Java Source: SimpleSecurityProvider

001 /*
002  * The Apache Software License, Version 1.1
003  *
004  *
005  * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
006  * reserved.
007  *
008  * Redistribution and use in source and binary forms, with or without
009  * modification, are permitted provided that the following conditions
010  * are met:
011  *
012  * 1. Redistributions of source code must retain the above copyright
013  *    notice, this list of conditions and the following disclaimer. 
014  *
015  * 2. Redistributions in binary form must reproduce the above copyright
016  *    notice, this list of conditions and the following disclaimer in
017  *    the documentation and/or other materials provided with the
018  *    distribution.
019  *
020  * 3. The end-user documentation included with the redistribution,
021  *    if any, must include the following acknowledgment:  
022  *       "This product includes software developed by the
023  *        Apache Software Foundation (http://www.apache.org/)."
024  *    Alternately, this acknowledgment may appear in the software itself,
025  *    if and wherever such third-party acknowledgments normally appear.
026  *
027  * 4. The names "Axis" and "Apache Software Foundation" must
028  *    not be used to endorse or promote products derived from this
029  *    software without prior written permission. For written 
030  *    permission, please contact apache@apache.org.
031  *
032  * 5. Products derived from this software may not be called "Apache",
033  *    nor may "Apache" appear in their name, without prior written
034  *    permission of the Apache Software Foundation.
035  *
036  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
037  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
038  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
039  * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
040  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
041  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
042  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
043  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
044  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
045  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
046  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
047  * SUCH DAMAGE.
048  * ====================================================================
049  *
050  * This software consists of voluntary contributions made by many
051  * individuals on behalf of the Apache Software Foundation.  For more
052  * information on the Apache Software Foundation, please see
053  * <http://www.apache.org/>.
054  */
055 
056 package org.apache.axis.security.simple;
057 
058 import org.apache.axis.Constants;
059 import org.apache.axis.MessageContext;
060 import org.apache.axis.components.logger.LogFactory;
061 import org.apache.axis.security.AuthenticatedUser;
062 import org.apache.axis.security.SecurityProvider;
063 import org.apache.axis.utils.Messages;
064 import org.apache.commons.logging.Log;
065 
066 import java.io.File;
067 import java.io.FileReader;
068 import java.io.LineNumberReader;
069 import java.util.HashMap;
070 import java.util.StringTokenizer;
071 
072 /**
073  * SimpleSecurityProvider
074  *
075  * @author Glen Daniels (gdaniels@macromedia.com)
076  */
077 public class SimpleSecurityProvider implements SecurityProvider {
078     protected static Log log =
079         LogFactory.getLog(SimpleSecurityProvider.class.getName());
080 
081     HashMap users = null;
082     HashMap perms = null;
083 
084     boolean initialized = false;
085 
086     // load the users list
087     private synchronized void initialize(MessageContext msgContext)
088     {
089         if (initialized) return;
090 
091         String configPath = msgContext.getStrProp(Constants.MC_CONFIGPATH);
092         if (configPath == null) {
093             configPath = "";
094         } else {
095             configPath += File.separator;
096         }
097         File userFile = new File(configPath + "users.lst");
098         if (userFile.exists()) {
099             users = new HashMap();
100 
101             try {
102 
103                 FileReader        fr   = new FileReader( userFile );
104                 LineNumberReader  lnr  = new LineNumberReader( fr );
105                 String            line = null ;
106 
107                 // parse lines into user and passwd tokens and add result to hash table
108                 while ( (line = lnr.readLine()) != null ) {
109                     StringTokenizer  st = new StringTokenizer( line );
Rate110                     if ( st.hasMoreTokens() ) {
111                         String userID = st.nextToken();
Rate112                         String passwd = (st.hasMoreTokens()) ? st.nextToken() : "";
113 
114                         if (log.isDebugEnabled()) {
115                             log.debug( Messages.getMessage("fromFile00", 
116                                 userID, passwd) );
117                         }
118 
119                         users.put(userID, passwd);
120                     }
121                 }
122 
123                 lnr.close();
124 
125             } catch( Exception e ) {
126                 log.error( Messages.getMessage("exception00"), e );
127                 return;
128             }
129         }
130         initialized = true;
131     }
132 
133     /** Authenticate a user from a username/password pair.
134      *
135      * @param username the user name to check
136      * @param password the password to check
137      * @return an AuthenticatedUser or null
138      */
139     public AuthenticatedUser authenticate(MessageContext msgContext) {
140 
141         if (!initialized) {
142             initialize(msgContext);
143         }
144 
145         String username = msgContext.getUsername();
146         String password = msgContext.getPassword();
147 
148         if (users != null) {
149             if (log.isDebugEnabled()) {
150                 log.debug( Messages.getMessage("user00", username) );
151             }
152 
153             // in order to authenticate, the user must exist
154             if ( username == null ||
155                  username.equals("") ||
156                  !users.containsKey(username) )
157                 return null;
158 
159             String valid = (String) users.get(username);
160 
161             if (log.isDebugEnabled()) {
162                 log.debug( Messages.getMessage("password00", password) );
163             }
164 
165             // if a password is defined, then it must match
166             if ( valid.length()>0 && !valid.equals(password) )
167                 return null;
168 
169             if (log.isDebugEnabled()) {
170                 log.debug( Messages.getMessage("auth00", username) );
171             }
172 
173             return new SimpleAuthenticatedUser(username);
174         }
175 
176         return null;
177     }
178 
179     /** See if a user matches a principal name.  The name might be a user
180      * or a group.
181      *
182      * @return true if the user matches the passed name
183      */
184     public boolean userMatches(AuthenticatedUser user, String principal) {
185         if (user == null) return principal == null;
186         return user.getName().compareToIgnoreCase(principal) == 0;
187     }
188 }
Example Line	Rating (found useful by...)
110	0% of 0
112	0% of 0
Class: org.apache.axis.security.simple.SimpleSecurityProvider ©
