You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ga...@apache.org on 2009/01/07 05:16:10 UTC
svn commit: r732217 - in /geronimo/server/trunk/plugins:
axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/
axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/
axis2/geronimo-axis2-ejb/src/main/java/org/apache/gero...
Author: gawor
Date: Tue Jan 6 20:16:09 2009
New Revision: 732217
URL: http://svn.apache.org/viewvc?rev=732217&view=rev
Log:
support for specifying a list of http methods that should be secured for ejb-based web services (GERONIMO-4015)
Modified:
geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java
geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java
geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
geronimo/server/trunk/plugins/openejb/geronimo-openejb-builder/src/main/xsd/geronimo-openejb-2.0.xsd
geronimo/server/trunk/plugins/openejb/openejb/src/main/resources/schema/openejb-jar-2.2.xsd
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis-builder/src/main/java/org/apache/geronimo/axis/builder/AxisModuleBuilderExtension.java Tue Jan 6 20:16:09 2009
@@ -152,6 +152,12 @@
if (wsSecurity.getRealmName() != null) {
ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());
}
+ List<String> methods = wsSecurity.getHttpMethod();
+ if (methods != null && !methods.isEmpty()) {
+ String[] protectedMethods = new String[methods.size()];
+ protectedMethods = methods.toArray(protectedMethods);
+ ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
+ }
}
}
Modified: geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis/geronimo-axis/src/main/java/org/apache/geronimo/axis/server/EjbWebServiceGBean.java Tue Jan 6 20:16:09 2009
@@ -48,6 +48,7 @@
String realmName,
String transportGuarantee,
String authMethod,
+ String[] protectedMethods,
String[] virtualHosts) throws Exception {
this.soapHandler = soapHandler;
@@ -73,7 +74,7 @@
AxisWebServiceContainer axisContainer = new AxisWebServiceContainer(location, wsdlURI, service, serviceInfo.getWsdlMap(), classLoader);
if (soapHandler != null) {
- soapHandler.addWebService(location.getPath(), virtualHosts, axisContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+ soapHandler.addWebService(location.getPath(), virtualHosts, axisContainer, securityRealmName, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
}
}
@@ -106,6 +107,7 @@
infoFactory.addAttribute("transportGuarantee", String.class, true);
infoFactory.addAttribute("authMethod", String.class, true);
infoFactory.addAttribute("serviceInfo", ServiceInfo.class, true);
+ infoFactory.addAttribute("protectedMethods", String[].class, true);
infoFactory.addAttribute("virtualHosts", String[].class, true);
infoFactory.addReference("WebServiceContainer", SoapHandler.class);
@@ -119,6 +121,7 @@
"realmName",
"transportGuarantee",
"authMethod",
+ "protectedMethods",
"virtualHosts"
});
Modified: geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/axis2/geronimo-axis2-ejb/src/main/java/org/apache/geronimo/axis2/ejb/EJBWebServiceGBean.java Tue Jan 6 20:16:09 2009
@@ -49,6 +49,7 @@
String realmName,
String transportGuarantee,
String authMethod,
+ String[] protectedMethods,
String[] virtualHosts) throws Exception {
if (ejbDeploymentContext == null || soapHandler == null || portInfo == null) {
return;
@@ -77,6 +78,7 @@
realmName,
transportGuarantee,
authMethod,
+ protectedMethods,
classLoader);
}
@@ -110,6 +112,7 @@
infoFactory.addAttribute("realmName", String.class, true);
infoFactory.addAttribute("transportGuarantee", String.class, true);
infoFactory.addAttribute("authMethod", String.class, true);
+ infoFactory.addAttribute("protectedMethods", String[].class, true);
infoFactory.addAttribute("virtualHosts", String[].class, true);
infoFactory.addReference("WebServiceContainer", SoapHandler.class);
@@ -123,6 +126,7 @@
"realmName",
"transportGuarantee",
"authMethod",
+ "protectedMethods",
"virtualHosts"
});
Modified: geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java (original)
+++ geronimo/server/trunk/plugins/cxf/geronimo-cxf-ejb/src/main/java/org/apache/geronimo/cxf/ejb/EJBWebServiceGBean.java Tue Jan 6 20:16:09 2009
@@ -50,6 +50,7 @@
String realmName,
String transportGuarantee,
String authMethod,
+ String[] protectedMethods,
String[] virtualHosts) throws Exception {
if (ejbDeploymentContext == null || soapHandler == null || portInfo == null) {
return;
@@ -83,6 +84,7 @@
realmName,
transportGuarantee,
authMethod,
+ protectedMethods,
classLoader);
}
@@ -116,6 +118,7 @@
infoFactory.addAttribute("realmName", String.class, true);
infoFactory.addAttribute("transportGuarantee", String.class, true);
infoFactory.addAttribute("authMethod", String.class, true);
