org.apache.axis.security.servlet
Class ServletSecurityProvider

java.lang.Object
  |
  +--org.apache.axis.security.servlet.ServletSecurityProvider

All Implemented Interfaces:

SecurityProvider

public class ServletSecurityProvider

extends java.lang.Object

implements SecurityProvider

A ServletSecurityProvider, combined with the ServletAuthenticatedUser class, allows the standard servlet security mechanisms (isUserInRole(), etc.) to integrate with Axis' access control mechanism. By utilizing this class (which the AxisServlet can be configured to do automatically), authentication and role information will come from your servlet engine.

Author:

Glen Daniels (gdaniels@macromedia.com)

Field Summary

protected static org.apache.commons.logging.Log

log

Constructor Summary

ServletSecurityProvider()

Method Summary

AuthenticatedUser	authenticate(MessageContext msgContext) Authenticate a user from a username/password pair.
boolean	userMatches(AuthenticatedUser user, java.lang.String principal) See if a user matches a principal name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected static org.apache.commons.logging.Log log

Constructor Detail

ServletSecurityProvider

public ServletSecurityProvider()

Method Detail

authenticate

public AuthenticatedUser authenticate(MessageContext msgContext)

Authenticate a user from a username/password pair.

Specified by:

authenticate in interface SecurityProvider

Parameters:

msgContext - the MessageContext containing authentication info

Returns:

an AuthenticatedUser or null

userMatches

public boolean userMatches(AuthenticatedUser user,
                           java.lang.String principal)

See if a user matches a principal name. The name might be a user or a group.

Specified by:

userMatches in interface SecurityProvider

Returns:

true if the user matches the passed name