FileDocCategorySizeDatePackage
SimpleAuthorizationHandler.javaAPI DocApache Axis 1.44761Sat Apr 22 18:57:28 BST 2006org.apache.axis.handlers

SimpleAuthorizationHandler.java

/*
 * Copyright 2001-2004 The Apache Software Foundation.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.axis.handlers ;

import org.apache.axis.AxisFault;
import org.apache.axis.Handler;
import org.apache.axis.MessageContext;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.security.AuthenticatedUser;
import org.apache.axis.security.SecurityProvider;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;

import java.util.StringTokenizer;


/**
 * Just a simple Authorization Handler to see if the user
 * specified in the Bag in the MessageContext is allowed to preform this
 * action.
 *
 * Look at the <code>allowedRoles</code> handler parameter to determine if
 * user has rights to access the service
 *
 * The <code>allowByDefault</code> handler parameter can be used to authorize
 * all users if the parameter is set to true and the <code>allowedRoles</code>
 * access control list is not specified.
 *
 * Replace this with your 'real' Authorization code.
 *
 * @author Doug Davis (dug@us.ibm.com)
 * @author Sam Ruby (rubys@us.ibm.com)
 */
public class SimpleAuthorizationHandler extends BasicHandler {
    protected static Log log =
        LogFactory.getLog(SimpleAuthorizationHandler.class.getName());

    /**
     * Authorize the user and targetService from the msgContext
     */
    public void invoke(MessageContext msgContext) throws AxisFault {
        if (log.isDebugEnabled()) {
            log.debug("Enter: SimpleAuthorizationHandler::invoke");
        }

        boolean allowByDefault =
            JavaUtils.isTrueExplicitly(getOption("allowByDefault"));

        AuthenticatedUser user = (AuthenticatedUser)msgContext.
                                         getProperty(MessageContext.AUTHUSER);

        if (user == null)
            throw new AxisFault("Server.NoUser",
                    Messages.getMessage("needUser00"), null, null);

        String userID = user.getName();
        Handler serviceHandler = msgContext.getService();

        if (serviceHandler == null)
            throw new AxisFault(Messages.getMessage("needService00"));

        String serviceName = serviceHandler.getName();

        String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
        if (allowedRoles == null) {
            if (allowByDefault) {
                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage( "noRoles00"));
                }
            }
            else {
                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage( "noRoles01"));
                }

                throw new AxisFault( "Server.Unauthorized",
                    Messages.getMessage("notAuth00", userID, serviceName),
                    null, null );
            }

            if (log.isDebugEnabled()) {
                log.debug("Exit: SimpleAuthorizationHandler::invoke");
            }
            return;
        }

        SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER);
        if (provider == null)
            throw new AxisFault(Messages.getMessage("noSecurity00"));

        StringTokenizer st = new StringTokenizer(allowedRoles, ",");
        while (st.hasMoreTokens()) {
            String thisRole = st.nextToken();
            if (provider.userMatches(user, thisRole)) {

                if (log.isDebugEnabled()) {
                    log.debug(Messages.getMessage("auth01",
                        userID, serviceName));
                }

                if (log.isDebugEnabled()) {
                    log.debug("Exit: SimpleAuthorizationHandler::invoke");
                }
                return;
            }
        }

        throw new AxisFault( "Server.Unauthorized",
            Messages.getMessage("cantAuth02", userID, serviceName),
            null, null );
    }

    /**
     * Nothing to undo
     */
    public void onFault(MessageContext msgContext) {
        if (log.isDebugEnabled()) {
            log.debug("Enter: SimpleAuthorizationHandler::onFault");
            log.debug("Exit: SimpleAuthorizationHandler::onFault");
        }
    }
};