+ infoFactory.addAttribute("protectedMethods", String[].class, true);
infoFactory.addAttribute("virtualHosts", String[].class, true);
infoFactory.addReference("WebServiceContainer", SoapHandler.class);
@@ -129,6 +132,7 @@
"realmName",
"transportGuarantee",
"authMethod",
+ "protectedMethods",
"virtualHosts"
});
Modified: geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java (original)
+++ geronimo/server/trunk/plugins/jaxws/geronimo-jaxws-ejb-builder/src/main/java/org/apache/geronimo/jaxws/builder/JAXWSEJBModuleBuilderExtension.java Tue Jan 6 20:16:09 2009
@@ -161,6 +161,12 @@
if (wsSecurity.getRealmName() != null) {
ejbWebServiceGBean.setAttribute("realmName", wsSecurity.getRealmName().trim());
}
+ List<String> methods = wsSecurity.getHttpMethod();
+ if (methods != null && !methods.isEmpty()) {
+ String[] protectedMethods = new String[methods.size()];
+ protectedMethods = methods.toArray(protectedMethods);
+ ejbWebServiceGBean.setAttribute("protectedMethods", protectedMethods);
+ }
}
}
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyContainerImpl.java Tue Jan 6 20:16:09 2009
@@ -229,9 +229,9 @@
}
}
- public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception {
+ public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) throws Exception {
InternalJAASJettyRealm internalJAASJettyRealm = securityRealmName == null ? null : addRealm(securityRealmName);
- JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, classLoader);
+ JettyEJBWebServiceContext webServiceContext = new JettyEJBWebServiceContext(contextPath, webServiceContainer, internalJAASJettyRealm, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
webServiceContext.setVirtualHosts(virtualHosts);
addContext(webServiceContext);
webServiceContext.start();
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/main/java/org/apache/geronimo/jetty6/JettyEJBWebServiceContext.java Tue Jan 6 20:16:09 2009
@@ -22,7 +22,9 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -72,11 +74,12 @@
private final boolean isConfidentialTransportGuarantee;
private final boolean isIntegralTransportGuarantee;
private final ClassLoader classLoader;
+ private final Set<String> secureMethods;
-
- public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
+ public JettyEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, InternalJAASJettyRealm internalJAASJettyRealm, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) {
this.contextPath = contextPath;
this.webServiceContainer = webServiceContainer;
+ this.secureMethods = initSecureMethods(protectedMethods);
this.setContextPath(contextPath);
if (internalJAASJettyRealm != null) {
@@ -117,6 +120,29 @@
this.classLoader = classLoader;
}
+ private Set<String> initSecureMethods(String[] protectedMethods) {
+ if (protectedMethods == null) {
+ return null;
+ }
+ Set<String> methods = null;
+ for (String method : protectedMethods) {
+ if (method == null) {
+ continue;
+ }
+ method = method.trim();
+ if (method.length() == 0) {
+ continue;
+ }
+ method = method.toUpperCase();
+
+ if (methods == null) {
+ methods = new HashSet<String>();
+ }
+ methods.add(method);
+ }
+ return methods;
+ }
+
public String getName() {
//need a better name
return contextPath;
@@ -130,6 +156,18 @@
if (! target.startsWith(contextPath)) {
return;
}
+
+ Thread currentThread = Thread.currentThread();
+ ClassLoader oldClassLoader = currentThread.getContextClassLoader();
+ currentThread.setContextClassLoader(classLoader);
+ try {
+ handle(req, res);
+ } finally {
+ currentThread.setContextClassLoader(oldClassLoader);
+ }
+ }
+
+ private void handle(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
Request jettyRequest = (Request) req;
Response jettyResponse = (Response) res;
res.setContentType("text/xml");
@@ -141,18 +179,9 @@
// TODO: add support for context
request.setAttribute(WebServiceContainer.SERVLET_CONTEXT, null);
- if (req.getParameter("wsdl") != null) {
- try {
- webServiceContainer.getWsdl(request, response);
- jettyRequest.setHandled(true);
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- throw (HttpException) new HttpException(500, "Could not fetch wsdl!").initCause(e);
- }
- } else {
+ if (secureMethods == null || secureMethods.contains(req.getMethod())) {
if (isConfidentialTransportGuarantee) {
- if (!req.isSecure()) {
+ if (!jettyRequest.isSecure()) {
throw new HttpException(403, null);
}
} else if (isIntegralTransportGuarantee) {
@@ -160,39 +189,43 @@
throw new HttpException(403, null);
}
}
- Thread currentThread = Thread.currentThread();
- ClassLoader oldClassLoader = currentThread.getContextClassLoader();
- currentThread.setContextClassLoader(classLoader);
- //hard to imagine this could be anything but null, but....
