Author: mmerz Date: Thu Dec 2 15:18:05 2004 New Revision: 109585 URL: http://svn.apache.org/viewcvs?view=rev&rev=109585 Log: First shot at implementation for @SecurityRole and @SecurityIdentity. Needs some polishing, is currently disabled by default.
Contributor: Wolfgang Added: incubator/beehive/trunk/wsm/external/commons-codec-1.3.jar (contents, props changed) incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AuthenticationHandler.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/Role.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/SecurityModel.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/User.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/UserList.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/AxisSecurityModel.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/BeehiveMemorySecurityModel.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryRoleImpl.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserImpl.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserListImpl.java incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/ServletSecurityModel.java incubator/beehive/trunk/wsm/src/runtime/schema/ incubator/beehive/trunk/wsm/src/runtime/schema/beehive-role.xsd Modified: incubator/beehive/trunk/wsm/build.xml incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java Modified: incubator/beehive/trunk/wsm/build.xml Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/build.xml?view=diff&rev=109585&p1=incubator/beehive/trunk/wsm/build.xml&r1=109584&p2=incubator/beehive/trunk/wsm/build.xml&r2=109585 ============================================================================== --- incubator/beehive/trunk/wsm/build.xml (original) +++ incubator/beehive/trunk/wsm/build.xml Thu Dec 2 15:18:05 2004 @@ -22,19 +22,23 @@ <condition property="isJDKOver5"> <equals arg1="${ant.java.version}" arg2="1.5"/> </condition> - <property name="build.dir" value="build"/> - <property name="classes.dir" value="${build.dir}/classes"/> - <property name="jars.dir" value="${build.dir}/jars"/> - <property name="docs.dir" value="${build.dir}/docs"/> + <property name="build.dir" value="build" /> + <property name="classes.dir" value="${build.dir}/classes" /> + <property name="jars.dir" value="${build.dir}/jars" /> + <property name="docs.dir" value="${build.dir}/docs" /> <property name="template.dir" value="src/webapp-template/default" /> - <property name="api.dir" value="src/api"/> - <property name="api.classes" value="${classes.dir}/api"/> - <property name="runtime.dir" value="src/runtime"/> - <property name="runtime.classes" value="${classes.dir}/runtime"/> - <property name="lib.dir" value="lib"/> - <property name="ext.lib.dir" value="external"/> - <property name="wsm.jar" value="${jars.dir}/wsm.jar"/> - <property name="wsm-axis.jar" value="${jars.dir}/wsm-axis.jar"/> + <property name="api.dir" value="src/api" /> + <property name="api.classes" value="${classes.dir}/api" /> + <property name="runtime.dir" value="src/runtime" /> + <property name="runtime.classes" value="${classes.dir}/runtime" /> + <property name="lib.dir" value="lib" /> + <property name="ext.lib.dir" value="external" /> + <property name="wsm.jar" value="${jars.dir}/wsm.jar" /> + <property name="wsm-axis.jar" value="${jars.dir}/wsm-axis.jar" /> + <property name="xsd.schema.dir" value="src/runtime/schema" /> + <property name="xsd.classes.dir" value="${build.dir}/xsd-classes" /> + <property name="xsd.includes" value="*.xsd" /> + <path id="runtime.classpath"> <pathelement location="${ant.jar}"/> <pathelement location="${tools.jar}"/> @@ -52,6 +56,7 @@ <include name="jaxrpc.jar"/> <include name="commons-logging.jar"/> <include name="commons-discovery.jar"/> + <include name="commons-codec-1.3.jar"/> <include name="axis-ant.jar"/> <include name="axis.jar"/> </fileset> @@ -61,6 +66,7 @@ <pathelement location="${os.JAVA_HOME}/lib/tools.jar"/> <path refid="runtime.classpath"/> <pathelement location="${runtime.classes}"/> + <pathelement location="${xsd.classes.dir}"/> </path> <!-- ==================================================================== --> <!-- usage - output usage --> @@ -108,6 +114,7 @@ <target name="dirs"> <mkdir dir="${api.classes}"/> <mkdir dir="${runtime.classes}"/> + <mkdir dir="${xsd.classes.dir}"/> <mkdir dir="${jars.dir}"/> <mkdir dir="${docs.dir}"/> </target> @@ -137,7 +144,7 @@ <exclude name="**/axis/**"/> </javac> </target> - <target name="axis" depends="runtime" if="isJDKOver5"> + <target name="axis" depends="xsd,runtime" if="isJDKOver5"> <!-- makes sure controls.jar has been built --> <ant dir="${beehive.dir}/controls" target="build"/> <!-- Build the axis classes --> @@ -148,6 +155,24 @@ </javac> </target> <!-- ==================================================================== --> + <!-- Generate classes from xml schemas using XMLBeans. --> + <!-- ==================================================================== --> + <target name="xsd" if="isJDKOver5" description="Compile a set of XSDs using the XMLBean Ant task"> + <fileset id="xbean.sources" dir="${xsd.schema.dir}" includes="${xsd.includes}"/> + <!