Search in sources :

Example 1 with AuthException

use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.

the class ServletSystemHandlerDelegate method processRequest.

/**
 * The processRequest method is invoked with an object that implements
 * com.sun.xml.rpc.spi.runtime.SOAPMessageContext.
 * <p>
 * When this method is called by the JAXRPCServletDelegate (on the server side of jaxrpc servlet
 * container invocation processing) it must be called just before the call to
 * implementor.getTie().handle(), and at the time of the request message and the following
 * properties must have been set on the SOAPMessageContext.
 * <p>
 * com.sun.xml.rpc.server.http.MessageContextProperties.IMPLEMENTOR <br>
 * This property must be set to the com.sun.xml.rpc.spi.runtime.Implementor object corresponding to
 * the target endpoint.
 * <p>
 * com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_REQUEST <br>
 * This property must be set to the javax.servlet.http.HttpServletRequest object containing the
 * JAXRPC invocation.
 * <p>
 * com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_RESPONSE <br>
 * This property must be set to the javax.servlet.http.HttpServletResponse object corresponding to
 * the JAXRPC invocation.
 * <p>
 * com.sun.xml.rpc.server.MessageContextProperties.HTTP_SERVLET_CONTEXT <br>
 * This property must be set to the javax.servlet.ServletContext object corresponding to web
 * application in which the JAXRPC servlet is running.
 *
 * @param messageContext the SOAPMessageContext object containing the request message and the
 * properties described above.
 * @return true if processing by the delegate was such that the caller should continue with its
 * normal message processing. Returns false if the processing by the delegate resulted in the
 * messageContext containing a response message that should be returned without the caller proceding
 * to its normal message processing.
 * @throws java.lang.RuntimeException when the processing by the delegate failed, without yielding a
 * response message. In this case, the expectation is that the caller will return a HTTP layer
 * response code reporting that an internal error occured.
 */
@Override
public boolean processRequest(SOAPMessageContext messageContext) {
    if (_logger.isLoggable(Level.FINE)) {
        _logger.fine("ws.processRequest");
    }
    final SOAPMessageContext finalMC = messageContext;
    Implementor implementor = (Implementor) messageContext.getProperty(IMPLEMENTOR);
    final Tie tie = implementor.getTie();
    StreamingHandler handler = (StreamingHandler) implementor.getTie();
    SOAPMessage request = finalMC.getMessage();
    final ServerAuthContext sAC = config_.getAuthContext(handler, request);
    boolean status = true;
    try {
        if (sAC != null) {
            status = false;
            // proceed to process message security
            status = WebServiceSecurity.validateRequest(finalMC, sAC);
            if (status) {
                messageContext.setProperty(SERVER_AUTH_CONTEXT, sAC);
            }
        }
    } catch (AuthException ae) {
        _logger.log(Level.SEVERE, LogUtils.ERROR_REQUEST_VALIDATION, ae);
        throw new RuntimeException(ae);
    } finally {
        WebServiceSecurity.auditInvocation(messageContext, endpoint_, status);
    }
    if (status) {
        if (System.getSecurityManager() != null) {
            // on this branch, the endpoint invocation and the
            // processing of the response will be initiated from
            // within the system handler delegate. delegate returns
            // false so that dispatcher will not invoke the endpoint.
            status = false;
            try {
                Subject.doAsPrivileged(SecurityContext.getCurrent().getSubject(), new PrivilegedExceptionAction() {

                    @Override
                    public Object run() throws Exception {
                        tie.handle(finalMC);
                        processResponse(finalMC);
                        return null;
                    }
                }, null);
            } catch (PrivilegedActionException pae) {
                Throwable cause = pae.getCause();
                if (cause instanceof AuthException) {
                    _logger.log(Level.SEVERE, LogUtils.ERROR_RESPONSE_SECURING, cause);
                }
                RuntimeException re = null;
                if (cause instanceof RuntimeException) {
                    re = (RuntimeException) cause;
                } else {
                    re = new RuntimeException(cause);
                }
                throw re;
            }
        }
    }
    return status;
}
Also used : Implementor(com.sun.xml.rpc.spi.runtime.Implementor) PrivilegedActionException(java.security.PrivilegedActionException) StreamingHandler(com.sun.xml.rpc.spi.runtime.StreamingHandler) AuthException(com.sun.enterprise.security.jauth.AuthException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) SOAPMessage(javax.xml.soap.SOAPMessage) PrivilegedActionException(java.security.PrivilegedActionException) AuthException(com.sun.enterprise.security.jauth.AuthException) ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext) Tie(com.sun.xml.rpc.spi.runtime.Tie) SOAPMessageContext(com.sun.xml.rpc.spi.runtime.SOAPMessageContext)

Example 2 with AuthException

use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.

the class SecurityServiceImpl method validateRequest.