-// Subject oldSubject = ContextManager.getCurrentCaller();
- try {
- if (authenticator != null) {
- String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath());
- if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) {
- throw new HttpException(403, null);
- }
- } else {
- //EJB will figure out correct defaultSubject shortly
- //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
- //setting the defaultSubject.
- ContextManager.popCallers(null);
- }
- try {
- webServiceContainer.invoke(request, response);
- jettyRequest.setHandled(true);
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
+ if (authenticator != null) {
+ String pathInContext = org.mortbay.util.URIUtil.canonicalPath(req.getContextPath());
+ if (authenticator.authenticate(realm, pathInContext, jettyRequest, jettyResponse) == null) {
+ throw new HttpException(403, null);
}
- } finally {
-// ContextManager.setCurrentCaller(oldSubject);
- currentThread.setContextClassLoader(oldClassLoader);
+ } else {
+ //EJB will figure out correct defaultSubject shortly
+ //TODO consider replacing the GenericEJBContainer.DefaultSubjectInterceptor with this line
+ //setting the defaultSubject.
+ ContextManager.popCallers(null);
+ }
+ }
+ if (isWSDLRequest(req)) {
+ try {
+ webServiceContainer.getWsdl(request, response);
+ jettyRequest.setHandled(true);
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw (HttpException) new HttpException(500, "Could not fetch wsdl!").initCause(e);
+ }
+ } else {
+ try {
+ webServiceContainer.invoke(request, response);
+ jettyRequest.setHandled(true);
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw (HttpException) new HttpException(500, "Could not process message!").initCause(e);
}
}
-
}
+ private boolean isWSDLRequest(HttpServletRequest req) {
+ return ("GET".equals(req.getMethod()) && (req.getParameter("wsdl") != null || req.getParameter("xsd") != null));
+ }
+
public String getContextPath() {
return contextPath;
}
Modified: geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/jetty/geronimo-jetty6/src/test/java/org/apache/geronimo/jetty6/ContainerTest.java Tue Jan 6 20:16:09 2009
@@ -46,7 +46,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null,cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
@@ -71,11 +71,11 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null,cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
String contextPath2 = "/bar/webservice.ws";
MockWebServiceContainer webServiceInvoker2 = new MockWebServiceContainer();
- container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null,cl);
+ container.addWebService(contextPath2, null, webServiceInvoker2, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL("http://localhost:5678" + contextPath).openConnection();
try {
Modified: geronimo/server/trunk/plugins/openejb/geronimo-openejb-builder/src/main/xsd/geronimo-openejb-2.0.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/openejb/geronimo-openejb-builder/src/main/xsd/geronimo-openejb-2.0.xsd?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/openejb/geronimo-openejb-builder/src/main/xsd/geronimo-openejb-2.0.xsd (original)
+++ geronimo/server/trunk/plugins/openejb/geronimo-openejb-builder/src/main/xsd/geronimo-openejb-2.0.xsd Tue Jan 6 20:16:09 2009
@@ -103,6 +103,7 @@
<xs:element name="realm-name" type="xs:string" minOccurs="0"/>
<xs:element name="transport-guarantee" type="openejb:transport-guaranteeType"/>
<xs:element name="auth-method" type="openejb:auth-methodType"/>
+ <xs:element name="http-method" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
Modified: geronimo/server/trunk/plugins/openejb/openejb/src/main/resources/schema/openejb-jar-2.2.xsd
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/openejb/openejb/src/main/resources/schema/openejb-jar-2.2.xsd?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/openejb/openejb/src/main/resources/schema/openejb-jar-2.2.xsd (original)
+++ geronimo/server/trunk/plugins/openejb/openejb/src/main/resources/schema/openejb-jar-2.2.xsd Tue Jan 6 20:16:09 2009
@@ -159,6 +159,7 @@
