You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by lr...@apache.org on 2009/12/15 01:58:48 UTC

svn commit: r890591 - in /tuscany/sca-java-1.x/trunk/modules: binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/ policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/

Author: lresende
Date: Tue Dec 15 00:58:47 2009
New Revision: 890591

URL: http://svn.apache.org/viewvc?rev=890591&view=rev
Log:
TUSCANY-3389 - Providing different http status code depending on the authentication/authorization error. 401 when user could not be authenticated, 403 when user was authenticated but it does not have the proper role to execute the operation

Modified:
    tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
    tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java

Modified: tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java?rev=890591&r1=890590&r2=890591&view=diff
==============================================================================
--- tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java (original)
+++ tuscany/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java Tue Dec 15 00:58:47 2009
@@ -97,7 +97,9 @@
                 handleServiceRequest(request, response);
                 
             } catch(RuntimeException re) {
-                if (re.getCause() instanceof javax.security.auth.login.LoginException) {
+                if (re.getCause() instanceof javax.security.auth.login.FailedLoginException) {
+                    response.sendError(HttpServletResponse.SC_FORBIDDEN);                    
+                }else if (re.getCause() instanceof javax.security.auth.login.LoginException) {
                     response.setHeader("WWW-Authenticate", "BASIC realm=\"" + "ldap-realm" + "\"");
                     response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                 }

Modified: tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
URL: http://svn.apache.org/viewvc/tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java?rev=890591&r1=890590&r2=890591&view=diff
==============================================================================
--- tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java (original)
+++ tuscany/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java Tue Dec 15 00:58:47 2009
@@ -24,7 +24,9 @@
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.security.jacc.WebRoleRefPermission;
 
 import org.apache.geronimo.security.ContextManager;
@@ -34,7 +36,6 @@
 import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy;
 import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler;
 import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil;
-import org.osoa.sca.ServiceRuntimeException;
 
 public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler {
 
@@ -86,13 +87,19 @@
             CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject);
 
             /* Uses Geronimo to login */
-            LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+            try {
+                LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+                
+                authenticatedSubject = geronimoLoginContext.getSubject();
+                ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
+                if (authenticatedSubject != null) {
+                    //TODO: add authenticated subject to the msg header ?
+                }
 
-            authenticatedSubject = geronimoLoginContext.getSubject();
-            ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
-            if (authenticatedSubject != null) {
-                //TODO: add authenticated subject to the msg header ?
+            } catch(LoginException le) {
+                throw new FailedLoginException("Login failed: " + le.getMessage());
             }
+
         }
 
         AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0);