You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by lr...@apache.org on 2009/12/15 01:58:48 UTC
svn commit: r890591 - in /tuscany/sca-java-1.x/trunk/modules:
binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/
policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/
Author: lresende
Date: Tue Dec 15 00:58:47 2009
New Revision: 890591
URL: http://svn.apache.org/viewvc?rev=890591&view=rev
Log:
TUSCANY-3389 - Providing different http status code depending on the authentication/authorization error. 401 when user could not be authenticated, 403 when user was authenticated but it does not have the proper role to execute the operation
Modified:
tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
Modified: tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java?rev=890591&r1=890590&r2=890591&view=diff
==============================================================================
--- tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java (original)
+++ tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java Tue Dec 15 00:58:47 2009
@@ -97,7 +97,9 @@
handleServiceRequest(request, response);
} catch(RuntimeException re) {
- if (re.getCause() instanceof javax.security.auth.login.LoginException) {
+ if (re.getCause() instanceof javax.security.auth.login.FailedLoginException) {
+ response.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }else if (re.getCause() instanceof javax.security.auth.login.LoginException) {
response.setHeader("WWW-Authenticate", "BASIC realm=\"" + "ldap-realm" + "\"");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
Modified: tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java?rev=890591&r1=890590&r2=890591&view=diff
==============================================================================
--- tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java (original)
+++ tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java Tue Dec 15 00:58:47 2009
@@ -24,7 +24,9 @@
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
import javax.security.jacc.WebRoleRefPermission;
import org.apache.geronimo.security.ContextManager;
@@ -34,7 +36,6 @@
import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy;
import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler;
import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil;
-import org.osoa.sca.ServiceRuntimeException;
public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler {
@@ -86,13 +87,19 @@
CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject);
/* Uses Geronimo to login */
- LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+ try {
+ LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+
+ authenticatedSubject = geronimoLoginContext.getSubject();
+ ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
+ if (authenticatedSubject != null) {
+ //TODO: add authenticated subject to the msg header ?
+ }
- authenticatedSubject = geronimoLoginContext.getSubject();
- ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
- if (authenticatedSubject != null) {
- //TODO: add authenticated subject to the msg header ?
+ } catch(LoginException le) {
+ throw new FailedLoginException("Login failed: " + le.getMessage());
}
+
}
AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0);