-- checks whether classes have already been generated. --> + <uptodate property="xbean.uptodate" targetfile="${xsd.classes.dir}/schema"> + <srcfiles refid="xbean.sources"/> + </uptodate> + <antcall target="xsd.generate"/> + </target> + <target name="xsd.generate" unless="xbean.uptodate"> + <echo message="generate"/> + <taskdef name="xmlbeanbuild" classname="org.apache.xmlbeans.impl.tool.XMLBean" + classpath="${xbean.jar};${jsr173.jar}"/> + <xmlbeanbuild classpath="${xbean.jar};${jsr173.jar}" schema="${xsd.schema.dir}" + classgendir="${xsd.classes.dir}" failonerror="true"/> + </target> + <!-- ==================================================================== --> <!-- Jars up the classes, libraries, and resources. --> <!-- ==================================================================== --> <target name="build" depends="classes" if="isJDKOver5"> @@ -171,6 +196,10 @@ <jar jarfile="${wsm-axis.jar}"> <fileset dir="${runtime.classes}"> <include name="**/axis/**"/> + </fileset> + <fileset dir="${xsd.classes.dir}"> + <include name="**/axis/**"/> + <include name="**/schema/**"/> </fileset> </jar> <echo message="--------------------------------------------------"/> Added: incubator/beehive/trunk/wsm/external/commons-codec-1.3.jar Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/external/commons-codec-1.3.jar?view=auto&rev=109585 ============================================================================== Binary file. No diff available. Modified: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java?view=diff&rev=109585&p1=incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java&r1=109584&p2=incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java&r2=109585 ============================================================================== --- incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java (original) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AnnotatedWebServiceDeploymentHandler.java Thu Dec 2 15:18:05 2004 @@ -51,23 +51,25 @@ * @author Sam Ruby ([EMAIL PROTECTED]) * todo: fix directory structure/classloaders for output files */ -public class AnnotatedWebServiceDeploymentHandler extends BasicHandler { +public class AnnotatedWebServiceDeploymentHandler extends BasicHandler +{ protected static Log log = - LogFactory.getLog(AnnotatedWebServiceDeploymentHandler.class.getName()); + LogFactory.getLog(AnnotatedWebServiceDeploymentHandler.class.getName()); - protected Map<String, SOAPService> soapServices = new HashMap<String, - SOAPService>(); + protected Map<String, SOAPService> soapServices = + new HashMap<String, SOAPService>(); /** * @param mc * @throws AxisFault */ - public void invoke(MessageContext mc) - throws AxisFault { - try { - SOAPService ss = - createSOAPServiceFromAnnotatedClass(findWebServiceClass(mc)); - if (null != ss) { + public void invoke(MessageContext mc) throws AxisFault + { + try + { + SOAPService ss = getSOAPService(findWebServiceClass(mc)); + if (null != ss) + { ss.setEngine(mc.getAxisEngine()); mc.setService(ss); /* @@ -75,14 +77,17 @@ * types were still being sent even with literal Use. Forcing it * to not send the types unless encoded. */ - mc.setProperty(Call.SEND_TYPE_ATTR, - new Boolean(Use.ENCODED - .equals(ss.getUse()))); + mc.setProperty( + Call.SEND_TYPE_ATTR, + new Boolean(Use.ENCODED.equals(ss.getUse())) + ); // blow away the real path to bypass the regular JWSHandler mc.removeProperty(Constants.MC_REALPATH); } - } catch (Exception e) { + } + catch (Exception e) + { throw AxisFault.makeFault(e); } } @@ -91,8 +96,8 @@ * @param mc * @throws AxisFault */ - public void generateWSDL(MessageContext mc) - throws AxisFault { + public void generateWSDL(MessageContext mc) throws AxisFault + { invoke(mc); } @@ -101,15 +106,15 @@ * @return SOAPService * @throws Exception */ - protected SOAPService createSOAPServiceFromAnnotatedClass(Class clazz) - throws Exception { + protected SOAPService getSOAPService(Class clazz) throws Exception + { SOAPService rpc = null; if (null != clazz) { rpc = soapServices.get(clazz.getName()); if (null == rpc) { Jsr181TypeMetadata wsm = - (Jsr181TypeMetadata) WsmReflectionAnnotationProcessor.getInstance().getObjectModel(clazz); - rpc = createSOAPServiceUsingAnnotations(wsm, clazz); + (Jsr181TypeMetadata) WsmReflectionAnnotationProcessor.getInstance().getObjectModel(clazz); + rpc = createSOAPService(wsm, clazz); } } return rpc; @@ -121,8 +126,8 @@ * @return * @throws Exception */ - protected SOAPService createSOAPServiceUsingAnnotations(Jsr181TypeMetadata wsm, Class cls) - throws Exception { + protected SOAPService createSOAPService(Jsr181TypeMetadata wsm, Class cls) throws Exception + { SOAPService rpc = null; if (null != wsm) { HandlerHandler hh = new HandlerHandler(wsm); @@ -178,31 +183,41 @@ * @return * @throws Exception */ - protected Class findWebServiceClass(MessageContext