1 :  package soap.test; 
     2 :   
     3 :  import java.io.*; 
     4 :  import javax.servlet.*; 
     5 :  import javax.servlet.http.*; 
     6 :   
     7 :  import org.apache.soap.*; 
     8 :  import org.apache.soap.rpc.*; 
     9 :  import org.apache.soap.server.*; 
    10 :  import org.apache.soap.encoding.soapenc.Base64; 
    11 :   
    12 :  import org.apache.soap.server.http.*; 
    13 :  import org.apache.soap.util.*; 
    14 :  import org.apache.soap.providers.*; 
    15 :   
    16 :  /** 
    17 :   * Title: 
    18 :   * Description: This class must be specified as user defined provider type 
    19 :   * for all Java services that need to be deployed on Apache SOAP with user 
    20 :   * authentication. <p> Instead 
    21 :   * of using the default Java provider, use this one to provide a basic 
    22 :   * authentication scheme and check against authorization rules. 
    23 :   * The class org.apache.soap.providers.TemplateProvider gives valuable 
    24 :   * info on how to implement a custom provider. 
    25 :   * 
    26 :   */ 
    27 :  public class SimpleAuthenticationJavaProvider implements Provider { 
    28 :   
    29 :      protected DeploymentDescriptor dd ; 
    30 :      protected Envelope             envelope ; 
    31 :      protected Call                 call ; 
    32 :      protected String               methodName ; 
    33 :      protected String               targetObjectURI ; 
    34 :      protected HttpServlet          servlet ; 
    35 :      protected HttpSession          session ; 
    36 :   
    37 :      protected Object               targetObject ; 
    38 :   
    39 :      public void locate( DeploymentDescriptor dd, 
    40 :                         Envelope env, 
    41 :                         Call call, 
    42 :                         String methodName, 
    43 :                         String targetObjectURI, 
    44 :                         SOAPContext reqContext ) 
    45 :          throws SOAPException { 
    46 :   
    47 :          HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET ); 
    48 :          HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION ); 
    49 :          HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST); 
    50 :   
    51 :          // We have isolated the block in charge of authentication here 
    52 :          { 
    53 :              String auth = rq.getHeader("Authorization"); 
    54 :              auth = auth.substring(auth.indexOf(" ")); 
    55 :              // Decoding is as simple as this...  
    56 :              String decoded = new String(Base64.decode(auth)); 
    57 :               
    58 :              // decoded now contains <<username:password>> in plain text. 
    59 :              int i = decoded.indexOf(":"); 
    60 :              // so we take the username from it ( everything until the ':' ) 
    61 :              String username = decoded.substring(0,i); 
    62 :              // and the password 
    63 :              String pwd = decoded.substring(i+1,decoded.length()); 
    64 :   
    65 :              System.out.println("Request received from " + username); 
    66 :              // Now do whatever is needed to see if username and pwd match 
    67 :   
    68 :              // the implementation below is stupid and wants a password containing "1" 
    69 :              // This should be replaced to a call to a db / user list provider 
    70 :              //or anything that does authentication verification. 
    71 :              if (!fetchPasswordFromUser(username).equals(password)) 
    72 :                  throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed"); 
    73 :   
    74 :          } 
    75 :   
    76 :          this.dd              = dd ; 
    77 :          this.envelope        = env ; 
    78 :          this.call            = call ; 
    79 :          this.methodName      = methodName ; 
    80 :          this.targetObjectURI = targetObjectURI ; 
    81 :          this.servlet         = servlet ; 
    82 :          this.session         = session ; 
    83 :   
    84 :          ServletConfig  config  = null ; 
    85 :          ServletContext context = null ; 
    86 :   
    87 :          if ( servlet != null ) config  = servlet.getServletConfig(); 
    88 :          if ( config != null ) context = config.getServletContext (); 
    89 :   
    90 :   
    91 :          ServiceManager serviceManager = 
    92 :              ServerHTTPUtils.getServiceManagerFromContext (context); 
    93 :   
    94 :          // Default processing for 'java' and 'script' providers 
    95 :          // call on a valid method name? 
    96 :          if (!RPCRouter.validCall (dd, call)) { 
    97 :              throw new SOAPException(Constants.FAULT_CODE_SERVER, 
    98 :                                       "Method '" + call.getMethodName () +   "' is not supported."); 
    99 :          } 
   100 :   
   101 :          // get at the target object 
   102 :          targetObject = ServerHTTPUtils.getTargetObject (serviceManager,                                 dd, targetObjectURI, 
   103 :                                                          servlet, session,   reqContext,context); 
   104 :      }; 
   105 :   
   106 :      public void invoke(SOAPContext reqContext, 
   107 :                         SOAPContext resContext) throws SOAPException { 
   108 :   
   109 :          try { 
   110 :              Response resp = RPCRouter.invoke( dd, call, targetObject, 
   111 :                                               reqContext, resContext ); 
   112 :              Envelope env = resp.buildEnvelope(); 
   113 :              StringWriter  sw = new StringWriter(); 
   114 :              env.marshall( sw, call.getSOAPMappingRegistry(), resContext ); 
   115 :              resContext.setRootPart( sw.toString(), 
   116 :                                     Constants.HEADERVAL_CONTENT_TYPE_UTF8); 
   117 :          } 
   118 :          catch( Exception e ) { 
   119 :              if ( e instanceof SOAPException ) throw (SOAPException ) e ; 
   120 :              throw new SOAPException( Constants.FAULT_CODE_SERVER, 
   121 :                                      e.toString() ); 
   122 :          } 
   123 :      } 
   124 :  } 
HTML generated by Java2Html, 2000 Think Tank Ltd, Douglas, Isle Of Man. All rights reserved