FileDocCategorySizeDatePackage
ServletSecurityProvider.javaAPI DocApache Axis 1.43156Sat Apr 22 18:57:28 BST 2006org.apache.axis.security.servlet

ServletSecurityProvider

public class ServletSecurityProvider extends Object implements org.apache.axis.security.SecurityProvider
A ServletSecurityProvider, combined with the ServletAuthenticatedUser class, allows the standard servlet security mechanisms (isUserInRole(), etc.) to integrate with Axis' access control mechanism. By utilizing this class (which the AxisServlet can be configured to do automatically), authentication and role information will come from your servlet engine.
author
Glen Daniels (gdaniels@apache.org)

Fields Summary
protected static Log
log
static HashMap
users
Constructors Summary
Methods Summary
public org.apache.axis.security.AuthenticatedUserauthenticate(org.apache.axis.MessageContext msgContext)
Authenticate a user from a username/password pair.

param
username the user name to check
param
password the password to check
return
an AuthenticatedUser or null


                                  
        
        HttpServletRequest req = (HttpServletRequest)msgContext.getProperty(
                                      HTTPConstants.MC_HTTP_SERVLETREQUEST);

        if (req == null)
            return null;

        log.debug(Messages.getMessage("got00", "HttpServletRequest"));

        Principal principal = req.getUserPrincipal();
        if (principal == null) {
            log.debug(Messages.getMessage("noPrincipal00"));
            return null;
        }

        log.debug(Messages.getMessage("gotPrincipal00",  principal.getName()));

        return new ServletAuthenticatedUser(req);
    
public booleanuserMatches(org.apache.axis.security.AuthenticatedUser user, java.lang.String principal)
See if a user matches a principal name. The name might be a user or a group.

return
true if the user matches the passed name

        if (user == null) return principal == null;

        if (user instanceof ServletAuthenticatedUser) {
            ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user;
            return servletUser.getRequest().isUserInRole(principal);
        }

        return false;