mondrian.xmla.impl

Class AuthenticatingXmlaRequestCallback

java.lang.Object

mondrian.xmla.impl.AuthenticatingXmlaRequestCallback

All Implemented Interfaces:

XmlaRequestCallback

public abstract class AuthenticatingXmlaRequestCallback
extends Object
implements XmlaRequestCallback

This is an abstract implementation of XmlaRequestCallback specialized in authenticating the requests coming in. Subclasses are only required to implement authenticate(String, String, String).

Once implemented, you only need to register your class using the XMLA servlet config, within your web.xml descriptor.

Author:

LBoudreau

Nested Class Summary

Nested classes/interfaces inherited from interface mondrian.xmla.XmlaRequestCallback

XmlaRequestCallback.Helper

Field Summary

Fields inherited from interface mondrian.xmla.XmlaRequestCallback

AUTHORIZATION, EXPECT, EXPECT_100_CONTINUE

Constructor Summary

Constructors

Constructor and Description
AuthenticatingXmlaRequestCallback()

Method Summary

Modifier and Type	Method and Description
abstract String	authenticate(String username, String password, String sessionID) This function is expected to do two things.
String	generateSessionId(Map<String,Object> context) The Callback is requested to generate a sequence id string.
void	init(javax.servlet.ServletConfig servletConfig)
void	postAction(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, byte[][] responseSoapParts, Map<String,Object> context) This is called after all Mondrian processing (DISCOVER/EXECUTE) has occurred.
void	preAction(javax.servlet.http.HttpServletRequest request, Element[] requestSoapParts, Map<String,Object> context) This is called after the headers have been process but before the body (DISCOVER/EXECUTE) has been processed.
boolean	processHttpHeader(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map<String,Object> context) Process the request header items.
protected void	throwAuthenticationException(String reason) Helper method to create and throw an authentication exception.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticatingXmlaRequestCallback

public AuthenticatingXmlaRequestCallback()

Method Detail

generateSessionId

public String generateSessionId(Map<String,Object> context)

Description copied from interface: XmlaRequestCallback

The Callback is requested to generate a sequence id string. This sequence id was requested by the XMLA client and will be used for all subsequent communications in the Soap Header block. Implementation can return null if they do not want to generate a custom session ID, in which case, the default algorithm to generate session IDs will be used.

Specified by:

generateSessionId in interface XmlaRequestCallback

Parameters:

context - The context of this query.

Returns:

An arbitrary session id to use, or null.

init

public void init(javax.servlet.ServletConfig servletConfig)
          throws javax.servlet.ServletException

Specified by:

init in interface XmlaRequestCallback

Throws:

javax.servlet.ServletException

postAction

public void postAction(javax.servlet.http.HttpServletRequest request,
                       javax.servlet.http.HttpServletResponse response,
                       byte[][] responseSoapParts,
                       Map<String,Object> context)
                throws Exception

Description copied from interface: XmlaRequestCallback

This is called after all Mondrian processing (DISCOVER/EXECUTE) has occurred.

Specified by:

postAction in interface XmlaRequestCallback

Throws:

Exception

preAction

public void preAction(javax.servlet.http.HttpServletRequest request,
                      Element[] requestSoapParts,
                      Map<String,Object> context)
               throws Exception

Description copied from interface: XmlaRequestCallback

This is called after the headers have been process but before the body (DISCOVER/EXECUTE) has been processed.

Specified by:

preAction in interface XmlaRequestCallback

Throws:

Exception

authenticate

public abstract String authenticate(String username,
                                    String password,
                                    String sessionID)

This function is expected to do two things.

• Validate the credentials.
• Return a comma separated list of role names associated to these credentials.

Should there be any problems with the credentials, subclasses can invoke throwAuthenticationException(String) to throw an authentication exception back to the client.

Parameters:

username - Username used for authentication, as specified in the SOAP security header. Might be null.

password - Password used for authentication, as specified in the SOAP security header. Might be null.

sessionID - A unique identifier for this client session. Session IDs should remain the same between different queries from a same client, although some clients do not implement the XMLA Session header properly, resulting in a new session ID for each request.

Returns:

A comma separated list of roles associated to this user, or null for root access.

throwAuthenticationException

protected void throwAuthenticationException(String reason)

Helper method to create and throw an authentication exception.

Parameters:

reason - A textual explanation of why the credentials are rejected.

processHttpHeader

public boolean processHttpHeader(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 Map<String,Object> context)
                          throws Exception

Description copied from interface: XmlaRequestCallback

Process the request header items. Specifically if present the Authorization and Expect headers. If the Authorization header is present, then the callback can validate the user/password. If authentication fails, the callback should throw an XmlaException with the correct XmlaConstants values. The XmlaRequestCallback.Helper class contains the authorizationException method that can be used by a callback to generate the XmlaException with the correct values. If the Expect header is set with "100-continue", then it is upto the callback to create the appropriate response and return false. In this case, the XmlaServlet stops processing and returns the response to the client application. To facilitate the generation of the response, the XmlaRequestCallback.Helper has the method generatedExpectResponse that can be called by the callback.

Note that it is upto the XMLA client to determine whether or not there is an Expect header entry (ADOMD.NET seems to like to do this).

Specified by:

processHttpHeader in interface XmlaRequestCallback

Returns:

true if XmlaServlet handling is to continue and false if there was an Expect header "100-continue".

Throws:

Exception