1 : package soap.test;
2 :
3 : import java.io.*;
4 : import javax.servlet.*;
5 : import javax.servlet.http.*;
6 :
7 : import org.apache.soap.*;
8 : import org.apache.soap.rpc.*;
9 : import org.apache.soap.server.*;
10 : import org.apache.soap.encoding.soapenc.Base64;
11 :
12 : import org.apache.soap.server.http.*;
13 : import org.apache.soap.util.*;
14 : import org.apache.soap.providers.*;
15 :
16 : /**
17 : * Title:
18 : * Description: This class must be specified as user defined provider type
19 : * for all Java services that need to be deployed on Apache SOAP with user
20 : * authentication. <p> Instead
21 : * of using the default Java provider, use this one to provide a basic
22 : * authentication scheme and check against authorization rules.
23 : * The class org.apache.soap.providers.TemplateProvider gives valuable
24 : * info on how to implement a custom provider.
25 : *
26 : */
27 : public class SimpleAuthenticationJavaProvider implements Provider {
28 :
29 : protected DeploymentDescriptor dd ;
30 : protected Envelope envelope ;
31 : protected Call call ;
32 : protected String methodName ;
33 : protected String targetObjectURI ;
34 : protected HttpServlet servlet ;
35 : protected HttpSession session ;
36 :
37 : protected Object targetObject ;
38 :
39 : public void locate( DeploymentDescriptor dd,
40 : Envelope env,
41 : Call call,
42 : String methodName,
43 : String targetObjectURI,
44 : SOAPContext reqContext )
45 : throws SOAPException {
46 :
47 : HttpServlet servlet = (HttpServlet) reqContext.getProperty( Constants.BAG_HTTPSERVLET );
48 : HttpSession session = (HttpSession) reqContext.getProperty( Constants.BAG_HTTPSESSION );
49 : HttpServletRequest rq = (HttpServletRequest) reqContext.getProperty(Constants.BAG_HTTPSERVLETREQUEST);
50 :
51 : // We have isolated the block in charge of authentication here
52 : {
53 : String auth = rq.getHeader("Authorization");
54 : auth = auth.substring(auth.indexOf(" "));
55 : // Decoding is as simple as this...
56 : String decoded = new String(Base64.decode(auth));
57 :
58 : // decoded now contains <<username:password>> in plain text.
59 : int i = decoded.indexOf(":");
60 : // so we take the username from it ( everything until the ':' )
61 : String username = decoded.substring(0,i);
62 : // and the password
63 : String pwd = decoded.substring(i+1,decoded.length());
64 :
65 : System.out.println("Request received from " + username);
66 : // Now do whatever is needed to see if username and pwd match
67 :
68 : // the implementation below is stupid and wants a password containing "1"
69 : // This should be replaced to a call to a db / user list provider
70 : //or anything that does authentication verification.
71 : if (!fetchPasswordFromUser(username).equals(password))
72 : throw new SOAPException(Constants.FAULT_CODE_PROTOCOL,"Authentication failed");
73 :
74 : }
75 :
76 : this.dd = dd ;
77 : this.envelope = env ;
78 : this.call = call ;
79 : this.methodName = methodName ;
80 : this.targetObjectURI = targetObjectURI ;
81 : this.servlet = servlet ;
82 : this.session = session ;
83 :
84 : ServletConfig config = null ;
85 : ServletContext context = null ;
86 :
87 : if ( servlet != null ) config = servlet.getServletConfig();
88 : if ( config != null ) context = config.getServletContext ();
89 :
90 :
91 : ServiceManager serviceManager =
92 : ServerHTTPUtils.getServiceManagerFromContext (context);
93 :
94 : // Default processing for 'java' and 'script' providers
95 : // call on a valid method name?
96 : if (!RPCRouter.validCall (dd, call)) {
97 : throw new SOAPException(Constants.FAULT_CODE_SERVER,
98 : "Method '" + call.getMethodName () + "' is not supported.");
99 : }
100 :
101 : // get at the target object
102 : targetObject = ServerHTTPUtils.getTargetObject (serviceManager, dd, targetObjectURI,
103 : servlet, session, reqContext,context);
104 : };
105 :
106 : public void invoke(SOAPContext reqContext,
107 : SOAPContext resContext) throws SOAPException {
108 :
109 : try {
110 : Response resp = RPCRouter.invoke( dd, call, targetObject,
111 : reqContext, resContext );
112 : Envelope env = resp.buildEnvelope();
113 : StringWriter sw = new StringWriter();
114 : env.marshall( sw, call.getSOAPMappingRegistry(), resContext );
115 : resContext.setRootPart( sw.toString(),
116 : Constants.HEADERVAL_CONTENT_TYPE_UTF8);
117 : }
118 : catch( Exception e ) {
119 : if ( e instanceof SOAPException ) throw (SOAPException ) e ;
120 : throw new SOAPException( Constants.FAULT_CODE_SERVER,
121 : e.toString() );
122 : }
123 : }
124 : }