FileDocCategorySizeDatePackage
SimpleAuthorizationHandler.javaAPI DocApache Axis 1.44761Sat Apr 22 18:57:28 BST 2006org.apache.axis.handlers

SimpleAuthorizationHandler

public class SimpleAuthorizationHandler extends BasicHandler
Just a simple Authorization Handler to see if the user specified in the Bag in the MessageContext is allowed to preform this action. Look at the allowedRoles handler parameter to determine if user has rights to access the service The allowByDefault handler parameter can be used to authorize all users if the parameter is set to true and the allowedRoles access control list is not specified. Replace this with your 'real' Authorization code.
author
Doug Davis (dug@us.ibm.com)
author
Sam Ruby (rubys@us.ibm.com)

Fields Summary
protected static Log
log
Constructors Summary
Methods Summary
public voidinvoke(org.apache.axis.MessageContext msgContext)
Authorize the user and targetService from the msgContext


                 
          
        if (log.isDebugEnabled()) {
            log.debug("Enter: SimpleAuthorizationHandler::invoke");
        }

        boolean allowByDefault =
            JavaUtils.isTrueExplicitly(getOption("allowByDefault"));

        AuthenticatedUser user = (AuthenticatedUser)msgContext.
                                         getProperty(MessageContext.AUTHUSER);

        if (user == null)
            throw new AxisFault("Server.NoUser",
                    Messages.getMessage("needUser00"), null, null);

        String userID = user.getName();
        Handler serviceHandler = msgContext.getService();

        if (serviceHandler == null)
            throw new AxisFault(Messages.getMessage("needService00"));

        String serviceName = serviceHandler.getName();

        String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
        if (allowedRoles == null) {
            if (allowByDefault) {
                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage( "noRoles00"));
                }
            }
            else {
                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage( "noRoles01"));
                }

                throw new AxisFault( "Server.Unauthorized",
                    Messages.getMessage("notAuth00", userID, serviceName),
                    null, null );
            }

            if (log.isDebugEnabled()) {
                log.debug("Exit: SimpleAuthorizationHandler::invoke");
            }
            return;
        }

        SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
        if (provider == null)
            throw new AxisFault(Messages.getMessage("noSecurity00"));

        StringTokenizer st = new StringTokenizer(allowedRoles, ",");
        while (st.hasMoreTokens()) {
            String thisRole = st.nextToken();
            if (provider.userMatches(user, thisRole)) {

                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage("auth01",
                        userID, serviceName));
                }

                if (log.isDebugEnabled()) {
                    log.debug("Exit: SimpleAuthorizationHandler::invoke");
                }
                return;
            }
        }

        throw new AxisFault( "Server.Unauthorized",
            Messages.getMessage("cantAuth02", userID, serviceName),
            null, null );
    
public voidonFault(org.apache.axis.MessageContext msgContext)
Nothing to undo

        if (log.isDebugEnabled()) {
            log.debug("Enter: SimpleAuthorizationHandler::onFault");
            log.debug("Exit: SimpleAuthorizationHandler::onFault");
        }