Example 1 with SRMAuthenticationException
use of org.dcache.srm.SRMAuthenticationException in project dcache by dCache.
the class SrmAuthorizer method getRequestCredential.
/**
* Obtain a RequestCredential containing the delegated credential for the current user with the
* specified role (primary FQAN). If an existing delegated credential already exists then this
* method will use the "best" available credential, where best is the credential that will
* remain valid for the longest. The method ensures the best credential is saved in the
* storage.
*/
public RequestCredential getRequestCredential() throws SRMAuthenticationException {
X509Certificate[] certificates = Axis.getCertificateChain().orElseThrow(() -> new SRMAuthenticationException("Client's certificate chain is missing from request"));
String dn = Axis.getDN().orElseThrow(() -> new SRMAuthenticationException("Failed to resolve DN"));
X509Credential credential = Axis.getDelegatedCredential().orElse(null);
FQAN role = getPrimary(validator.validate(certificates));
RequestCredential requestCredential = RequestCredential.newRequestCredential(dn, Objects.toString(role, null), storage);
requestCredential.keepBestDelegatedCredential(credential);
requestCredential.saveCredential();
return requestCredential;
}
Also used :
SRMAuthenticationException(org.dcache.srm.SRMAuthenticationException)
X509Credential(eu.emi.security.authn.x509.X509Credential)
RequestCredential(org.dcache.srm.request.RequestCredential)
FQAN(org.dcache.auth.FQAN)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with SRMAuthenticationException
use of org.dcache.srm.SRMAuthenticationException in project dcache by dCache.
the class SrmHandler method handleRequest.
public Object handleRequest(String requestName, Object request) throws RemoteException {
long startTimeStamp = System.currentTimeMillis();
// requestName values all start "srm". This is redundant, so may
// be removed when creating the session id. The initial character is
// converted to lowercase, so "srmPrepareToPut" becomes "prepareToPut".
String session = "srm2:" + Character.toLowerCase(requestName.charAt(3)) + requestName.substring(4);
try (JDC ignored = JDC.createSession(session)) {
for (RequestLogger logger : loggers) {
logger.request(requestName, request);
}
Subject user = Subject.getSubject(AccessController.getContext());
Object response;
if (requestName.equals("srmPing")) {
// Ping is special as it isn't authenticated and unable to return a failure
response = new SrmPingResponse("v2.2", pingExtraInfo);
} else {
try {
response = dispatch(user, requestName, request);
} catch (SRMInternalErrorException e) {
LOGGER.error(e.getMessage());
response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
} catch (SRMAuthorizationException e) {
LOGGER.info(e.getMessage());
response = getFailedResponse(requestName, e.getStatusCode(), "Permission denied.");
} catch (SRMAuthenticationException e) {
LOGGER.warn(e.getMessage());
response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
} catch (SRMException e) {
response = getFailedResponse(requestName, e.getStatusCode(), e.getMessage());
} catch (PermissionDeniedCacheException e) {
response = getFailedResponse(requestName, TStatusCode.SRM_AUTHORIZATION_FAILURE, e.getMessage());
} catch (CacheException e) {
response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, e.getMessage());
} catch (InterruptedException e) {
response = getFailedResponse(requestName, TStatusCode.SRM_FATAL_INTERNAL_ERROR, "Server shutdown.");
} catch (NoRouteToCellException e) {
LOGGER.error(e.getMessage());
response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, "SRM backend serving this request is currently offline.");
}
}
long time = System.currentTimeMillis() - startTimeStamp;
for (RequestLogger logger : loggers) {
logger.response(requestName, request, response, user, time);
}
return response;
}
}
Also used :
SRMAuthorizationException(org.dcache.srm.SRMAuthorizationException)
CacheException(diskCacheV111.util.CacheException)
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
JDC(org.dcache.srm.util.JDC)
ArrayOfString(org.dcache.srm.v2_2.ArrayOfString)
SrmPingResponse(org.dcache.srm.v2_2.SrmPingResponse)
Subject(javax.security.auth.Subject)
SRMInternalErrorException(org.dcache.srm.SRMInternalErrorException)
SRMAuthenticationException(org.dcache.srm.SRMAuthenticationException)
PermissionDeniedCacheException(diskCacheV111.util.PermissionDeniedCacheException)
SRMException(org.dcache.srm.SRMException)
NoRouteToCellException(dmg.cells.nucleus.NoRouteToCellException)
Aggregations
SRMAuthenticationException (org.dcache.srm.SRMAuthenticationException)2
CacheException (diskCacheV111.util.CacheException)1
PermissionDeniedCacheException (diskCacheV111.util.PermissionDeniedCacheException)1
NoRouteToCellException (dmg.cells.nucleus.NoRouteToCellException)1
X509Credential (eu.emi.security.authn.x509.X509Credential)1
X509Certificate (java.security.cert.X509Certificate)1
Subject (javax.security.auth.Subject)1
FQAN (org.dcache.auth.FQAN)1
SRMAuthorizationException (org.dcache.srm.SRMAuthorizationException)1
SRMException (org.dcache.srm.SRMException)1
SRMInternalErrorException (org.dcache.srm.SRMInternalErrorException)1
RequestCredential (org.dcache.srm.request.RequestCredential)1
JDC (org.dcache.srm.util.JDC)1
ArrayOfString (org.dcache.srm.v2_2.ArrayOfString)1
SrmPingResponse (org.dcache.srm.v2_2.SrmPingResponse)1
