站内搜索: 请输入搜索关键词
当前页面: 在线文档首页 > JBoss 3.2.7 .net API Documentation 英文版文档

JBossAuthorizationHandler (JBoss.Net API) - JBoss 3.2.7 .net API Documentation 英文版文档


org.jboss.net.axis.server
Class JBossAuthorizationHandler

java.lang.Object
  extended byorg.apache.axis.handlers.BasicHandler
      extended byorg.jboss.net.axis.server.JBossAuthorizationHandler
All Implemented Interfaces:
org.apache.axis.Handler, Serializable

public class JBossAuthorizationHandler
extends org.apache.axis.handlers.BasicHandler

AuthorizationHandler that checks allowed and denied roles against the active subject using a given realmMapping. Is somehow redundant to what, e.g., the JBoss EJB invocation handler does, but maybe we need this to shield access to other container resources such as MBeans for which we will expose security-agnostic providers.

Change History


To Do

Version:
$Revision: 1.1.4.1 $
Author:
Christoph G. Jung
See Also:
Serialized Form

Field Summary
protected  boolean isInitialised
          whether this handler has been initialized
protected  org.jboss.security.RealmMapping realmMapping
          the security domain against which we call
protected  Set rolesAllowed
          the roles that we want to let through
protected  Set rolesDenied
          the roles that we want to deny access
 
Fields inherited from class org.apache.axis.handlers.BasicHandler
makeLockable, name, options
 
Constructor Summary
JBossAuthorizationHandler()
           
 
Method Summary
protected  boolean doesUserHaveRole(Principal principal, Set roles)
          return whether the given Principal has the given roles
protected  Collection getAssociatedPrincipals(org.apache.axis.MessageContext msgContext)
          returns a collection of principals that the context subject is associated with
protected  Principal getPrincipal(String userName)
          creates a new principal belonging to the given username, override to adapt to specific security domains.
protected  void initialise()
          initializes the roles checked by this handler
 void invoke(org.apache.axis.MessageContext msgContext)
          Authenticate the user and password from the msgContext.
 
Methods inherited from class org.apache.axis.handlers.BasicHandler
canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, init, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

realmMapping

protected org.jboss.security.RealmMapping realmMapping
the security domain against which we call


rolesAllowed

protected final Set rolesAllowed
the roles that we want to let through


rolesDenied

protected final Set rolesDenied
the roles that we want to deny access


isInitialised

protected boolean isInitialised
whether this handler has been initialized

Constructor Detail

JBossAuthorizationHandler

public JBossAuthorizationHandler()
Method Detail

initialise

protected void initialise()
                   throws org.apache.axis.AxisFault
initializes the roles checked by this handler

Throws:
org.apache.axis.AxisFault

getPrincipal

protected Principal getPrincipal(String userName)
creates a new principal belonging to the given username, override to adapt to specific security domains.


getAssociatedPrincipals

protected Collection getAssociatedPrincipals(org.apache.axis.MessageContext msgContext)
returns a collection of principals that the context subject is associated with


doesUserHaveRole

protected boolean doesUserHaveRole(Principal principal,
                                   Set roles)
return whether the given Principal has the given roles


invoke

public void invoke(org.apache.axis.MessageContext msgContext)
            throws org.apache.axis.AxisFault
Authenticate the user and password from the msgContext. Note that we do not disassociate the subject here, since that would have to be done by a separate handler in the response chain and we currently expect Jetty or the WebContainer to do that for us

Throws:
org.apache.axis.AxisFault


Copyright © 2002 JBoss Group, LLC. All Rights Reserved.