You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by de...@apache.org on 2010/06/02 10:47:29 UTC
svn commit: r950429 - in /geronimo/server/branches/2.2/plugins:
axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java
tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
Author: delos
Date: Wed Jun 2 08:47:28 2010
New Revision: 950429
URL: http://svn.apache.org/viewvc?rev=950429&view=rev
Log:
GERONIMO-4738 return HTTP 403 if any EJBAccessException is encountered
Modified:
geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java
geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
Modified: geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java?rev=950429&r1=950428&r2=950429&view=diff
==============================================================================
--- geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java (original)
+++ geronimo/server/branches/2.2/plugins/axis2/geronimo-axis2/src/main/java/org/apache/geronimo/axis2/Axis2WebServiceContainer.java Wed Jun 2 08:47:28 2010
@@ -24,6 +24,7 @@ import java.net.URI;
import java.net.URL;
import java.util.List;
+import javax.ejb.EJBAccessException;
import javax.naming.Context;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
@@ -256,7 +257,10 @@ public abstract class Axis2WebServiceCon
// If the fault is not going along the back channel we should be 202ing
if (AddressingHelper.isFaultRedirected(msgContext)) {
response.setStatusCode(HttpURLConnection.HTTP_ACCEPTED);
- } else {
+ } else if (e != null && e.getCause()!=null && e.getCause().getCause() instanceof EJBAccessException) {
+ //GERONIMO-4738
+ response.setStatusCode(HttpURLConnection.HTTP_FORBIDDEN);
+ }else {
response.setStatusCode(HttpURLConnection.HTTP_INTERNAL_ERROR);
}
Modified: geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java?rev=950429&r1=950428&r2=950429&view=diff
==============================================================================
--- geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java (original)
+++ geronimo/server/branches/2.2/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/security/SecurityValve.java Wed Jun 2 08:47:28 2010
@@ -24,11 +24,13 @@ import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Globals;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
+import org.apache.geronimo.tomcat.security.jacc.JACCEJBWebServiceAuthorizer;
/**
* @version $Rev$ $Date$
@@ -48,10 +50,12 @@ public class SecurityValve extends Valve
public void invoke(Request request, Response response) throws IOException, ServletException {
Object constraints = authorizer.getConstraints(request);
-
+
+
if (!authorizer.hasUserDataPermissions(request, constraints)) {
//redirect to secure port?
- if (!response.isError() && !request.getRequest().isSecure()) {
+ //only for non web service request
+ if (!response.isError() && !request.getRequest().isSecure() && !(authorizer instanceof JACCEJBWebServiceAuthorizer)) {
// Redirect to the corresponding SSL port
StringBuffer file = new StringBuffer();
String protocol = "https";
@@ -59,6 +63,15 @@ public class SecurityValve extends Valve
// Protocol
file.append(protocol).append("://").append(host);
int redirectPort = request.getConnector().getRedirectPort();
+
+ // Is redirecting disabled?
+ if (redirectPort <= 0) {
+ response.sendError
+ (HttpServletResponse.SC_FORBIDDEN,
+ request.getRequestURI());
+ return ;
+ }
+
// Host with port
if(redirectPort != 443) {
file.append(":").append(redirectPort);
@@ -79,9 +92,12 @@ public class SecurityValve extends Valve
file.append(queryString);
}
response.sendRedirect(file.toString());
+ }else{
+ response.sendError(response.SC_FORBIDDEN);
}
return;
}
+
boolean isAuthMandatory = authorizer.isAuthMandatory(request, constraints);
try {