Example 1 with ServerAuthContext
use of com.sun.enterprise.security.jauth.ServerAuthContext in project Payara by payara.
the class ServletSystemHandlerDelegate method processRequest.
/**
* The processRequest method is invoked with an object that implements
* com.sun.xml.rpc.spi.runtime.SOAPMessageContext.
* <p>
* When this method is called by the JAXRPCServletDelegate (on the server side of jaxrpc servlet
* container invocation processing) it must be called just before the call to
* implementor.getTie().handle(), and at the time of the request message and the following
* properties must have been set on the SOAPMessageContext.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.IMPLEMENTOR <br>
* This property must be set to the com.sun.xml.rpc.spi.runtime.Implementor object corresponding to
* the target endpoint.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_REQUEST <br>
* This property must be set to the javax.servlet.http.HttpServletRequest object containing the
* JAXRPC invocation.
* <p>
* com.sun.xml.rpc.server.http.MessageContextProperties.HTTP_SERVLET_RESPONSE <br>
* This property must be set to the javax.servlet.http.HttpServletResponse object corresponding to
* the JAXRPC invocation.
* <p>
* com.sun.xml.rpc.server.MessageContextProperties.HTTP_SERVLET_CONTEXT <br>
* This property must be set to the javax.servlet.ServletContext object corresponding to web
* application in which the JAXRPC servlet is running.
*
* @param messageContext the SOAPMessageContext object containing the request message and the
* properties described above.
* @return true if processing by the delegate was such that the caller should continue with its
* normal message processing. Returns false if the processing by the delegate resulted in the
* messageContext containing a response message that should be returned without the caller proceding
* to its normal message processing.
* @throws java.lang.RuntimeException when the processing by the delegate failed, without yielding a
* response message. In this case, the expectation is that the caller will return a HTTP layer
* response code reporting that an internal error occured.
*/
@Override
public boolean processRequest(SOAPMessageContext messageContext) {
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("ws.processRequest");
}
final SOAPMessageContext finalMC = messageContext;
Implementor implementor = (Implementor) messageContext.getProperty(IMPLEMENTOR);
final Tie tie = implementor.getTie();
StreamingHandler handler = (StreamingHandler) implementor.getTie();
SOAPMessage request = finalMC.getMessage();
final ServerAuthContext sAC = config_.getAuthContext(handler, request);
boolean status = true;
try {
if (sAC != null) {
status = false;
// proceed to process message security
status = WebServiceSecurity.validateRequest(finalMC, sAC);
if (status) {
messageContext.setProperty(SERVER_AUTH_CONTEXT, sAC);
}
}
} catch (AuthException ae) {
_logger.log(Level.SEVERE, LogUtils.ERROR_REQUEST_VALIDATION, ae);
throw new RuntimeException(ae);
} finally {
WebServiceSecurity.auditInvocation(messageContext, endpoint_, status);
}
if (status) {
if (System.getSecurityManager() != null) {
// on this branch, the endpoint invocation and the
// processing of the response will be initiated from
// within the system handler delegate. delegate returns
// false so that dispatcher will not invoke the endpoint.
status = false;
try {
Subject.doAsPrivileged(SecurityContext.getCurrent().getSubject(), new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
tie.handle(finalMC);
processResponse(finalMC);
return null;
}
}, null);
} catch (PrivilegedActionException pae) {
Throwable cause = pae.getCause();
if (cause instanceof AuthException) {
_logger.log(Level.SEVERE, LogUtils.ERROR_RESPONSE_SECURING, cause);
}
RuntimeException re = null;
if (cause instanceof RuntimeException) {
re = (RuntimeException) cause;
} else {
re = new RuntimeException(cause);
}
throw re;
}
}
}
return status;
}
Also used :
Implementor(com.sun.xml.rpc.spi.runtime.Implementor)
PrivilegedActionException(java.security.PrivilegedActionException)
StreamingHandler(com.sun.xml.rpc.spi.runtime.StreamingHandler)
AuthException(com.sun.enterprise.security.jauth.AuthException)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
SOAPMessage(javax.xml.soap.SOAPMessage)
PrivilegedActionException(java.security.PrivilegedActionException)
AuthException(com.sun.enterprise.security.jauth.AuthException)
ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)
Tie(com.sun.xml.rpc.spi.runtime.Tie)
SOAPMessageContext(com.sun.xml.rpc.spi.runtime.SOAPMessageContext)
Example 2 with ServerAuthContext
use of com.sun.enterprise.security.jauth.ServerAuthContext in project Payara by payara.
the class SecurityServiceImpl method validateRequest.
