Example 1 with JavaMethod
use of com.sun.xml.ws.api.model.JavaMethod in project Payara by payara.
the class PipeHelper method authorize.
public void authorize(Packet request) throws Exception {
// SecurityContext constructor should set initiator to
// unathenticated if Subject is null or empty
Subject s = (Subject) request.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
if (s == null || (s.getPrincipals().isEmpty() && s.getPublicCredentials().isEmpty())) {
SecurityContext.setUnauthenticatedContext();
} else {
SecurityContext sC = new SecurityContext(s);
SecurityContext.setCurrent(sC);
}
if (isEjbEndpoint) {
if (invManager == null) {
throw new RuntimeException(localStrings.getLocalString("enterprise.webservice.noEjbInvocationManager", "Cannot validate request : invocation manager null for EJB WebService"));
}
ComponentInvocation inv = (ComponentInvocation) invManager.getCurrentInvocation();
// consumed
if (ejbDelegate != null) {
ejbDelegate.setSOAPMessage(request.getMessage(), inv);
}
Exception ie;
Method m = null;
if (seiModel != null) {
JavaMethod jm = request.getMessage().getMethod(seiModel);
m = (jm != null) ? jm.getMethod() : null;
} else {
// WebServiceProvider
WebServiceEndpoint endpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
EjbDescriptor ejbDescriptor = endpoint.getEjbComponentImpl();
if (ejbDescriptor != null) {
final String ejbImplClassName = ejbDescriptor.getEjbImplClassName();
if (ejbImplClassName != null) {
try {
m = (Method) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class clazz = Class.forName(ejbImplClassName, true, loader);
return clazz.getMethod("invoke", new Class[] { Object.class });
}
});
} catch (PrivilegedActionException pae) {
throw new RuntimeException(pae.getException());
}
}
}
}
if (m != null) {
if (ejbDelegate != null) {
try {
if (!ejbDelegate.authorize(inv, m)) {
throw new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
}
} catch (UnmarshalException e) {
String errorMsg = localStrings.getLocalString("enterprise.webservice.errorUnMarshalMethod", "Error unmarshalling method for ejb {0}", new Object[] { ejbName() });
ie = new UnmarshalException(errorMsg);
ie.initCause(e);
throw ie;
} catch (Exception e) {
ie = new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
ie.initCause(e);
throw ie;
}
}
}
}
}
Also used :
ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation)
PrivilegedActionException(java.security.PrivilegedActionException)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Method(java.lang.reflect.Method)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
UnmarshalException(javax.xml.bind.UnmarshalException)
AuthException(javax.security.auth.message.AuthException)
WebServiceException(javax.xml.ws.WebServiceException)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
UnmarshalException(javax.xml.bind.UnmarshalException)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Example 2 with JavaMethod
use of com.sun.xml.ws.api.model.JavaMethod in project Payara by payara.
the class PipeHelper method authorize.
public void authorize(Packet request) throws Exception {
// SecurityContext constructor should set initiator to
// unathenticated if Subject is null or empty
Subject s = (Subject) request.invocationProperties.get(PipeConstants.CLIENT_SUBJECT);
if (s == null || (s.getPrincipals().isEmpty() && s.getPublicCredentials().isEmpty())) {
SecurityContext.setUnauthenticatedContext();
} else {
SecurityContext sC = new SecurityContext(s);
SecurityContext.setCurrent(sC);
}
if (isEjbEndpoint) {
if (invManager == null) {
throw new RuntimeException(localStrings.getLocalString("enterprise.webservice.noEjbInvocationManager", "Cannot validate request : invocation manager null for EJB WebService"));
}
ComponentInvocation inv = (ComponentInvocation) invManager.getCurrentInvocation();
// consumed
if (ejbDelegate != null) {
ejbDelegate.setSOAPMessage(request.getMessage(), inv);
}
Exception ie;
Method m = null;
if (seiModel != null) {
JavaMethod jm = request.getMessage().getMethod(seiModel);
m = (jm != null) ? jm.getMethod() : null;
} else {
// WebServiceProvider
WebServiceEndpoint endpoint = (WebServiceEndpoint) map.get(PipeConstants.SERVICE_ENDPOINT);
EjbDescriptor ejbDescriptor = endpoint.getEjbComponentImpl();
if (ejbDescriptor != null) {
final String ejbImplClassName = ejbDescriptor.getEjbImplClassName();
if (ejbImplClassName != null) {
try {
m = (Method) AppservAccessController.doPrivileged(new PrivilegedExceptionAction() {
@Override
public Object run() throws Exception {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class clazz = Class.forName(ejbImplClassName, true, loader);
return clazz.getMethod("invoke", new Class[] { Object.class });
}
});
} catch (PrivilegedActionException pae) {
throw new RuntimeException(pae.getException());
}
}
}
}
if (m != null) {
if (ejbDelegate != null) {
try {
if (!ejbDelegate.authorize(inv, m)) {
throw new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
}
} catch (UnmarshalException e) {
String errorMsg = localStrings.getLocalString("enterprise.webservice.errorUnMarshalMethod", "Error unmarshalling method for ejb {0}", new Object[] { ejbName() });
ie = new UnmarshalException(errorMsg);
ie.initCause(e);
throw ie;
} catch (Exception e) {
ie = new Exception(localStrings.getLocalString("enterprise.webservice.methodNotAuth", "Client not authorized for invocation of {0}", new Object[] { m }));
ie.initCause(e);
throw ie;
}
}
}
}
}
Also used :
ComponentInvocation(org.glassfish.api.invocation.ComponentInvocation)
PrivilegedActionException(java.security.PrivilegedActionException)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Method(java.lang.reflect.Method)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
Subject(javax.security.auth.Subject)
PrivilegedActionException(java.security.PrivilegedActionException)
UnmarshalException(javax.xml.bind.UnmarshalException)
AuthException(javax.security.auth.message.AuthException)
WebServiceException(javax.xml.ws.WebServiceException)
EjbDescriptor(com.sun.enterprise.deployment.EjbDescriptor)
WebServiceEndpoint(com.sun.enterprise.deployment.WebServiceEndpoint)
UnmarshalException(javax.xml.bind.UnmarshalException)
ClientSecurityContext(com.sun.enterprise.security.common.ClientSecurityContext)
SecurityContext(com.sun.enterprise.security.SecurityContext)
JavaMethod(com.sun.xml.ws.api.model.JavaMethod)
Aggregations
EjbDescriptor (com.sun.enterprise.deployment.EjbDescriptor)2
WebServiceEndpoint (com.sun.enterprise.deployment.WebServiceEndpoint)2
SecurityContext (com.sun.enterprise.security.SecurityContext)2
ClientSecurityContext (com.sun.enterprise.security.common.ClientSecurityContext)2
JavaMethod (com.sun.xml.ws.api.model.JavaMethod)2
Method (java.lang.reflect.Method)2
PrivilegedActionException (java.security.PrivilegedActionException)2
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2
Subject (javax.security.auth.Subject)2
AuthException (javax.security.auth.message.AuthException)2
UnmarshalException (javax.xml.bind.UnmarshalException)2
WebServiceException (javax.xml.ws.WebServiceException)2
ComponentInvocation (org.glassfish.api.invocation.ComponentInvocation)2
