ServletSecurityProviderpublic class ServletSecurityProvider extends Object implements org.apache.axis.security.SecurityProviderA ServletSecurityProvider, combined with the ServletAuthenticatedUser
class, allows the standard servlet security mechanisms (isUserInRole(),
etc.) to integrate with Axis' access control mechanism.
By utilizing this class (which the AxisServlet can be configured to
do automatically), authentication and role information will come from
your servlet engine. |
Fields Summary |
---|
protected static Log | log | static HashMap | users |
Methods Summary |
---|
public org.apache.axis.security.AuthenticatedUser | authenticate(org.apache.axis.MessageContext msgContext)Authenticate a user from a username/password pair.
HttpServletRequest req = (HttpServletRequest)msgContext.getProperty(
HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (req == null)
return null;
log.debug(Messages.getMessage("got00", "HttpServletRequest"));
Principal principal = req.getUserPrincipal();
if (principal == null) {
log.debug(Messages.getMessage("noPrincipal00"));
return null;
}
log.debug(Messages.getMessage("gotPrincipal00", principal.getName()));
return new ServletAuthenticatedUser(req);
| public boolean | userMatches(org.apache.axis.security.AuthenticatedUser user, java.lang.String principal)See if a user matches a principal name. The name might be a user
or a group.
if (user == null) return principal == null;
if (user instanceof ServletAuthenticatedUser) {
ServletAuthenticatedUser servletUser = (ServletAuthenticatedUser)user;
return servletUser.getRequest().isUserInRole(principal);
}
return false;
|
|