Search in sources :

Example 1 with CompleteEstablishContext

use of com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext in project Payara by payara.

the class Counter method createCompleteEstablishContext.

/**
 * Create a CompleteEstablishContext Message. This currently works only for the GSSUP mechanism.
 */
private SASContextBody createCompleteEstablishContext(int status) {
    /**
     * CSIV2 SPEC NOTE:
     *
     * Check CSIV2 spec to make sure that there is no final_context_token for GSSUP mechanism
     */
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Creating CompleteEstablishContext message");
    }
    byte[] final_context_token = {};
    CompleteEstablishContext completeEstablishContext = new // stateless client id
    CompleteEstablishContext(// stateless client id
    0, // for stateless
    false, final_context_token);
    SASContextBody sasctxtbody = new SASContextBody();
    sasctxtbody.complete_msg(completeEstablishContext);
    return sasctxtbody;
}
Also used : CompleteEstablishContext(com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext) SASContextBody(com.sun.corba.ee.org.omg.CSI.SASContextBody)

Example 2 with CompleteEstablishContext

use of com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext in project Payara by payara.

the class Counter method receive_request.

@Override
public void receive_request(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    // SecurityContext to be sent
    SecurityContext securityContext = null;
    // service context
    ServiceContext serviceContext = null;
    int status = 0;
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "++++ Entered " + prname + "receive_request");
    }
    ORB orb = orbHelper.getORB();
    try {
        serviceContext = serverRequestInfo.get_request_service_context(SECURITY_ATTRIBUTE_SERVICE_ID);
        if (serviceContext == null) {
            handle_null_service_context(serverRequestInfo, orb);
            return;
        }
    } catch (BAD_PARAM e) {
        handle_null_service_context(serverRequestInfo, orb);
        return;
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Received a non null SAS context element");
    }
    // Decode the service context field
    Any SasAny;
    try {
        SasAny = codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type());
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.decode_exception", e);
        throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_cdr_decode", "CDR Decoding error for SAS context element."));
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Successfully decoded CDR encoded SAS context element.");
    }
    SASContextBody sasctxbody = SASContextBodyHelper.extract(SasAny);
    short sasdiscr = sasctxbody.discriminator();
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "SAS context element is a/an " + SvcContextUtils.getMsgname(sasdiscr) + " message");
    }
    if (sasdiscr == MTMessageInContext.value) {
        sasctxbody = createContextError(SvcContextUtils.MessageInContextMinor);
        serviceContext = createSvcContext(sasctxbody, orb);
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "Adding ContextError message to service context list");
            logger.log(FINE, "SecurityContext set to null");
        }
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    }
    if (sasdiscr != MTEstablishContext.value) {
        logger.log(SEVERE, "iiop.not_establishcontext_msg");
        throw new SecurityException(localStrings.getLocalString("secserverreqinterceptor.err_not_ec_msg", "Received message not an EstablishContext message."));
    }
    EstablishContext establishContext = sasctxbody.establish_msg();
    securityContext = new SecurityContext();
    securityContext.subject = new Subject();
    try {
        if (establishContext.client_authentication_token.length != 0) {
            if (logger.isLoggable(FINE)) {
                logger.log(FINE, "Message contains Client Authentication Token");
            }
            createAuthCredential(securityContext, establishContext.client_authentication_token, orb);
        }
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.authentication_exception", e);
        throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
    }
    try {
        if (establishContext.identity_token != null) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "Message contains an Identity Token");
            }
            createIdCred(securityContext, establishContext.identity_token);
        }
    } catch (SecurityException secex) {
        logger.log(SEVERE, "iiop.security_exception", secex);
        sasctxbody = createContextError(INVALID_MECHANISM_MAJOR, INVALID_MECHANISM_MINOR);
        serviceContext = createSvcContext(sasctxbody, orb);
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    } catch (Exception e) {
        logger.log(SEVERE, "iiop.generic_exception", e);
        throw new SecurityException(localStrings.getLocalString("secsercverreqinterceptor.err_cred_create", "Error while creating a JAAS subject credential."));
    }
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "Invoking setSecurityContext() to set security context");
    }
    status = secContextUtil.setSecurityContext(securityContext, serverRequestInfo.object_id(), serverRequestInfo.operation(), getServerSocket());
    if (logger.isLoggable(Level.FINE)) {
        logger.log(Level.FINE, "setSecurityContext() returned status code " + status);
    }
    /**
     * CSIV2 SPEC NOTE:
     *
     * If ec.client_context_id is non zero, then this is a stateful request. As specified in section
     * 4.2.1, a stateless server must attempt to validate the security tokens in the security context
     * field. If validation succeeds then CompleteEstablishContext message is sent back. If validation
     * fails, a ContextError must be sent back.
     */
    if (status == STATUS_FAILED) {
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "setSecurityContext() returned STATUS_FAILED");
        }
        sasctxbody = createContextError(status);
        serviceContext = createSvcContext(sasctxbody, orb);
        if (logger.isLoggable(FINE)) {
            logger.log(FINE, "Adding ContextError message to service context list");
        }
        serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
        throw new NO_PERMISSION();
    }
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "setSecurityContext() returned SUCCESS");
    }
    sasctxbody = createCompleteEstablishContext(status);
    serviceContext = createSvcContext(sasctxbody, orb);
    if (logger.isLoggable(FINE)) {
        logger.log(FINE, "Adding CompleteEstablisContext message to service context list");
    }
    serverRequestInfo.add_reply_service_context(serviceContext, NO_REPLACE);
}
Also used : NO_PERMISSION(org.omg.CORBA.NO_PERMISSION) ServiceContext(org.omg.IOP.ServiceContext) BAD_PARAM(org.omg.CORBA.BAD_PARAM) SASContextBody(com.sun.corba.ee.org.omg.CSI.SASContextBody) Any(org.omg.CORBA.Any) Subject(javax.security.auth.Subject) SecurityContext(com.sun.enterprise.common.iiop.security.SecurityContext) CompleteEstablishContext(com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext) MTEstablishContext(com.sun.corba.ee.org.omg.CSI.MTEstablishContext) EstablishContext(com.sun.corba.ee.org.omg.CSI.EstablishContext) ORB(org.omg.CORBA.ORB)

Aggregations

CompleteEstablishContext (com.sun.corba.ee.org.omg.CSI.CompleteEstablishContext)2 SASContextBody (com.sun.corba.ee.org.omg.CSI.SASContextBody)2 EstablishContext (com.sun.corba.ee.org.omg.CSI.EstablishContext)1 MTEstablishContext (com.sun.corba.ee.org.omg.CSI.MTEstablishContext)1 SecurityContext (com.sun.enterprise.common.iiop.security.SecurityContext)1 Subject (javax.security.auth.Subject)1 Any (org.omg.CORBA.Any)1 BAD_PARAM (org.omg.CORBA.BAD_PARAM)1 NO_PERMISSION (org.omg.CORBA.NO_PERMISSION)1 ORB (org.omg.CORBA.ORB)1 ServiceContext (org.omg.IOP.ServiceContext)1