use of org.glassfish.webservices.Ejb2RuntimeEndpointInfo in project Payara by payara.
the class SecurityServiceImpl method doSecurity.
public boolean doSecurity(HttpServletRequest hreq, EjbRuntimeEndpointInfo epInfo, String realmName, WebServiceContextImpl context) {
// BUG2263 - Clear the value of UserPrincipal from previous request
// If authentication succeeds, the proper value will be set later in
// this method.
boolean authenticated = false;
try {
// calling this for a GET request WSDL query etc can cause problems
String method = hreq.getMethod();
if (context != null) {
context.setUserPrincipal(null);
}
WebServiceEndpoint endpoint = epInfo.getEndpoint();
String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
if (method.equals("GET") || !endpoint.hasAuthMethod()) {
// if (method.equals("GET") || rawAuthInfo == null) {
authenticated = true;
return true;
}
WebPrincipal webPrincipal = null;
String endpointName = endpoint.getEndpointName();
if (endpoint.hasBasicAuth() || rawAuthInfo != null) {
// String rawAuthInfo = hreq.getHeader(AUTHORIZATION_HEADER);
if (rawAuthInfo == null) {
sendAuthenticationEvents(false, hreq.getRequestURI(), null);
authenticated = false;
return false;
}
List<Object> usernamePassword = parseUsernameAndPassword(rawAuthInfo);
if (usernamePassword != null) {
webPrincipal = new WebPrincipal((String) usernamePassword.get(0), (char[]) usernamePassword.get(1), SecurityContext.init());
} else {
_logger.log(Level.WARNING, LogUtils.BASIC_AUTH_ERROR, endpointName);
}
} else {
// org.apache.coyote.request.X509Certificate
X509Certificate[] certs = (X509Certificate[]) hreq.getAttribute(Globals.CERTIFICATES_ATTR);
if ((certs == null) || (certs.length < 1)) {
certs = (X509Certificate[]) hreq.getAttribute(Globals.SSL_CERTIFICATE_ATTR);
}
if (certs != null) {
webPrincipal = new WebPrincipal(certs, SecurityContext.init());
} else {
_logger.log(Level.WARNING, LogUtils.CLIENT_CERT_ERROR, endpointName);
}
}
if (webPrincipal == null) {
sendAuthenticationEvents(false, hreq.getRequestURI(), null);
return authenticated;
}
RealmAdapter ra = new RealmAdapter(realmName, endpoint.getBundleDescriptor().getModuleID());
authenticated = ra.authenticate(webPrincipal);
if (authenticated == false) {
sendAuthenticationEvents(false, hreq.getRequestURI(), webPrincipal);
if (_logger.isLoggable(Level.FINE)) {
_logger.fine("authentication failed for " + endpointName);
}
} else {
sendAuthenticationEvents(true, hreq.getRequestURI(), webPrincipal);
}
if (epInfo instanceof Ejb2RuntimeEndpointInfo) {
// For JAXRPC based EJb endpoints the rest of the steps are not needed
return authenticated;
}
// Setting if userPrincipal in WSCtxt applies for JAXWS endpoints only
epInfo.prepareInvocation(false);
WebServiceContextImpl ctxt = (WebServiceContextImpl) epInfo.getWebServiceContext();
ctxt.setUserPrincipal(webPrincipal);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
if (auditManager != null && auditManager.isAuditOn()) {
auditManager.ejbAsWebServiceInvocation(epInfo.getEndpoint().getEndpointName(), authenticated);
}
}
return authenticated;
}
Aggregations