JBossAuthorizationHandler

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.net.axis.server
Class JBossAuthorizationHandler

java.lang.Object
  org.jboss.axis.handlers.BasicHandler (src) 
      org.jboss.net.axis.server.JBossAuthorizationHandler

All Implemented Interfaces:: Handler (src)

public class JBossAuthorizationHandler
extends BasicHandler (src)

AuthorizationHandler that checks allowed and denied roles against the active subject using a given realmMapping. Is somehow redundant to what, e.g., the JBoss EJB invocation handler does, but maybe we need this to shield access to other container resources such as MBeans for which we will expose security-agnostic providers.

Change History

jung, 15.03.2002: Added security domain option.

To Do

jung, 14.03.2002: Cache simple principals. Principal factory for interacting with various security domains.

Field Summary
`protected boolean`	`isInitialised` whether this handler has been initialized
`protected RealmMapping (src)`	`realmMapping` the security domain against which we call
`protected java.util.Set`	`rolesAllowed` the roles that we want to let through
`protected java.util.Set`	`rolesDenied` the roles that we want to deny access

Fields inherited from class org.jboss.axis.handlers.BasicHandler (src)

makeLockable, name, options

Constructor Summary
`JBossAuthorizationHandler()`

Method Summary
`protected boolean`	`doesUserHaveRole(java.security.Principal principal, java.util.Set roles)` return whether the given Principal has the given roles
`protected java.util.Collection`	`getAssociatedPrincipals(MessageContext (src) msgContext)` returns a collection of principals that the context subject is associated with
`protected java.security.Principal`	`getPrincipal(java.lang.String userName)` creates a new principal belonging to the given username, override to adapt to specific security domains.
`protected void`	`initialise()` initializes the roles checked by this handler
`void`	`invoke(MessageContext (src) msgContext)` Authenticate the user and password from the msgContext.

Methods inherited from class org.jboss.axis.handlers.BasicHandler (src)

canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, init, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

realmMapping

protected RealmMapping (src)  realmMapping

the security domain against which we call

rolesAllowed

protected final java.util.Set rolesAllowed

the roles that we want to let through

rolesDenied

protected final java.util.Set rolesDenied

the roles that we want to deny access

isInitialised

protected boolean isInitialised

whether this handler has been initialized

Constructor Detail

JBossAuthorizationHandler

public JBossAuthorizationHandler()

Method Detail

initialise

protected void initialise()
                   throws AxisFault (src)

initializes the roles checked by this handler

Throws:: AxisFault (src)

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String userName)

creates a new principal belonging to the given username, override to adapt to specific security domains.

getAssociatedPrincipals

protected java.util.Collection getAssociatedPrincipals(MessageContext (src)  msgContext)

returns a collection of principals that the context subject is associated with

doesUserHaveRole

protected boolean doesUserHaveRole(java.security.Principal principal,
                                   java.util.Set roles)

return whether the given Principal has the given roles

invoke

public void invoke(MessageContext (src)  msgContext)
            throws AxisFault (src)

Authenticate the user and password from the msgContext. Note that we do not disassociate the subject here, since that would have to be done by a separate handler in the response chain and we currently expect Jetty or the WebContainer to do that for us