Search in sources :

Example 1 with RealmAdapter

use of com.sun.web.security.RealmAdapter in project Payara by payara.

the class SecurityServiceImpl method doSecurity.

public boolean doSecurity(HttpServletRequest hreq, EjbRuntimeEndpointInfo epInfo, String realmName, WebServiceContextImpl context) {
    // BUG2263 - Clear the value of UserPrincipal from previous request
    // If authentication succeeds, the proper value will be set later in
    // this method.
    boolean authenticated = false;
    try {
        // calling this for a GET request WSDL query etc can cause problems
        String method = hreq.getMethod();
        if (context != null) {
            context.setUserPrincipal(null);
        }
        WebServiceEndpoint endpoint = epInfo.getEndpoint();
        String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
        if (method.equals("GET") || !endpoint.hasAuthMethod()) {
            // if (method.equals("GET") || rawAuthInfo == null) {
            authenticated = true;
            return true;
        }
        WebPrincipal webPrincipal = null;
        String endpointName = endpoint.getEndpointName();
        if (endpoint.hasBasicAuth() || rawAuthInfo != null) {
            // String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
            if (rawAuthInfo == null) {
                sendAuthenticationEvents(false, hreq.getRequestURI(), null);
                authenticated = false;
                return false;
            }
            List<Object> usernamePassword = parseUsernameAndPassword(rawAuthInfo);
            if (usernamePassword != null) {
                webPrincipal = new WebPrincipal((String) usernamePassword.get(0), (char[]) usernamePassword.get(1), SecurityContext.init());
            } else {
                _logger.log(Level.WARNING, LogUtils.BASIC_AUTH_ERROR, endpointName);
            }
        } else {
            // org.apache.coyote.request.X509Certificate
            X509Certificate[] certs = (X509Certificate[]) hreq.getAttribute(Globals.CERTIFICATES_ATTR);
            if ((certs == null) || (certs.length < 1)) {
                certs = (X509Certificate[]) hreq.getAttribute(Globals.SSL_CERTIFICATE_ATTR);
            }
            if (certs != null) {
                webPrincipal = new WebPrincipal(certs, SecurityContext.init());
            } else {
                _logger.log(Level.WARNING, LogUtils.CLIENT_CERT_ERROR, endpointName);
            }
        }
        if (webPrincipal == null) {
            sendAuthenticationEvents(false, hreq.getRequestURI(), null);
            return authenticated;
        }
        RealmAdapter ra = new RealmAdapter(realmName, endpoint.getBundleDescriptor().getModuleID());
        authenticated = ra.authenticate(webPrincipal);
        if (authenticated == false) {
            sendAuthenticationEvents(false, hreq.getRequestURI(), webPrincipal);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine("authentication failed for " + endpointName);
            }
        } else {
            sendAuthenticationEvents(true, hreq.getRequestURI(), webPrincipal);
        }
        if (epInfo instanceof Ejb2RuntimeEndpointInfo) {
            // For JAXRPC based EJb endpoints the rest of the steps are not needed
            return authenticated;
        }
        // Setting if userPrincipal in WSCtxt applies for JAXWS endpoints only
        epInfo.prepareInvocation(false);
        WebServiceContextImpl ctxt = (WebServiceContextImpl) epInfo.getWebServiceContext();
        ctxt.setUserPrincipal(webPrincipal);
    } catch (Exception e) {
        throw new RuntimeException(e);
    } finally {
        if (auditManager != null && auditManager.isAuditOn()) {
            auditManager.ejbAsWebServiceInvocation(epInfo.getEndpoint().getEndpointName(), authenticated);
        }
    }
    return authenticated;
}
Also used : Ejb2RuntimeEndpointInfo(org.glassfish.webservices.Ejb2RuntimeEndpointInfo) X509Certificate(java.security.cert.X509Certificate) AuthException(com.sun.enterprise.security.jauth.AuthException) WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint) RealmAdapter(com.sun.web.security.RealmAdapter) WebPrincipal(com.sun.enterprise.security.web.integration.WebPrincipal) WebServiceContextImpl(org.glassfish.webservices.WebServiceContextImpl)

Aggregations

WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)1 AuthException (com.sun.enterprise.security.jauth.AuthException)1 WebPrincipal (com.sun.enterprise.security.web.integration.WebPrincipal)1 RealmAdapter (com.sun.web.security.RealmAdapter)1 X509Certificate (java.security.cert.X509Certificate)1 Ejb2RuntimeEndpointInfo (org.glassfish.webservices.Ejb2RuntimeEndpointInfo)1 WebServiceContextImpl (org.glassfish.webservices.WebServiceContextImpl)1