File Doc Category Size Date Package
ServletSecurityProvider.java API Doc Apache Axis 1.4 3156 Sat Apr 22 18:57:28 BST 2006 org.apache.axis.security.servlet

ServletSecurityProvider

java.lang.Object

public class ServletSecurityProvider extends Object implements org.apache.axis.security.SecurityProvider

A ServletSecurityProvider, combined with the ServletAuthenticatedUser class, allows the standard servlet security mechanisms (isUserInRole(), etc.) to integrate with Axis' access control mechanism. By utilizing this class (which the AxisServlet can be configured to do automatically), authentication and role information will come from your servlet engine.

author: Glen Daniels (gdaniels@apache.org)

Fields Summary
protected static Log
log
static HashMap
users
Constructors Summary
Methods Summary
public org.apache.axis.security.AuthenticatedUser authenticate(org.apache.axis.MessageContext msgContext)
Authenticate a user from a username/password pair.
param
username the user name to check
param
password the password to check
return
an AuthenticatedUser or null
HttpServletRequest req = (HttpServletRequest)msgContext.getProperty( HTTPConstants.MC_HTTP_SERVLETREQUEST); if (req == null) return null; log.debug(Messages.getMessage("got00", "HttpServletRequest")); Principal principal = req.getUserPrincipal(); if (principal == null) { log.debug(Messages.getMessage("noPrincipal00")); return null; } log.debug(Messages.getMessage("gotPrincipal00", principal.getName())); return new ServletAuthenticatedUser(req);
public boolean userMatches(org.apache.axis.security.AuthenticatedUser user, java.lang.String principal)
See if a user matches a principal name. The name might be a user or a group.
return
true if the user matches the passed name
if (user == null) return principal == null; if (user instanceof ServletAuthenticatedUser) { ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user; return servletUser.getRequest().isUserInRole(principal); } return false;