<xs:element name="realm-name" type="xs:string" minOccurs="0"/>
<xs:element name="transport-guarantee" type="tns:transportGuaranteeType"/>
<xs:element name="auth-method" type="tns:authMethodType"/>
+ <xs:element name="http-method" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatContainer.java Tue Jan 6 20:16:09 2009
@@ -401,8 +401,8 @@
embedded.removeConnector(connector);
}
- public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception {
- Context webServiceContext = embedded.createEJBWebServiceContext(contextPath, webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+ public void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) throws Exception {
+ Context webServiceContext = embedded.createEJBWebServiceContext(contextPath, webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
String virtualServer;
if (virtualHosts != null && virtualHosts.length > 0) {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatEJBWebServiceContext.java Tue Jan 6 20:16:09 2009
@@ -16,17 +16,17 @@
*/
package org.apache.geronimo.tomcat;
-
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -55,13 +55,12 @@
private final WebServiceContainer webServiceContainer;
private final boolean isSecureTransportGuarantee;
private final ClassLoader classLoader;
+ private final Set<String> secureMethods;
- public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) {
-
- super();
-
+ public TomcatEJBWebServiceContext(String contextPath, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) {
this.contextPath = contextPath;
this.webServiceContainer = webServiceContainer;
+ this.secureMethods = initSecureMethods(protectedMethods);
this.setPath(contextPath);
this.setDocBase("");
this.setParentClassLoader(classLoader);
@@ -99,8 +98,22 @@
//Setup a default Security Constraint
SecurityCollection collection = new SecurityCollection();
- collection.addMethod("GET");
- collection.addMethod("POST");
+ if (secureMethods == null) {
+ // protect all
+ collection.addMethod("GET");
+ collection.addMethod("POST");
+ collection.addMethod("PUT");
+ collection.addMethod("DELETE");
+ collection.addMethod("HEAD");
+ collection.addMethod("OPTIONS");
+ collection.addMethod("TRACE");
+ collection.addMethod("CONNECT");
+ } else {
+ // protect specified
+ for (String method : secureMethods) {
+ collection.addMethod(method);
+ }
+ }
collection.addPattern("/*");
collection.setName("default");
SecurityConstraint sc = new SecurityConstraint();
@@ -141,9 +154,43 @@
}
- public class EJBWebServiceValve extends ValveBase{
+ private Set<String> initSecureMethods(String[] protectedMethods) {
+ if (protectedMethods == null) {
+ return null;
+ }
+ Set<String> methods = null;
+ for (String method : protectedMethods) {
+ if (method == null) {
+ continue;
+ }
+ method = method.trim();
+ if (method.length() == 0) {
+ continue;
+ }
+ method = method.toUpperCase();
+
+ if (methods == null) {
+ methods = new HashSet<String>();
+ }
+ methods.add(method);
+ }
+ return methods;
+ }
+
+ public class EJBWebServiceValve extends ValveBase {
public void invoke(Request req, Response res) throws IOException, ServletException {
+ Thread currentThread = Thread.currentThread();
+ ClassLoader oldClassLoader = currentThread.getContextClassLoader();
+ currentThread.setContextClassLoader(classLoader);
+ try {
+ handle(req, res);
+ } finally {
+ currentThread.setContextClassLoader(oldClassLoader);
+ }
+ }
+
+ private void handle(Request req, Response res) throws IOException, ServletException {
res.setContentType("text/xml");
RequestAdapter request = new RequestAdapter(req);
ResponseAdapter response = new ResponseAdapter(res);
@@ -154,42 +201,39 @@
request.setAttribute(WebServiceContainer.SERVLET_CONTEXT, null);
req.finishRequest();
- if (req.getParameter("wsdl") != null) {
+
+ if (secureMethods == null || secureMethods.contains(req.getMethod())) {
+ if (isSecureTransportGuarantee && !req.isSecure()) {
+ res.sendError(403);
+ return;
+ }
+ }
+ if (isWSDLRequest(req)) {
try {
webServiceContainer.getWsdl(request, response);
//WHO IS RESPONSIBLE FOR CLOSING OUT?
