xmlauthorizationhandler.java

来自「精通Jboss——Ejb和Web Services开发精解的随书源代码」· Java 代码 · 共 35 行

package com.liuyang.axis.security.handler;

import java.util.StringTokenizer;
import org.apache.axis.*;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.security.*;
import org.apache.axis.utils.*;
import com.liuyang.axis.security.XMLSecurityProvider;
public class XMLAuthorizationHandler extends BasicHandler {
	public void invoke(MessageContext msgContext) throws AxisFault {
		boolean allowByDefault = JavaUtils.isTrueExplicitly(getOption("allowByDefault"));
		AuthenticatedUser user = (AuthenticatedUser)msgContext.getProperty(MessageContext.AUTHUSER);
		if (user == null)
		throw new AxisFault("Server.NoUser",Messages.getMessage("needUser00"), null, null);
		String userID = user.getName();
		Handler serviceHandler = msgContext.getService();
		if (serviceHandler == null)throw new AxisFault(Messages.getMessage("needService00"));
		String serviceName = serviceHandler.getName();
		String allowedRoles = (String)serviceHandler.getOption("allowedRoles");
		if (allowedRoles == null) {
			if (allowByDefault) {
			}else {throw new AxisFault( "Server.Unauthorized",
				Messages.getMessage("notAuth00", userID, serviceName),null, null);
			}return;
		}
		SecurityProvider provider = new XMLSecurityProvider();
		if (provider == null)throw new AxisFault(Messages.getMessage("noSecurity00"));
		StringTokenizer st = new StringTokenizer(allowedRoles, ",");
		while (st.hasMoreTokens()) {
			String thisRole = st.nextToken();
			if (provider.userMatches(user, thisRole))return;
		}throw new AxisFault("Server.Unauthorized",
			Messages.getMessage("cantAuth02",userID,serviceName),null, null);
	}
}