Example 11 with WebServiceEndpoint
use of com.sun.enterprise.deployment.WebServiceEndpoint in project Payara by payara.
the class SecurityServiceImpl method doSecurity.
public boolean doSecurity(HttpServletRequest hreq, EjbRuntimeEndpointInfo epInfo, String realmName, WebServiceContextImpl context) {
// BUG2263 - Clear the value of UserPrincipal from previous request
// If authentication succeeds, the proper value will be set later in
// this method.
boolean authenticated = false;
try {
// calling this for a GET request WSDL query etc can cause problems
String method = hreq.getMethod();
if (context != null) {
context.setUserPrincipal(null);
}
WebServiceEndpoint endpoint = epInfo.getEndpoint();
String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
if (method.equals("GET") || !endpoint.hasAuthMethod()) {
// if (method.equals("GET") || rawAuthInfo == null) {
authenticated = true;
return true;
}
WebPrincipal webPrincipal = null;
String endpointName = endpoint.getEndpointName();
if (endpoint.hasBasicAuth() || rawAuthInfo != null) {
// String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
if (rawAuthInfo == null) {
sendAuthenticationEvents(false, hreq.getRequestURI(), null);
authenticated = false;
return false;
}
List<Object> usernamePassword = parseUsernameAndPassword(rawAuthInfo);
if (usernamePassword != null) {
webPrincipal = new WebPrincipal((String) usernamePassword.get(0), (char[]) usernamePassword.get(1), SecurityContext.init());
} else {
_logger.log(Level.WARNING, LogUtils.BASIC_AUTH_ERROR, endpointName);
}
} else {
// org.apache.coyote.request.X509Certificate
X509Certificate[] certs = (X509Certificate[]) hreq.getAttribute(Globals.CERTIFICATES_ATTR);
if ((certs == null) || (certs.length < 1)) {
certs = (X509Certificate[]) hreq.getAttribute(Globals.SSL_CERTIFICATE_ATTR);
}
if (certs != null) {
webPrincipal = new WebPrincipal(certs, SecurityContext.init());
} else {
_logger.log(Level.WARNING, LogUtils.CLIENT_CERT_ERROR, endpointName);
}
}
if (webPrincipal == null) {
sendAuthenticationEvents(false, hreq.getRequestURI(), null);
return authenticated;
}
RealmAdapter ra = new RealmAdapter(realmName, endpoint.getBundleDescriptor().getModuleID());
authenticated = ra.authenticate(webPrincipal);
if (authenticated == false) {
sendAuthenticationEvents(false, hreq.getRequestURI(), webPrincipal);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("authentication failed for " + endpointName);
}
} else {
sendAuthenticationEvents(true, hreq.getRequestURI(), webPrincipal);
}
if (epInfo instanceof Ejb2RuntimeEndpointInfo) {
// For JAXRPC based EJb endpoints the rest of the steps are not needed
return authenticated;
}
// Setting if userPrincipal in WSCtxt applies for JAXWS endpoints only
epInfo.prepareInvocation(false);
WebServiceContextImpl ctxt = (WebServiceContextImpl) epInfo.getWebServiceContext();
ctxt.setUserPrincipal(webPrincipal);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
if (auditManager != null && auditManager.isAuditOn()) {
auditManager.ejbAsWebServiceInvocation(epInfo.getEndpoint().getEndpointName(), authenticated);
}
}
return authenticated;
}
Also used :
Ejb2RuntimeEndpointInfo(org.glassfish.webservices.Ejb2RuntimeEndpointInfo)
X509Certificate(java.security.cert.X509Certificate)
AuthException(com.sun.enterprise.security.jauth.AuthException)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
RealmAdapter(com.sun.web.security.RealmAdapter)
WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal)
WebServiceContextImpl(org.glassfish.webservices.WebServiceContextImpl)
Example 12 with WebServiceEndpoint
use of com.sun.enterprise.deployment.WebServiceEndpoint in project Payara by payara.
the class WebBundleContext method getHandlerChainContainers.
public HandlerChainContainer[] getHandlerChainContainers(boolean serviceSideHandlerChain, Class declaringClass) {
if (serviceSideHandlerChain) {
List<WebServiceEndpoint> result = new ArrayList<WebServiceEndpoint>();
for (WebServiceEndpoint endpoint : getDescriptor().getWebServices().getEndpoints()) {
if (endpoint.getWebComponentImpl().getWebComponentImplementation().equals(declaringClass.getName())) {
result.add(endpoint);
}
}
return (result.toArray(new HandlerChainContainer[result.size()]));
} else {
List<ServiceReferenceDescriptor> result = new ArrayList<ServiceReferenceDescriptor>();
result.addAll(getDescriptor().getServiceReferenceDescriptors());
return (result.toArray(new HandlerChainContainer[result.size()]));
}
}
Also used :
HandlerChainContainer(com.sun.enterprise.deployment.types.HandlerChainContainer)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
ArrayList(java.util.ArrayList)
ServiceReferenceDescriptor(com.sun.enterprise.deployment.ServiceReferenceDescriptor)
Example 13 with WebServiceEndpoint
use of com.sun.enterprise.deployment.WebServiceEndpoint in project Payara by payara.
the class PipeHelper method auditInvocation.