mc) - throws Exception { - if (null != mc) { + protected Class findWebServiceClass(MessageContext mc) throws Exception + { + Class result = null; + if (null != mc) + { String relPath = mc.getStrProp(Constants.MC_RELATIVE_PATH); - if (null != relPath) { + if (null != relPath) + { // check to see if this is annotated class // clean up the relative path to use as the class destination // dir - if ('/' == relPath.charAt(0)) { + if ('/' == relPath.charAt(0)) + { relPath = relPath.substring(1); } int indexOfDot = relPath.indexOf("."); if (-1 != indexOfDot) relPath = relPath.substring(0, indexOfDot); String clsName = relPath.replaceAll("/", "."); - log.info("looking for webserivce in class: " + clsName); - try { - Class result = getClass().getClassLoader().loadClass(clsName); - return result; - } catch (ClassNotFoundException e) { - log.info("class: " + clsName + " was not found by the AnnotatedWebServiceDeploymentHandler continue to the next handler. "); - return null; + try + { + if (log.isDebugEnabled()) + { + log.debug("looking for webserivce in class: " + clsName); + } + result = getClass().getClassLoader().loadClass(clsName); + } + catch (ClassNotFoundException e) + { + if (log.isDebugEnabled()) + { + log.debug("class: " + clsName + " not found by AnnotatedWebServiceDeploymentHandler continue to the next handler. "); + } } } } - return null; + return result; } - -} +} \ No newline at end of file Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AuthenticationHandler.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AuthenticationHandler.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/AuthenticationHandler.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,379 @@ +package org.apache.beehive.wsm.axis.handlers; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import org.apache.beehive.wsm.jsr181.model.Jsr181TypeMetadata; +import org.apache.beehive.wsm.jsr181.model.Jsr181MethodMetadata; +import org.apache.beehive.wsm.jsr181.model.Jsr181ParameterMetadata; +import org.apache.beehive.wsm.jsr181.model.SecurityRolesInfo; +import org.apache.beehive.wsm.jsr181.processor.reflection.WsmReflectionAnnotationProcessor; + +import org.apache.beehive.wsm.axis.security.SecurityModel; + +import org.apache.axis.AxisFault; +import org.apache.axis.AxisProperties; +import org.apache.axis.Constants; +import org.apache.axis.MessageContext; +import org.apache.axis.components.logger.LogFactory; +import org.apache.axis.description.ServiceDesc; +import org.apache.axis.description.OperationDesc; +import org.apache.axis.description.ParameterDesc; +import org.apache.axis.handlers.BasicHandler; +import org.apache.axis.security.SecurityProvider; +import org.apache.axis.security.AuthenticatedUser; +import org.apache.axis.security.simple.SimpleSecurityProvider; + +import org.apache.axis.handlers.soap.SOAPService; + +import org.apache.axis.Message; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.lang.reflect.Method; + +import javax.xml.soap.Name; +import javax.xml.soap.SOAPBody; +import javax.xml.soap.SOAPElement; +import javax.xml.soap.SOAPEnvelope; +import javax.xml.soap.SOAPException; + +import org.apache.commons.logging.Log; + + +/******************************************************************************* + * + * + */ +public class AuthenticationHandler extends BasicHandler { + + protected static Log log = + LogFactory.getLog(AuthenticationHandler.class.getName()); + + /* cache Jsr181MethodMetadata objects associated with a Method object */ + private static Map<Method, Jsr181MethodMetadata> methodCache = + new Hashtable<Method, Jsr181MethodMetadata>(); + + private SecurityModel securityModelImpl = null; + + public void invoke(MessageContext msgContext) throws AxisFault + { + if (log.isDebugEnabled()) { + log.debug("Enter: AuthenticationHandler::invoke"); + } + + ServiceDesc serviceDesc = msgContext.getService().getServiceDescription(); + String serviceName = serviceDesc.getName(); + OperationDesc operationDesc = null; + + // get a class object of the requested class. + Class clazz = loadCalledClass(msgContext); + if (null == clazz) + { + return; // the requested class was not found, so return. Axis will handle this. + } + + // get a object model of the requested class. + Jsr181TypeMetadata wsm = + (Jsr181TypeMetadata) WsmReflectionAnnotationProcessor.getInstance().getObjectModel(clazz); + if (null == wsm) + { + return; // the request class is not annotated with @WebService. Thus, simply return. + } + + try + { + operationDesc = getOperationDesc(msgContext); + } + catch (Exception e) + { + //todo: proper error handling + e.printStackTrace(); + throw new AxisFault(e.getMessage(),e); + } + + // FIXME: + // Gotta throw an exception if operationDesc is null. + // Otherwise, one can invoke all methods without authentication. + if (null == operationDesc) + { + return; + } + + if (log.isDebugEnabled()) + { + log.debug("WsmAuthenticationHandler::invoke ( [ServiceName] : " + + wsm.getWsName() + " [Method] " + operationDesc.getName() + ")"); + } + + initialize(msgContext); + + Jsr181MethodMetadata calledMethodMetadata = getCalledMethodMetadata(operationDesc, wsm); + + if (null == calledMethodMetadata) + { + // the called method's metadata is NOT found !! weird... + // ( the client trys to invoke a method which is not published ? ) + // Gotta throw an exception but just simply return for now. + return; + } + + Collection<String> rolesAllowed = new ArrayList<String>(); + + // mix those roles up and check them is better for performance. + SecurityRolesInfo securityRolesInfo = calledMethodMetadata.getSecurityRoles(); + if (null != securityRolesInfo) + { + rolesAllowed.addAll(securityRolesInfo.getRolesAllowed()); + } + + securityRolesInfo = wsm.getSecurityRoles(); + if (null != securityRolesInfo) + { + rolesAllowed.addAll(securityRolesInfo.getRolesAllowed()); + } + + if (0 == rolesAllowed.size()) + { + // Both the method and the class requested by client is not annotated + // with @SecurityRoles.rolesAllowed. + log.debug("NO SECURITY ROLE RESTRICTION ! -> OK"); + return; + } + + if (log.isDebugEnabled()) { + log.debug("Required roles to access the resource."); + for ( String role : rolesAllowed ) + { + log.debug("ROLE : " + role); + } + } + + boolean result = securityModelImpl.isUserInRole(msgContext, rolesAllowed); + + if (result) + { + if (log.isDebugEnabled()) + { + log.debug("AUTH SUCCEEDED ! -> OK"); + } + } + else + { + if (log.isDebugEnabled()) + { + log.debug("AUTH FAILED ! -> NG"); + } + throw new AxisFault("Server.Unauthenticated", "Authorization failed", null, null); + } + + if (log.isDebugEnabled()) { + log.debug("Exit: WsmAuthenticationHandler::invoke"); + } + } + + /** + * sets up this class. (actually, sets up a securityModel class) + * + * ( this method is not synchronized, but not critical even though called more than once. + * + * Why not use the init() method ? + * That's because ... + * Some of securityModel classes have to know the path of WEB-INF in which a config + * file decribing username/password/role resides. + * The path of WEB-INF can be obtained from only MessageContext class which is not + * available in the init() method but each client's request. + * + * ) + */ + private void initialize (MessageContext msgContext) + { + if (null != securityModelImpl) + { + return; + } + + synchronized (this) + { + if (null == securityModelImpl) + { + String securityModel = (String) getOption("securityModel"); + if (log.isDebugEnabled()) + { + log.debug("WsmAuthenticationHandler::init securityMode ["+ securityModel +"]"); + } + + try + { + securityModelImpl = (SecurityModel) Class.forName(securityModel).newInstance(); + securityModelImpl.init(msgContext); + } + catch (NullPointerException e) + { + log.error("The securityModel class is not specified: " + e.getMessage(), e); + } + catch (ClassNotFoundException e) + { + log.error("The securityModel ["+ securityModel +"] class specified was not found: " + e.getMessage(), e); + } + catch (InstantiationException e) + { + log.error(e.getMessage(), e); + } + catch (IllegalAccessException e) + { + log.error(e.getMessage(), e); + } + + } + } + + } + + /** + * returns an OperationDesc object. + * + */ + private OperationDesc getOperationDesc(MessageContext msgContext) throws AxisFault, SOAPException { + + // The getOperation method works only in a service. + OperationDesc operationDesc = msgContext.getOperation(); + + if ( operationDesc != null ) return operationDesc; + + // The sequences below are workarounds in case this handler used in a handler + // because the MessageContext#getOperation method doesn't work in a handler. + + Message m = msgContext.getRequestMessage(); + SOAPEnvelope env = m.getSOAPEnvelope(); + SOAPBody body = env.getBody(); + Iterator iter = body.getChildElements(); + if( iter.hasNext() ) + { + SOAPElement el = (SOAPElement) iter.next(); + Name opQName = el.getElementName(); + String opName = opQName.getLocalName(); + SOAPService soapService = msgContext.getService(); + if ( soapService != null ) + { + ServiceDesc service = soapService.getServiceDescription(); + if( service != null ) + { + ArrayList operations = service.getOperations(); + for( int i = 0; i < operations.size(); i++ ) + { + OperationDesc op = (OperationDesc)operations.get(i); + if( op.getName().equals( opName)) return op; + } + } + + } + } + + return null; + } + + /** + * loads a class called by client. + * + */ + private Class loadCalledClass(MessageContext msgContext) throws AxisFault + { + ServiceDesc serviceDesc = msgContext.getService().getServiceDescription(); + String className = (String) msgContext.getService().getOption("className"); + String serviceName = serviceDesc.getName(); + ClassLoader classLoader = null; + Class clazz = null; + + try + { + classLoader = msgContext.getClassLoader(); + clazz = classLoader.loadClass( className ); + } + catch( ClassNotFoundException cnfe ) + { + // ignore this exception. + // let Axis handle this