Package mondrian.xmla.impl

Class AuthenticatingXmlaRequestCallback

java.lang.Object
mondrian.xmla.impl.AuthenticatingXmlaRequestCallback
All Implemented Interfaces:
XmlaRequestCallback
public abstract class AuthenticatingXmlaRequestCallback extends Object implements XmlaRequestCallback
This is an abstract implementation of XmlaRequestCallback specialized in authenticating the requests coming in. Subclasses are only required to implement authenticate(String, String, String).

Once implemented, you only need to register your class using the XMLA servlet config, within your web.xml descriptor.

Author:
LBoudreau

  • Constructor Details

    • AuthenticatingXmlaRequestCallback

      public AuthenticatingXmlaRequestCallback()

  • Method Details

    • generateSessionId

      public String generateSessionId(Map<String,Object> context)
      Description copied from interface: XmlaRequestCallback
      The Callback is requested to generate a sequence id string. This sequence id was requested by the XMLA client and will be used for all subsequent communications in the Soap Header block. Implementation can return null if they do not want to generate a custom session ID, in which case, the default algorithm to generate session IDs will be used.
      Specified by:
      generateSessionId in interface XmlaRequestCallback
      Parameters:
      context - The context of this query.
      Returns:
      An arbitrary session id to use, or null.

    • init

      public void init(javax.servlet.ServletConfig servletConfig) throws javax.servlet.ServletException
      Specified by:
      init in interface XmlaRequestCallback
      Throws:
      javax.servlet.ServletException

    • postAction

      public void postAction(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, byte[][] responseSoapParts, Map<String,Object> context) throws Exception
      Description copied from interface: XmlaRequestCallback
      This is called after all Mondrian processing (DISCOVER/EXECUTE) has occurred.
      Specified by:
      postAction in interface XmlaRequestCallback
      Throws:
      Exception

    • preAction

      public void preAction(javax.servlet.http.HttpServletRequest request, Element[] requestSoapParts, Map<String,Object> context) throws Exception
      Description copied from interface: XmlaRequestCallback
      This is called after the headers have been process but before the body (DISCOVER/EXECUTE) has been processed.
      Specified by:
      preAction in interface XmlaRequestCallback
      Throws:
      Exception

    • authenticate

      public abstract String authenticate(String username, String password, String sessionID)
      This function is expected to do two things.
      • Validate the credentials.
      • Return a comma separated list of role names associated to these credentials.

      Should there be any problems with the credentials, subclasses can invoke throwAuthenticationException(String) to throw an authentication exception back to the client.

      Parameters:
      username - Username used for authentication, as specified in the SOAP security header. Might be null.
      password - Password used for authentication, as specified in the SOAP security header. Might be null.
      sessionID - A unique identifier for this client session. Session IDs should remain the same between different queries from a same client, although some clients do not implement the XMLA Session header properly, resulting in a new session ID for each request.
      Returns:
      A comma separated list of roles associated to this user, or null for root access.

    • throwAuthenticationException

      protected void throwAuthenticationException(String reason)
      Helper method to create and throw an authentication exception.
      Parameters:
      reason - A textual explanation of why the credentials are rejected.

    • processHttpHeader

      public boolean processHttpHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> context) throws Exception
      Description copied from interface: XmlaRequestCallback
      Process the request header items. Specifically if present the Authorization and Expect headers. If the Authorization header is present, then the callback can validate the user/password. If authentication fails, the callback should throw an XmlaException with the correct XmlaConstants values. The XmlaRequestCallback.Helper class contains the authorizationException method that can be used by a callback to generate the XmlaException with the correct values. If the Expect header is set with "100-continue", then it is upto the callback to create the appropriate response and return false. In this case, the XmlaServlet stops processing and returns the response to the client application. To facilitate the generation of the response, the XmlaRequestCallback.Helper has the method generatedExpectResponse that can be called by the callback.

      Note that it is upto the XMLA client to determine whether or not there is an Expect header entry (ADOMD.NET seems to like to do this).

      Specified by:
      processHttpHeader in interface XmlaRequestCallback
      Returns:
      true if XmlaServlet handling is to continue and false if there was an Expect header "100-continue".
      Throws:
      Exception