} catch (IOException e) {
throw e;
} catch (Exception e) {
- log.error("Failed to get WSDL", e);
res.sendError(500,"Could not fetch wsdl!");
return;
}
} else {
- if (isSecureTransportGuarantee) {
- if (!req.isSecure()) {
- res.sendError(403);
- return;
- }
- }
- Thread currentThread = Thread.currentThread();
- ClassLoader oldClassLoader = currentThread.getContextClassLoader();
- currentThread.setContextClassLoader(classLoader);
try {
- try {
- webServiceContainer.invoke(request, response);
- req.finishRequest();
- } catch (IOException e) {
- throw e;
- } catch (Exception e) {
- res.sendError(500, "Could not process message!");
- }
- } finally {
- currentThread.setContextClassLoader(oldClassLoader);
+ webServiceContainer.invoke(request, response);
+ req.finishRequest();
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ res.sendError(500, "Could not process message!");
}
}
}
+ private boolean isWSDLRequest(Request req) {
+ return ("GET".equals(req.getMethod()) && (req.getParameter("wsdl") != null || req.getParameter("xsd") != null));
+ }
+
}
public static class RequestAdapter implements WebServiceContainer.Request {
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/main/java/org/apache/geronimo/tomcat/TomcatGeronimoEmbedded.java Tue Jan 6 20:16:09 2009
@@ -60,12 +60,13 @@
String realmName,
String transportGuarantee,
String authMethod,
+ String[] protectedMethods,
ClassLoader classLoader) {
if( log.isDebugEnabled() )
log.debug("Creating EJBWebService context '" + contextPath + "'.");
- TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, classLoader);
+ TomcatEJBWebServiceContext context = new TomcatEJBWebServiceContext(contextPath, webServiceContainer, securityRealmName, realmName, transportGuarantee, authMethod, protectedMethods, classLoader);
ContextConfig config = new ContextConfig();
config.setCustomAuthenticators(authenticators);
Modified: geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java (original)
+++ geronimo/server/trunk/plugins/tomcat/geronimo-tomcat6/src/test/java/org/apache/geronimo/tomcat/ContainerTest.java Tue Jan 6 20:16:09 2009
@@ -35,7 +35,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, null, null, null,null, cl);
+ container.addWebService(contextPath, null, webServiceInvoker, null, null, null, null, null, cl);
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
try {
BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
@@ -62,7 +62,7 @@
String contextPath = "/foo/webservice.ws";
MockWebServiceContainer webServiceInvoker = new MockWebServiceContainer();
- container.addWebService(contextPath, null, webServiceInvoker, securityRealmName, securityRealmName, "NONE", "BASIC", cl);
+ container.addWebService(contextPath, null, webServiceInvoker, securityRealmName, securityRealmName, "NONE", "BASIC", null, cl);
//Veryify its secured
HttpURLConnection connection = (HttpURLConnection) new URL(connector.getConnectUrl() + contextPath).openConnection();
Modified: geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java?rev=732217&r1=732216&r2=732217&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java (original)
+++ geronimo/server/trunk/plugins/webservices/geronimo-webservices/src/main/java/org/apache/geronimo/webservices/SoapHandler.java Tue Jan 6 20:16:09 2009
@@ -21,7 +21,7 @@
*/
public interface SoapHandler {
- void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, ClassLoader classLoader) throws Exception;
+ void addWebService(String contextPath, String[] virtualHosts, WebServiceContainer webServiceContainer, String securityRealmName, String realmName, String transportGuarantee, String authMethod, String[] protectedMethods, ClassLoader classLoader) throws Exception;
void removeWebService(String contextPath);