exception. + log.debug("ClassNotFoundException ["+ serviceName +"]: " + cnfe.getMessage()); + } + catch( Exception e) + { + throw new AxisFault(e.getMessage(),e); + } + + return clazz; + } + + /** + * return a Jsr181MethodMetadata object which is associated with a web service method invoked by a client. + */ + private Jsr181MethodMetadata getCalledMethodMetadata ( OperationDesc operationDesc, Jsr181TypeMetadata wsm ) + { + Method method = operationDesc.getMethod(); + + Jsr181MethodMetadata cachedMethod = methodCache.get(method); + if ( cachedMethod != null ) return cachedMethod; // method found. Thus, return it. + + String calledMethod = operationDesc.getName(); + Class[] parameterTypes = method.getParameterTypes(); + + Collection<Jsr181MethodMetadata> methods = wsm.getMethods(); + for( Jsr181MethodMetadata methodMetadata : methods ) + { + if( methodMetadata.getWmOperationName().equals( calledMethod ) ) + { + List<Jsr181ParameterMetadata> params = methodMetadata.getParams(); + + if( parameterTypes.length != params.size() ) + { + // doesn't match the number of parameters. Thus, skip. + continue; + } + + boolean isSame = true; + // check each parameters's type. + for( int i = 0 ; i < parameterTypes.length ; i++ ) + { + if ( parameterTypes[i] != params.get(i).getJavaType() ) + { + // doesn't match. Set false to isSame and break. + isSame = false; + break; + } + } + + if ( isSame ) + { + methodCache.put(method,methodMetadata); + return methodMetadata; + } + } + } + + return null; + } + +} + + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/Role.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/Role.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/Role.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,32 @@ +package org.apache.beehive.wsm.axis.security; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + + +public interface Role { + + public String getName(); + + public void setName( String name ); + +} + + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/SecurityModel.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/SecurityModel.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/SecurityModel.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,35 @@ +package org.apache.beehive.wsm.axis.security; + +/* + * Copyright 2002,2004 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import java.util.Collection; +import org.apache.axis.MessageContext; + +public interface SecurityModel +{ + + public static final String BEEHIVE_AUTHUSER= "BEEHIVE_AUTHUSER"; + + public void init ( MessageContext msgContext ); + + public boolean isUserInRole ( MessageContext msgContext, Collection<String> rolesAllowed ); + +} + + + + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/User.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/User.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/User.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,48 @@ +package org.apache.beehive.wsm.axis.security; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; + +public interface User { + + public void setName ( String name ); + + public String getName (); + + public void setPassword ( String password ); + + public String getPassword (); + + public void setMd5 ( boolean isMd5 ); + + public boolean isMd5 (); + + public boolean authenticate ( String password); + + public void addRole( Role role ); + + public Role getRole ( String role ); + + public Collection<Role> getRoles (); + +} + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/UserList.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/UserList.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/UserList.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,41 @@ +package org.apache.beehive.wsm.axis.security; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; + +public interface UserList { + + public void addUser ( User user ); + + public User getUser ( String name ); + + public Collection<User> getUsers (); + + + public void addRole ( Role role ); + + public Role getRole ( String role ); + + public Collection<Role> getRoles (); + +} + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/AxisSecurityModel.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/AxisSecurityModel.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/AxisSecurityModel.