use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.
the class ServletSystemHandlerDelegate method processRequest.
/**
* The processRequest method is invoked with an object that implements
* com.sun.xml.rpc.spi.runtime.SOAPMessageContext.
* <p>
* When this method is called by the JAXRPCServletDelegate (on the server side of jaxrpc servlet
* container invocation processing) it must be called just before the call to
* implementor.getTie().handle(), and at the time of the request message and the following
* properties must have been set on the SOAPMessageContext.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.IMPLEMENTOR <br>
* This property must be set to the com.sun.xml.rpc.spi.runtime.Implementor object corresponding to
* the target endpoint.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_REQUEST <br>
* This property must be set to the javax.servlet.http.HttpServletRequest object containing the
* JAXRPC invocation.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_RESPONSE <br>
* This property must be set to the javax.servlet.http.HttpServletResponse object corresponding to
* the JAXRPC invocation.
* <p>
* com.sun.xml.rpc.server.MessageContextProperties.HTTP_SERVLET_CONTEXT <br>
* This property must be set to the javax.servlet.ServletContext object corresponding to web
* application in which the JAXRPC servlet is running.
*
* @param messageContext the SOAPMessageContext object containing the request message and the
* properties described above.
* @return true if processing by the delegate was such that the caller should continue with its
* normal message processing. Returns false if the processing by the delegate resulted in the
* messageContext containing a response message that should be returned without the caller proceding
* to its normal message processing.
* @throws java.lang.RuntimeException when the processing by the delegate failed, without yielding a
* response message. In this case, the expectation is that the caller will return a HTTP layer
* response code reporting that an internal error occured.
*/
@Override
public boolean processRequest(SOAPMessageContext messageContext) {
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("ws.processRequest");
}
final SOAPMessageContext finalMC = messageContext;
Implementor implementor = (Implementor) messageContext.getProperty(IMPLEMENTOR);
final Tie tie = implementor.getTie();
StreamingHandler handler = (StreamingHandler) implementor.getTie();
SOAPMessage request = finalMC.getMessage();
final ServerAuthContext sAC = config_.getAuthContext(handler, request);
boolean status = true;
try {
if (sAC != null) {
status = false;
// proceed to process message security
status = WebServiceSecurity.validateRequest(finalMC, sAC);
if (status) {
messageContext.setProperty(SERVER_AUTH_CONTEXT, sAC);
}
}
} catch (AuthException ae) {
_logger.log(Level.SEVERE, LogUtils.ERROR_REQUEST_VALIDATION, ae);
throw new RuntimeException(ae);
} finally {
WebServiceSecurity.auditInvocation(messageContext, endpoint_, status);
}
if (status) {
if (System.getSecurityManager() != null) {
// on this branch, the endpoint invocation and the
// processing of the response will be initiated from
// within the system handler delegate. delegate returns
// false so that dispatcher will not invoke the endpoint.
status = false;
try {
Subject.doAsPrivileged(SecurityContext.getCurrent().getSubject(), new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
tie.handle(finalMC);
processResponse(finalMC);
return null;
}
}, null);
} catch (PrivilegedActionException pae) {
Throwable cause = pae.getCause();
if (cause instanceof AuthException) {
_logger.log(Level.SEVERE, LogUtils.ERROR_RESPONSE_SECURING, cause);
}
RuntimeException re = null;
if (cause instanceof RuntimeException) {
re = (RuntimeException) cause;
} else {
re = new RuntimeException(cause);
}
throw re;
}
}
}
return status;
}
use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.
the class SecurityServiceImpl method validateRequest.
@Override
public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
if (authConfig == null) {
return true;
}
ServerAuthContext serverAuthContext = authConfig.getAuthContext(implementor, context.getMessage());
req.set(new WeakReference<SOAPMessage>(context.getMessage()));
if (serverAuthContext == null) {
return true;
}
try {
return WebServiceSecurity.validateRequest(context, serverAuthContext);
} catch (AuthException ex) {
_logger.log(SEVERE, EXCEPTION_THROWN, ex);
if (req.get() != null) {
req.get().clear();
req.set(null);
}
throw new RuntimeException(ex);
}
}
use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.
the class SecurityServiceImpl method secureResponse.
@Override
public void secureResponse(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext msgContext) {
if (serverAuthConfig != null) {
ServerAuthConfig config = (ServerAuthConfig) serverAuthConfig;
SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
try {
ServerAuthContext serverAuthContext = config.getAuthContext(implementor, reqmsg);
if (serverAuthContext != null) {
try {
WebServiceSecurity.secureResponse(msgContext, serverAuthContext);
} catch (AuthException ex) {
_logger.log(SEVERE, EXCEPTION_THROWN, ex);
throw new RuntimeException(ex);
}
}
} finally {
if (req.get() != null) {
req.get().clear();
req.set(null);
}
}
}
}
use of com.sun.enterprise.security.jauth.AuthException in project Payara by payara.
the class WebServiceSecurity method validateResponse.
private static boolean validateResponse(SOAPMessage response, HashMap sharedState, ClientAuthContext cAC) throws AuthException {
boolean rvalue = true;
// get a subject to be filled in with the principals of the responder
Subject responderSubject = new Subject();
SOAPAuthParam param = new SOAPAuthParam(null, response);
try {
cAC.validateResponse(param, responderSubject, sharedState);
} catch (AuthException ae) {
_logger.log(Level.SEVERE, LogUtils.ERROR_RESPONSE_VALIDATION, ae);
rvalue = false;
throw ae;
} finally {
cAC.disposeSubject(responderSubject, sharedState);
}
return rvalue;
}
Aggregations