You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by de...@apache.org on 2010/06/02 10:47:29 UTC

svn commit: r950429 - in /geronimo/server/branches/2.2/plugins: axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java

Author: delos
Date: Wed Jun  2 08:47:28 2010
New Revision: 950429

URL: http://svn.apache.org/viewvc?rev=950429&view=rev
Log:
GERONIMO-4738 return HTTP 403 if any EJBAccessException is encountered

Modified:
    geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java
    geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java

Modified: geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java?rev=950429&r1=950428&r2=950429&view=diff
==============================================================================
--- geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java (original)
+++ geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java Wed Jun  2 08:47:28 2010
@@ -24,6 +24,7 @@ import java.net.URI;
 import java.net.URL;
 import java.util.List;
 
+import javax.ejb.EJBAccessException;
 import javax.naming.Context;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
@@ -256,7 +257,10 @@ public abstract class Axis2WebServiceCon
         // If the fault is not going along the back channel we should be 202ing
         if (AddressingHelper.isFaultRedirected(msgContext)) {
             response.setStatusCode(HttpURLConnection.HTTP_ACCEPTED);
-        } else {
+        } else if (e != null && e.getCause()!=null && e.getCause().getCause() instanceof EJBAccessException)   {
+        	//GERONIMO-4738
+       	    response.setStatusCode(HttpURLConnection.HTTP_FORBIDDEN);
+       }else {
             response.setStatusCode(HttpURLConnection.HTTP_INTERNAL_ERROR);
         }
         

Modified: geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java?rev=950429&r1=950428&r2=950429&view=diff
==============================================================================
--- geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (original)
+++ geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java Wed Jun  2 08:47:28 2010
@@ -24,11 +24,13 @@ import java.io.IOException;
 import java.security.Principal;
 
 import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.Globals;
 import org.apache.catalina.connector.Request;
 import org.apache.catalina.connector.Response;
 import org.apache.catalina.valves.ValveBase;
+import org.apache.geronimo.tomcat.security.jacc.JACCEJBWebServiceAuthorizer;
 
 /**
  * @version $Rev$ $Date$
@@ -48,10 +50,12 @@ public class SecurityValve extends Valve
     public void invoke(Request request, Response response) throws IOException, ServletException {
 
         Object constraints = authorizer.getConstraints(request);
-
+        
+        
         if (!authorizer.hasUserDataPermissions(request, constraints)) {
             //redirect to secure port?
-            if (!response.isError() && !request.getRequest().isSecure()) {
+        	//only for non web service request
+            if (!response.isError() && !request.getRequest().isSecure() && !(authorizer instanceof JACCEJBWebServiceAuthorizer)) {
             	 // Redirect to the corresponding SSL port
                 StringBuffer file = new StringBuffer();
                 String protocol = "https";
@@ -59,6 +63,15 @@ public class SecurityValve extends Valve
                 // Protocol
                 file.append(protocol).append("://").append(host);
                 int redirectPort = request.getConnector().getRedirectPort();
+                
+                // Is redirecting disabled?
+                if (redirectPort <= 0) {
+                    response.sendError
+                        (HttpServletResponse.SC_FORBIDDEN,
+                         request.getRequestURI());
+                    return ;
+                }
+                
 				// Host with port
                 if(redirectPort != 443) {
                     file.append(":").append(redirectPort);
@@ -79,9 +92,12 @@ public class SecurityValve extends Valve
                     file.append(queryString);
                 }
                 response.sendRedirect(file.toString());
+            }else{
+            	response.sendError(response.SC_FORBIDDEN);
             }
             return;
         }
+       
         boolean isAuthMandatory = authorizer.isAuthMandatory(request, constraints);
 
         try {