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,112 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; + + +import org.apache.beehive.wsm.axis.security.SecurityModel ; + +import org.apache.axis.MessageContext; +import org.apache.axis.components.logger.LogFactory; +import org.apache.axis.security.AuthenticatedUser; +import org.apache.axis.security.SecurityProvider; +import org.apache.axis.security.simple.SimpleSecurityProvider; +import org.apache.axis.security.servlet.ServletSecurityProvider; +import org.apache.commons.logging.Log; + +public class AxisSecurityModel implements SecurityModel { + + protected static Log log = + LogFactory.getLog(AxisSecurityModel.class.getName()); + + public void init ( MessageContext msgContext ) + { + // do nothing + } + + /** + * mostly copied from org/apache/axis/handlers/SimpleAuthenticationHandler.java + */ + public boolean isUserInRole ( MessageContext msgContext, Collection<String> rolesAllowed ){ + + if (log.isDebugEnabled()) { + log.debug("Enter: AxisSecurityModel::isUserInRole"); + } + + SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER); + if ( provider instanceof ServletSecurityProvider ) + { + // SecurityProvider must not be an instance of ServletSecurityProvider for AxisSecurityModel. + // Thus, provides SimpleSecurityProvider forcelly. + provider = new SimpleSecurityProvider(); + } + + if (provider != null) { + String userID = msgContext.getUsername(); + if (log.isDebugEnabled()) { + log.debug("user : " + userID ); + } + + // in order to authenticate, the user must exist + if ( userID == null || userID.equals("") ) + { + log.debug("userID is null"); + return false; + } + + String passwd = msgContext.getPassword(); + if (log.isDebugEnabled()) { + log.debug("password : " + passwd ); + } + + AuthenticatedUser authUser = provider.authenticate(msgContext); + + // if a password is defined, then it must match + if ( authUser == null) { + log.debug("authuser is null"); + return false; + } + + for ( String role : rolesAllowed ) + { + if (provider.userMatches( authUser, role ) ) + { + // BINGO !! + + if (log.isDebugEnabled()) { + log.debug( "auth : " + userID + " is in role [" + role + "]"); + } + msgContext.setProperty(SecurityModel.BEEHIVE_AUTHUSER, authUser); + return true; + } + } + } + + if (log.isDebugEnabled()) { + log.debug("Exit: AxisSecurityModel::isUserInRole"); + } + + return false; + } + + +} Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/BeehiveMemorySecurityModel.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/BeehiveMemorySecurityModel.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/BeehiveMemorySecurityModel.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,215 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; +import java.util.Iterator; +import java.io.File; + +import org.apache.beehive.wsm.axis.security.User; +import org.apache.beehive.wsm.axis.security.UserList; +import org.apache.beehive.wsm.axis.security.Role; + +import org.apache.beehive.wsm.axis.security.xmlbeans.BeehiveRoleDocument; +import org.apache.beehive.wsm.axis.security.xmlbeans.BeehiveRoleDocument.BeehiveRole; +import org.apache.beehive.wsm.axis.security.SecurityModel; + +import org.apache.axis.Constants; +import org.apache.axis.MessageContext; +import org.apache.axis.components.logger.LogFactory; +import org.apache.axis.security.AuthenticatedUser; +import org.apache.axis.security.SecurityProvider; +import org.apache.axis.security.simple.SimpleSecurityProvider; +import org.apache.commons.logging.Log; + +public class BeehiveMemorySecurityModel implements SecurityModel { + + protected static Log log = + LogFactory.getLog(BeehiveMemorySecurityModel.class.getName()); + + private static final String BEEHIVE_ROLE_FILE = "beehive-role.xml"; + + // a user list is per web application. Thus, it's fine to be a class variable. + private static UserList userList = null; + + public void init ( MessageContext msgContext ) + { + + if (log.isDebugEnabled()) { + log.debug("Enter: BeehiveMemorySecurityModel::init"); + } + + if ( userList != null ) + { + // userList has already been instantiated. + return; + } + + synchronized ( BeehiveMemorySecurityModel.class ) + { + + if ( userList == null ) + { + + String configPath = msgContext.getStrProp(Constants.MC_CONFIGPATH); + if ( configPath == null ) + { + configPath = ""; + } + else + { + configPath += File.separator; + } + + if (log.isDebugEnabled()) { + log.debug("BEEHIVE_ROLE_FILE : " + configPath + BEEHIVE_ROLE_FILE ); + } + + BeehiveRole beehiveRole = null; + + try{ + BeehiveRoleDocument brd = BeehiveRoleDocument.Factory.parse( new File ( configPath + BEEHIVE_ROLE_FILE ) ); + beehiveRole = brd.getBeehiveRole(); + }catch(Exception e){ + log.error("BeehiveRoleDocument couldn't parse the file ("+ configPath + BEEHIVE_ROLE_FILE +") : " + e.getMessage(), e); + return; + } + + // for temporary + UserList userList_ = new MemoryUserListImpl(); + + for ( org.apache.beehive.wsm.axis.security.xmlbeans.Role role : beehiveRole.getRoleArray() ) + { + MemoryRoleImpl memoryRole = new MemoryRoleImpl(); + memoryRole.setName ( role.getName() ); + + userList_.addRole( memoryRole ); + } + + for( org.apache.beehive.wsm.axis.security.xmlbeans.User user : beehiveRole.getUserArray() ) + { + MemoryUserImpl memoryUser = new MemoryUserImpl(); + memoryUser.setName ( user.getName() ); + memoryUser.setPassword ( user.getPassword() ); + memoryUser.setMd5 ( user.getMd5() ); + + for ( org.apache.beehive.wsm.axis.security.xmlbeans.Role role : beehiveRole.getRoleArray() ) + { + for ( String userName : role.getUserArray() ) + { + if ( userName.equals( user.getName() ) ) { + Role memoryRole = userList_.getRole( role.getName() ); + if ( memoryRole != null ) + { + if (log.isDebugEnabled()) { + log.debug("USER : " + memoryUser.getName() + " in ROLE : " + memoryRole.getName() ); + } + memoryUser.addRole( memoryRole ); + } + } + } + } + userList_.addUser ( memoryUser ); + } + + // finally set the temporary userList_ to the class variable. + userList = userList_; + } + + } // synchronized + + if (log.isDebugEnabled()) { + log.debug("Exit : BeehiveMemorySecurityModel::init"); + } + } + + public boolean isUserInRole ( MessageContext msgContext, Collection<String> rolesAllowed ){ + + if (log.isDebugEnabled()) { + log.debug("Enter: BeehiveMemorySecurityModel::isUserInRole"); + } + + String username = msgContext.getUsername(); + + if (log.isDebugEnabled()) { + log.debug("username from client : " + username); + } + + if ( username == null ){ + return false; // user didn't specify username. + } + + if (log.isDebugEnabled()) { + log.debug("username from client : " + username); + } + + User user = userList.getUser ( username ); + + + if ( user == null ) { + if (log.isDebugEnabled()) { + log.debug("user returned from userList is null"); + } + return false; // user doesn't exist. + } + + if ( ! user.authenticate( msgContext.getPassword() ) ) + { + if (log.isDebugEnabled()) { + log.debug("authenticate failed"); + } + return false; // password doesn't match. + } + + if (log.isDebugEnabled()) { + log.debug("authenticate passed (" + username + ")"); + } + + for ( Role role : user.getRoles() ) + { + + if (log.isDebugEnabled()) { + log.debug("user [" + user.getName() + "] role ["+ role.getName() +"]"); + } + + for ( String roleAllowed : rolesAllowed ) + { + if ( role.getName().equals( roleAllowed ) ) + { + if (log.isDebugEnabled()) { + log.debug( "auth : " + user.getName()+ " is in role [" + roleAllowed + "]"); + } + msgContext.setProperty(SecurityModel.BEEHIVE_AUTHUSER, user); + return true; + } + } + + } + + if (log.isDebugEnabled()) { + log.debug("Exit: BeehiveMemorySecurityModel::isUserInRole"); + } + + return false; + } + + +} Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryRoleImpl.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryRoleImpl.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryRoleImpl.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,45 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import org.apache.beehive.wsm.axis.security.Role; + +public class MemoryRoleImpl implements Role { + + private String name; + + public MemoryRoleImpl () + { + } + + public String getName() + { + return name; + } + + public void setName( String name ) + { + this.name = name; + } + +} + + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserImpl.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserImpl.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserImpl.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,119 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; +import java.util.Hashtable; +import java.util.Map; + +import org.apache.commons.codec.digest.DigestUtils; + +import org.apache.beehive.wsm.axis.security.User; +import org.apache.beehive.wsm.axis.security.UserList; +import org.apache.beehive.wsm.axis.security.Role; + + +public class MemoryUserImpl implements User { + + private String name; + private String password; + private boolean md5; + + private Map<String,Role> roles; + + public MemoryUserImpl () + { + roles = new Hashtable<String,Role>(); + } + + public void setName ( String name ) + { + this.name = name; + } + + public String getName () + { + return name; + } + + public void setPassword ( String password ) + { + this.password = password; + } + + public String getPassword () + { + return password; + } + + public void setMd5 ( boolean isMd5 ) + { + this.md5 = isMd5; + } + + public boolean isMd5 () + { + return md5; + } + + public boolean authenticate ( String password ) + { + try{ + if ( ( this.password == null ) && ( password == null ) ){ + // if both null, returns true; Probably a user intentionally set null for both. + return true; + } + + if ( isMd5() ) + { + // todo: implement in case md5 is used. + if ( this.password.equals( DigestUtils.md5Hex(password)) ) + return true; + } + else + { + if ( this.password.equals( password ) ) + return true; + } + }catch(NullPointerException npe){ + return false; + } + + return false; + + } + + public void addRole( Role role ) + { + roles.put(role.getName(), role); + } + + public Role getRole ( String role ) + { + return roles.get(role); + } + + public Collection<Role> getRoles () + { + return roles.values(); + } + +} Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserListImpl.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserListImpl.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/MemoryUserListImpl.