@Override
public boolean validateRequest(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext context) {
ServerAuthConfig authConfig = (ServerAuthConfig) serverAuthConfig;
if (authConfig == null) {
return true;
}
ServerAuthContext serverAuthContext = authConfig.getAuthContext(implementor, context.getMessage());
req.set(new WeakReference<SOAPMessage>(context.getMessage()));
if (serverAuthContext == null) {
return true;
}
try {
return WebServiceSecurity.validateRequest(context, serverAuthContext);
} catch (AuthException ex) {
_logger.log(SEVERE, EXCEPTION_THROWN, ex);
if (req.get() != null) {
req.get().clear();
req.set(null);
}
throw new RuntimeException(ex);
}
}
Also used :
AuthException(com.sun.enterprise.security.jauth.AuthException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServerAuthConfig(com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig)
ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)
Example 3 with ServerAuthContext
use of com.sun.enterprise.security.jauth.ServerAuthContext in project Payara by payara.
the class ServerAuthConfig method getConfig.
public static ServerAuthConfig getConfig(String authLayer, MessageSecurityBindingDescriptor binding, CallbackHandler cbh) throws AuthException {
ServerAuthConfig rvalue = null;
String provider = null;
List<MessageSecurityDescriptor> descriptors = null;
ServerAuthContext defaultContext = null;
if (binding != null) {
String layer = binding.getAttributeValue(AUTH_LAYER);
if (authLayer != null && layer.equals(authLayer)) {
provider = binding.getAttributeValue(PROVIDER_ID);
descriptors = binding.getMessageSecurityDescriptors();
}
}
if (descriptors == null || descriptors.size() == 0) {
defaultContext = getAuthContext(authLayer, provider, null, null, cbh);
if (defaultContext != null) {
rvalue = new ServerAuthConfig(defaultContext);
}
} else {
boolean hasPolicy = false;
ArrayList authContexts = new ArrayList();
for (int i = 0; i < descriptors.size(); i++) {
MessageSecurityDescriptor msd = (MessageSecurityDescriptor) descriptors.get(i);
AuthPolicy requestPolicy = getAuthPolicy(msd.getRequestProtectionDescriptor());
AuthPolicy responsePolicy = getAuthPolicy(msd.getResponseProtectionDescriptor());
if (requestPolicy.authRequired() || responsePolicy.authRequired()) {
authContexts.add(getAuthContext(authLayer, provider, requestPolicy, responsePolicy, cbh));
hasPolicy = true;
} else {
authContexts.add(null);
}
}
if (hasPolicy) {
rvalue = new ServerAuthConfig(descriptors, authContexts);
}
}
return rvalue;
}
Also used :
AuthPolicy(com.sun.enterprise.security.jauth.AuthPolicy)
ArrayList(java.util.ArrayList)
MessageSecurityDescriptor(com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)
ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)
Example 4 with ServerAuthContext
use of com.sun.enterprise.security.jauth.ServerAuthContext in project Payara by payara.
the class SecurityServiceImpl method secureResponse.
@Override
public void secureResponse(Object serverAuthConfig, StreamingHandler implementor, SOAPMessageContext msgContext) {
if (serverAuthConfig != null) {
ServerAuthConfig config = (ServerAuthConfig) serverAuthConfig;
SOAPMessage reqmsg = (req.get() != null) ? req.get().get() : msgContext.getMessage();
try {
ServerAuthContext serverAuthContext = config.getAuthContext(implementor, reqmsg);
if (serverAuthContext != null) {
try {
WebServiceSecurity.secureResponse(msgContext, serverAuthContext);
} catch (AuthException ex) {
_logger.log(SEVERE, EXCEPTION_THROWN, ex);
throw new RuntimeException(ex);
}
}
} finally {
if (req.get() != null) {
req.get().clear();
req.set(null);
}
}
}
}
Also used :
AuthException(com.sun.enterprise.security.jauth.AuthException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServerAuthConfig(com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig)
ServerAuthContext(com.sun.enterprise.security.jauth.ServerAuthContext)
Aggregations
ServerAuthContext (com.sun.enterprise.security.jauth.ServerAuthContext)4
AuthException (com.sun.enterprise.security.jauth.AuthException)3
SOAPMessage (javax.xml.soap.SOAPMessage)3
ServerAuthConfig (com.sun.enterprise.security.jauth.jaspic.provider.ServerAuthConfig)2
MessageSecurityDescriptor (com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor)1
AuthPolicy (com.sun.enterprise.security.jauth.AuthPolicy)1
Implementor (com.sun.xml.rpc.spi.runtime.Implementor)1
SOAPMessageContext (com.sun.xml.rpc.spi.runtime.SOAPMessageContext)1
StreamingHandler (com.sun.xml.rpc.spi.runtime.StreamingHandler)1
Tie (com.sun.xml.rpc.spi.runtime.Tie)1
PrivilegedActionException (java.security.PrivilegedActionException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
ArrayList (java.util.ArrayList)1
