AuthHandler.java

/*
 * Copyright (c) 2010 StockPlay development team
 * All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
package com.kapti.backend.xmlrpc;

import com.kapti.backend.security.SessionsHandler;
import com.kapti.data.persistence.StockPlayDAO;
import com.kapti.exceptions.StockPlayException;
import org.apache.xmlrpc.XmlRpcRequest;
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfig;
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;

/**
 * \brief   Authenticatie-module voor de XML-RPC server.
 *
 * Deze module biedt de nodige functionaliteit om verschillende gebruikers
 * toe te laten op eenzelfde XML-RPC servlet. Daarbij vraagt de server aan
 * deze AuthHandler of een bepaalde user/password combinatie klopt (en de
 * gebruiker de correcte rechten heeft om de servlet te benaderen), en gebruikt
 * de return value van die isAuthorized aanroep om toegang tot de servlet
 * toe te staan of eventueel te blokkeren.
 */
public class AuthHandler implements AuthenticationHandler {
    //
    // Dataleden
    //
    
    private StockPlayDAO mDAO;
    private SessionsHandler mSessions;
    
    
    //
    // Constructie
    //

    public AuthHandler(StockPlayDAO iDAO, SessionsHandler iSessions) {
        super();
        mDAO = iDAO;
        mSessions = iSessions;
    }


    //
    // Methoden
    //

    public boolean isAuthorized(XmlRpcRequest pRequest) throws StockPlayException {
        // Haal credentials op
        XmlRpcHttpRequestConfig config = (XmlRpcHttpRequestConfig) pRequest.getConfig();
        String sessionid = config.getBasicUserName();

        // Genereer algemene functienaam
        String tMethod = pRequest.getMethodName();

        // Genereer specifieke functienaam
        StringBuilder tMethodFullBuilder = new StringBuilder(pRequest.getMethodName());
        tMethodFullBuilder.append('(');
        for (int i = 0; i < pRequest.getParameterCount(); i++) {
            tMethodFullBuilder.append(pRequest.getParameter(i).getClass().getName());
            if (i < pRequest.getParameterCount() - 1)
                tMethodFullBuilder.append(',');
        }
        tMethodFullBuilder.append(')');
        String tMethodFull = tMethodFullBuilder.toString();

        // Controleer
        if (mSessions.containsDefinition(tMethodFull)) {
            return mSessions.verifyRequest(sessionid, tMethodFull);
        } else if (mSessions.containsDefinition(tMethod)) {
            return mSessions.verifyRequest(sessionid, tMethod);
        } else {
            return false;
        }
    }
}