org.edg.security.mediumgrainedauthz
Class MedAuthzHandler

java.lang.Object
  |
  +--org.apache.axis.handlers.BasicHandler
        |
        +--org.edg.security.mediumgrainedauthz.MedAuthzHandler
All Implemented Interfaces:
org.apache.axis.Handler, java.io.Serializable

public class MedAuthzHandler
extends org.apache.axis.handlers.BasicHandler

The MedAuthzHandler is an AXIS handler that can be put in a request flow in front of a SOAP endpoint that needs medium grained authorization. This handler should be behind a SOAPOverHTTPAuthorizationHandler because the role or authorized attribute is fetched from the SecurityContext set by SOAPOverHTTPAuthorizationHandler. The handler class then decides based on the role attribute whether a SOAP method call is allowed or not.

Role - methodname mappings are stored using java Properties files, e.g.containing mappings like "admin = delete, add, remove".

See Also:
Serialized Form

Field Summary
protected  boolean IsInitialized
           
protected static org.apache.log4j.Logger logger
           
static java.lang.String theAuthorizedValue
           
static java.lang.String theMedGrainedAuthzConfigParameter
           
 
Fields inherited from class org.apache.axis.handlers.BasicHandler
log, makeLockable, name, options
 
Constructor Summary
MedAuthzHandler()
           
 
Method Summary
protected  java.lang.String getOptionValue(java.lang.String name, java.lang.String defaultValue)
          Convenience method to extract an option setting or provide a default value if empty or non-existent.
 void init()
           
 void invoke(org.apache.axis.MessageContext mc)
           
 
Methods inherited from class org.apache.axis.handlers.BasicHandler
canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

theAuthorizedValue

public static final java.lang.String theAuthorizedValue
See Also:
Constant Field Values

theMedGrainedAuthzConfigParameter

public static final java.lang.String theMedGrainedAuthzConfigParameter
See Also:
Constant Field Values

logger

protected static org.apache.log4j.Logger logger

IsInitialized

protected boolean IsInitialized
Constructor Detail

MedAuthzHandler

public MedAuthzHandler()
Method Detail

getOptionValue

protected java.lang.String getOptionValue(java.lang.String name,
                                          java.lang.String defaultValue)
Convenience method to extract an option setting or provide a default value if empty or non-existent.


init

public void init()
Specified by:
init in interface org.apache.axis.Handler
Overrides:
init in class org.apache.axis.handlers.BasicHandler
See Also:
Handler.init()

invoke

public void invoke(org.apache.axis.MessageContext mc)
            throws org.apache.axis.AxisFault
Specified by:
invoke in interface org.apache.axis.Handler
Specified by:
invoke in class org.apache.axis.handlers.BasicHandler
org.apache.axis.AxisFault
See Also:
Handler.invoke(MessageContext)