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,74 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; +import java.util.Hashtable; +import java.util.Map; + +import org.apache.beehive.wsm.axis.security.User; +import org.apache.beehive.wsm.axis.security.UserList; +import org.apache.beehive.wsm.axis.security.Role; + +public class MemoryUserListImpl implements UserList { + + private Map<String,User> users; + private Map<String,Role> roles; + + public MemoryUserListImpl() + { + users = new Hashtable<String,User>(); + roles = new Hashtable<String,Role>(); + } + + public void addUser ( User user ) + { + users.put(user.getName(), user); + } + + public User getUser ( String name ) + { + return users.get( name ); + } + + public Collection<User> getUsers () + { + return users.values(); + } + + + public void addRole ( Role role ) + { + roles.put(role.getName(), role); + } + + public Role getRole ( String role ) + { + return roles.get( role ); + } + + public Collection<Role> getRoles () + { + return roles.values(); + } + +} + Added: incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/ServletSecurityModel.java Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/ServletSecurityModel.java?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/org/apache/beehive/wsm/axis/security/model/ServletSecurityModel.java Thu Dec 2 15:18:05 2004 @@ -0,0 +1,108 @@ +package org.apache.beehive.wsm.axis.security.model; + +/* + * DropInDeploymentHandler.java + * + * Copyright 2001-2004 The Apache Software Foundation. + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import java.util.Collection; + +import org.apache.beehive.wsm.axis.security.SecurityModel ; + +import org.apache.axis.MessageContext; +import org.apache.axis.components.logger.LogFactory; +import org.apache.axis.security.AuthenticatedUser; +import org.apache.axis.security.SecurityProvider; +import org.apache.axis.security.simple.SimpleSecurityProvider; +import org.apache.commons.logging.Log; + +public class ServletSecurityModel implements SecurityModel { + + protected static Log log = + LogFactory.getLog(ServletSecurityModel.class.getName()); + + public void init ( MessageContext msgContext ) + { + // do nothing + } + + /** + * mostly copied from org/apache/axis/handlers/SimpleAuthenticationHandler.java + */ + public boolean isUserInRole ( MessageContext msgContext, Collection<String> rolesAllowed ){ + + if (log.isDebugEnabled()) { + log.debug("Enter: ServletSecurityModel::isUserInRole"); + } + + SecurityProvider provider = (SecurityProvider)msgContext.getProperty(MessageContext.SECURITY_PROVIDER); + if (provider == null) { + provider = new SimpleSecurityProvider(); + msgContext.setProperty(MessageContext.SECURITY_PROVIDER, provider); + } + + if (provider != null) { + String userID = msgContext.getUsername(); + if (log.isDebugEnabled()) { + log.debug("user : " + userID ); + } + + // in order to authenticate, the user must exist + if ( userID == null || userID.equals("") ) + { + log.debug("userID is null"); + return false; + } + + String passwd = msgContext.getPassword(); + if (log.isDebugEnabled()) { + log.debug("password : " + passwd ); + } + + AuthenticatedUser authUser = provider.authenticate(msgContext); + + // if a password is defined, then it must match + if ( authUser == null) { + log.debug("authuser is null"); + return false; + } + + for ( String role : rolesAllowed ) + { + if (provider.userMatches( authUser, role ) ) + { + // BINGO !! + + if (log.isDebugEnabled()) { + log.debug( "auth : " + userID + " is in role [" + role + "]"); + } + msgContext.setProperty(SecurityModel.BEEHIVE_AUTHUSER, authUser); + return true; + } + } + } + + if (log.isDebugEnabled()) { + log.debug("Exit: ServletSecurityModel::isUserInRole"); + } + + return false; + } + + +} Added: incubator/beehive/trunk/wsm/src/runtime/schema/beehive-role.xsd Url: http://svn.apache.org/viewcvs/incubator/beehive/trunk/wsm/src/runtime/schema/beehive-role.xsd?view=auto&rev=109585 ============================================================================== --- (empty file) +++ incubator/beehive/trunk/wsm/src/runtime/schema/beehive-role.xsd Thu Dec 2 15:18:05 2004 @@ -0,0 +1,43 @@ +<!-- Copyright 2004 The Apache Software Foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. --> +<xs:schema + xmlns:xs="http://www.w3.org/2001/XMLSchema"; + xmlns:bh="http://www.apache.org/beehive/wsm/axis/security/xmlbeans"; + targetNamespace="http://www.apache.org/beehive/wsm/axis/security/xmlbeans"; + elementFormDefault="qualified"> + + <xs:element name="beehive-role"> + <xs:complexType> + <xs:sequence> + <xs:element name="role" type="bh:role" minOccurs="0" maxOccurs="unbounded" /> + <xs:element name="user" type="bh:user" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + </xs:element> + + <xs:complexType name="role"> + <xs:sequence> + <xs:element name="user" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="name" type="xs:string" /> + </xs:complexType> + + <xs:complexType name="user"> + <xs:attribute name="name" type="xs:string" /> + <xs:attribute name="password" type="xs:string" /> + <xs:attribute name="md5" type="xs:boolean" default="false" /> + </xs:complexType> + +</xs:schema> +