@Override
public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
    ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
    if (authConfig == null) {
        return true;
    }
    ServerAuthContext serverAuthContext = authConfig.getAuthContext(implementor, context.getMessage());
    req.set(new WeakReference<SOAPMessage>(context.getMessage()));
    if (serverAuthContext == null) {
        return true;
    }
    try {
        return WebServiceSecurity.validateRequest(context, serverAuthContext);
    } catch (AuthException ex) {
        _logger.log(SEVERE, EXCEPTION_THROWN, ex);
        if (req.get() != null) {
            req.get().clear();
            req.set(null);
        }
        throw new RuntimeException(ex);
    }
}
Also used : AuthException(com.sun.enterprise.security.jauth.AuthException) SOAPMessage(javax.xml.soap.SOAPMessage) ServerAuthConfig(com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig) ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)

Example 3 with AuthException

use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.

the class SecurityServiceImpl method secureResponse.

@Override
public void secureResponse(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext msgContext) {
    if (serverAuthConfig != null) {
        ServerAuthConfig config = (ServerAuthConfig) serverAuthConfig;
        SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
        try {
            ServerAuthContext serverAuthContext = config.getAuthContext(implementor, reqmsg);
            if (serverAuthContext != null) {
                try {
                    WebServiceSecurity.secureResponse(msgContext, serverAuthContext);
                } catch (AuthException ex) {
                    _logger.log(SEVERE, EXCEPTION_THROWN, ex);
                    throw new RuntimeException(ex);
                }
            }
        } finally {
            if (req.get() != null) {
                req.get().clear();
                req.set(null);
            }
        }
    }
}
Also used : AuthException(com.sun.enterprise.security.jauth.AuthException) SOAPMessage(javax.xml.soap.SOAPMessage) ServerAuthConfig(com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig) ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)

Example 4 with AuthException

use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.

the class WebServiceSecurity method validateResponse.

private static boolean validateResponse(SOAPMessage response, HashMap sharedState, ClientAuthContext cAC) throws AuthException {
    boolean rvalue = true;
    // get a subject to be filled in with the principals of the responder
    Subject responderSubject = new Subject();
    SOAPAuthParam param = new SOAPAuthParam(null, response);
    try {
        cAC.validateResponse(param, responderSubject, sharedState);
    } catch (AuthException ae) {
        _logger.log(Level.SEVERE, LogUtils.ERROR_RESPONSE_VALIDATION, ae);
        rvalue = false;
        throw ae;
    } finally {
        cAC.disposeSubject(responderSubject, sharedState);
    }
    return rvalue;
}
Also used : SOAPAuthParam(com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam) AuthException(com.sun.enterprise.security.jauth.AuthException) Subject(javax.security.auth.Subject)

Aggregations

AuthException (com.sun.enterprise.security.jauth.AuthException)4 ServerAuthContext (com.sun.enterprise.security.jauth.ServerAuthContext)3 SOAPMessage (javax.xml.soap.SOAPMessage)3 ServerAuthConfig (com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig)2 SOAPAuthParam (com.sun.enterprise.security.jauth.jaspic.provider.SOAPAuthParam)1 Implementor (com.sun.xml.rpc.spi.runtime.Implementor)1 SOAPMessageContext (com.sun.xml.rpc.spi.runtime.SOAPMessageContext)1 StreamingHandler (com.sun.xml.rpc.spi.runtime.StreamingHandler)1 Tie (com.sun.xml.rpc.spi.runtime.Tie)1 PrivilegedActionException (java.security.PrivilegedActionException)1 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1 Subject (javax.security.auth.Subject)1