

 import java.util.StringTokenizer;


 /**
  * Just a simple Authorization Handler to see if the user
  * specified in the Bag in the MessageContext is allowed to preform this
  * action.
  *
  * Look at the <code>allowedRoles</code> handler parameter to determine if
  * user has rights to access the service
  *
  * The <code>allowByDefault</code> handler parameter can be used to authorize
  * all users if the parameter is set to true and the <code>allowedRoles</code>
  * access control list is not specified.
  *
  * Replace this with your 'real' Authorization code.
  *
  * @author Doug Davis (dug@us.ibm.com)
  * @author Sam Ruby (rubys@us.ibm.com)
  */
 public class SimpleAuthorizationHandler extends BasicHandler {
     protected static Log log =
         LogFactory.getLog(SimpleAuthorizationHandler.class.getName());

     /**
      * Authorize the user and targetService from the msgContext
      */
     public void invoke(MessageContext msgContext) throws AxisFault {
         if (log.isDebugEnabled()) {
             log.debug("Enter: SimpleAuthorizationHandler::invoke");
         }

         boolean allowByDefault =
             JavaUtils.isTrueExplicitly(getOption("allowByDefault"));

         AuthenticatedUser user = (AuthenticatedUser)msgContext.
                                          getProperty(MessageContext.AUTHUSER);

         if (user == null)
             throw new AxisFault("Server.NoUser",
                     Messages.getMessage("needUser00"), null, null);

         String userID = user.getName();
         Handler serviceHandler = msgContext.getService();

         if (serviceHandler == null)
             throw new AxisFault(Messages.getMessage("needService00"));

         String serviceName = serviceHandler.getName();

         String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
         if (allowedRoles == null) {
             if (allowByDefault) {
                 if (log.isDebugEnabled()) {
                     log.debug(Messages.getMessage( "noRoles00"));
                 }
             }
             else {
                 if (log.isDebugEnabled()) {
                     log.debug(Messages.getMessage( "noRoles01"));
                 }

                 throw new AxisFault( "Server.Unauthorized",
                     Messages.getMessage("notAuth00", userID, serviceName),
                     null, null );
             }

             if (log.isDebugEnabled()) {
                 log.debug("Exit: SimpleAuthorizationHandler::invoke");
             }
             return;
         }

         SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
         if (provider == null)
             throw new AxisFault(Messages.getMessage("noSecurity00"));

         StringTokenizer st = new StringTokenizer(allowedRoles, ",");
         while (st.hasMoreTokens()) {
             String thisRole = st.nextToken();
             if (provider.userMatches(user, thisRole)) {

                 if (log.isDebugEnabled()) {
                     log.debug(Messages.getMessage("auth01",
                         userID, serviceName));
                 }

                 if (log.isDebugEnabled()) {
                     log.debug("Exit: SimpleAuthorizationHandler::invoke");
                 }
                 return;
             }
         }

         throw new AxisFault( "Server.Unauthorized",
             Messages.getMessage("cantAuth02", userID, serviceName),
             null, null );
     }

     /**
      * Nothing to undo
      */
     public void onFault(MessageContext msgContext) {
         if (log.isDebugEnabled()) {
             log.debug("Enter: SimpleAuthorizationHandler::onFault");
             log.debug("Exit: SimpleAuthorizationHandler::onFault");
         }
     }
 };
	/*
	* Copyright 2001-2004 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.axis.handlers ;

	import org.apache.axis.AxisFault;
	import org.apache.axis.Handler;
	import org.apache.axis.MessageContext;
	import org.apache.axis.components.logger.LogFactory;
	import org.apache.axis.security.AuthenticatedUser;
	import org.apache.axis.security.SecurityProvider;
	import org.apache.axis.utils.JavaUtils;
	import org.apache.axis.utils.Messages;
	import org.apache.commons.logging.Log;

	import java.util.StringTokenizer;


	/**
	* Just a simple Authorization Handler to see if the user
	* specified in the Bag in the MessageContext is allowed to preform this
	* action.
	*
	* Look at the <code>allowedRoles</code> handler parameter to determine if
	* user has rights to access the service
	*
	* The <code>allowByDefault</code> handler parameter can be used to authorize
	* all users if the parameter is set to true and the <code>allowedRoles</code>
	* access control list is not specified.
	*
	* Replace this with your 'real' Authorization code.
	*
	* @author Doug Davis (dug@us.ibm.com)
	* @author Sam Ruby (rubys@us.ibm.com)
	*/
	public class SimpleAuthorizationHandler extends BasicHandler {
	protected static Log log =
	LogFactory.getLog(SimpleAuthorizationHandler.class.getName());

	/**
	* Authorize the user and targetService from the msgContext
	*/
	public void invoke(MessageContext msgContext) throws AxisFault {
	if (log.isDebugEnabled()) {
	log.debug("Enter: SimpleAuthorizationHandler::invoke");
	}

	boolean allowByDefault =
	JavaUtils.isTrueExplicitly(getOption("allowByDefault"));

	AuthenticatedUser user = (AuthenticatedUser)msgContext.
	getProperty(MessageContext.AUTHUSER);

	if (user == null)
	throw new AxisFault("Server.NoUser",
	Messages.getMessage("needUser00"), null, null);

	String userID = user.getName();
	Handler serviceHandler = msgContext.getService();

	if (serviceHandler == null)
	throw new AxisFault(Messages.getMessage("needService00"));

	String serviceName = serviceHandler.getName();

	String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
	if (allowedRoles == null) {
	if (allowByDefault) {
	if (log.isDebugEnabled()) {
	log.debug(Messages.getMessage( "noRoles00"));
	}
	}
	else {
	if (log.isDebugEnabled()) {
	log.debug(Messages.getMessage( "noRoles01"));
	}

	throw new AxisFault( "Server.Unauthorized",
	Messages.getMessage("notAuth00", userID, serviceName),
	null, null );
	}

	if (log.isDebugEnabled()) {
	log.debug("Exit: SimpleAuthorizationHandler::invoke");
	}
	return;
	}

	SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
	if (provider == null)
	throw new AxisFault(Messages.getMessage("noSecurity00"));

	StringTokenizer st = new StringTokenizer(allowedRoles, ",");
	while (st.hasMoreTokens()) {
	String thisRole = st.nextToken();
	if (provider.userMatches(user, thisRole)) {

	if (log.isDebugEnabled()) {
	log.debug(Messages.getMessage("auth01",
	userID, serviceName));
	}

	if (log.isDebugEnabled()) {
	log.debug("Exit: SimpleAuthorizationHandler::invoke");
	}
	return;
	}
	}

	throw new AxisFault( "Server.Unauthorized",
	Messages.getMessage("cantAuth02", userID, serviceName),
	null, null );
	}

	/**
	* Nothing to undo
	*/
	public void onFault(MessageContext msgContext) {
	if (log.isDebugEnabled()) {
	log.debug("Enter: SimpleAuthorizationHandler::onFault");
	log.debug("Exit: SimpleAuthorizationHandler::onFault");
	}
	}
	};