public void auditInvocation(Packet request, AuthStatus status) {
if (auditManager.isAuditOn()) {
String uri = null;
if (!isEjbEndpoint && request != null && request.supports(MessageContext.SERVLET_REQUEST)) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request.get(MessageContext.SERVLET_REQUEST);
uri = httpServletRequest.getRequestURI();
}
String endpointName = null;
if (map != null) {
WebServiceEndpoint endpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
if (endpoint != null) {
endpointName = endpoint.getEndpointName();
}
}
if (endpointName == null) {
endpointName = "(no endpoint)";
}
if (isEjbEndpoint) {
auditManager.ejbAsWebServiceInvocation(endpointName, AuthStatus.SUCCESS.equals(status));
} else {
auditManager.webServiceInvocation(((uri == null) ? "(no uri)" : uri), endpointName, AuthStatus.SUCCESS.equals(status));
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
Example 14 with WebServiceEndpoint
use of com.sun.enterprise.deployment.WebServiceEndpoint in project Payara by payara.
the class PipeHelper method processSunDeploymentDescriptor.
private boolean processSunDeploymentDescriptor() {
if (factory == null) {
return false;
}
MessageSecurityBindingDescriptor binding = AuthMessagePolicy.getMessageSecurityBinding(PipeConstants.SOAP_LAYER, map);
if (binding != null) {
if (!hasExactMatchAuthProvider()) {
String jmacProviderRegisID = factory.registerConfigProvider(new GFServerConfigProvider(null, null), layer, appCtxt, "GF AuthConfigProvider bound by Sun Specific Descriptor");
this.setJmacProviderRegisID(jmacProviderRegisID);
}
}
WebServiceEndpoint e = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
return (e == null ? false : e.implementedByEjbComponent());
}
Also used :
MessageSecurityBindingDescriptor(com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor)
GFServerConfigProvider(com.sun.enterprise.security.jmac.config.GFServerConfigProvider)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
Example 15 with WebServiceEndpoint
use of com.sun.enterprise.deployment.WebServiceEndpoint in project Payara by payara.
the class PipeHelper method authorize.
public void authorize(Packet request) throws Exception {
// SecurityContext constructor should set initiator to
// unathenticated if Subject is null or empty
Subject s = (Subject) request.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
if (s == null || (s.getPrincipals().isEmpty() && s.getPublicCredentials().isEmpty())) {
SecurityContext.setUnauthenticatedContext();
} else {
SecurityContext sC = new SecurityContext(s);
SecurityContext.setCurrent(sC);
}
if (isEjbEndpoint) {
if (invManager == null) {
throw new RuntimeException(localStrings.getLocalString("enterprise.webservice.noEjbInvocationManager", "Cannot validate request : invocation manager null for EJB WebService"));
}
ComponentInvocation inv = (ComponentInvocation) invManager.getCurrentInvocation();
// consumed
if (ejbDelegate != null) {
ejbDelegate.setSOAPMessage(request.getMessage(), inv);
}
Exception ie;
Method m = null;
if (seiModel != null) {
JavaMethod jm = request.getMessage().getMethod(seiModel);
m = (jm != null) ? jm.getMethod() : null;
} else {
// WebServiceProvider
WebServiceEndpoint endpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
EjbDescriptor ejbDescriptor = endpoint.getEjbComponentImpl();
if (ejbDescriptor != null) {
final String ejbImplClassName = ejbDescriptor.getEjbImplClassName();
if (ejbImplClassName != null) {
try {
m = (Method) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class clazz = Class.forName(ejbImplClassName, true, loader);
return clazz.getMethod("invoke", new Class[] { Object.class });
}
});
} catch (PrivilegedActionException pae) {
throw new RuntimeException(pae.getException());
}
}
}
}
if (m != null) {
if (ejbDelegate != null) {
try {
if (!ejbDelegate.authorize(inv, m)) {
throw new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
}
} catch (UnmarshalException e) {
String errorMsg = localStrings.getLocalString("enterprise.webservice.errorUnMarshalMethod", "Error unmarshalling method for ejb {0}", new Object[] { ejbName() });
ie = new UnmarshalException(errorMsg);
ie.initCause(e);
throw ie;
} catch (Exception e) {
ie = new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
ie.initCause(e);
throw ie;
}
}
}
}
}
Also used :
ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation)
PrivilegedActionException(java.security.PrivilegedActionException)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Method(java.lang.reflect.Method)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
UnmarshalException(javax.xml.bind.UnmarshalException)
AuthException(javax.security.auth.message.AuthException)
WebServiceException(javax.xml.ws.WebServiceException)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
UnmarshalException(javax.xml.bind.UnmarshalException)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Aggregations
WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)23
ServiceReferenceDescriptor (com.sun.enterprise.deployment.ServiceReferenceDescriptor)5
WebService (com.sun.enterprise.deployment.WebService)5
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)4
ArrayList (java.util.ArrayList)4
EjbBundleDescriptor (com.sun.enterprise.deployment.EjbBundleDescriptor)3
HandlerChainContainer (com.sun.enterprise.deployment.types.HandlerChainContainer)3
Iterator (java.util.Iterator)3
QName (javax.xml.namespace.QName)3
WebServiceHandler (com.sun.enterprise.deployment.WebServiceHandler)2
WebServicesDescriptor (com.sun.enterprise.deployment.WebServicesDescriptor)2
MessageSecurityBindingDescriptor (com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor)2
Model (com.sun.xml.rpc.spi.model.Model)2
Port (com.sun.xml.rpc.spi.model.Port)2
URL (java.net.URL)2
Collection (java.util.Collection)2
HashSet (java.util.HashSet)2
Application (com.sun.enterprise.deployment.Application)1
BundleDescriptor (com.sun.enterprise.deployment.BundleDescriptor)1
ServiceRefPortInfo (com.sun.enterprise.deployment.ServiceRefPortInfo)1
