|
Glassfish example source code file (CommonServerSecurityPipe.java)
The Glassfish CommonServerSecurityPipe.java source code/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved. * * The contents of this file are subject to the terms of either the GNU * General Public License Version 2 only ("GPL") or the Common Development * and Distribution License("CDDL") (collectively, the "License"). You * may not use this file except in compliance with the License. You can * obtain a copy of the License at * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html * or packager/legal/LICENSE.txt. See the License for the specific * language governing permissions and limitations under the License. * * When distributing the software, include this License Header Notice in each * file and include the License file at packager/legal/LICENSE.txt. * * GPL Classpath Exception: * Oracle designates this particular file as subject to the "Classpath" * exception as provided by Oracle in the GPL Version 2 section of the License * file that accompanied this code. * * Modifications: * If applicable, add the following below the License Header, with the fields * enclosed by brackets [] replaced by your own identifying information: * "Portions Copyright [year] [name of copyright owner]" * * Contributor(s): * If you wish your version of this file to be governed by only the CDDL or * only the GPL Version 2, indicate your decision by adding "[Contributor] * elects to include this software in this distribution under the [CDDL or GPL * Version 2] license." If you don't indicate a single choice of license, a * recipient has the option to distribute your version of this file under * either the CDDL, the GPL Version 2 or to extend the choice of license to * its licensees as provided above. However, if you add GPL Version 2 code * and therefore, elected the GPL Version 2 license, then the option applies * only if the new code is made subject to such option by the copyright * holder. */ package org.glassfish.webservices; import com.sun.enterprise.util.LocalStringManagerImpl; import com.sun.logging.LogDomains; import com.sun.xml.ws.api.message.Packet; import com.sun.xml.ws.api.pipe.Pipe; import com.sun.xml.ws.api.pipe.PipeCloner; import com.sun.xml.ws.api.pipe.helper.AbstractFilterPipeImpl; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; import javax.security.auth.Subject; import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; //import com.sun.enterprise.security.jmac.PacketMessageInfo; //import com.sun.enterprise.security.jmac.PacketMapMessageInfo; //import com.sun.enterprise.security.jmac.config.PipeHelper; // //import javax.security.auth.Subject; //import javax.security.auth.message.config.*; //import javax.security.auth.message.AuthException; //import javax.security.auth.message.AuthStatus; import javax.xml.ws.WebServiceException; /** * This pipe is used to do 196 security */ public class CommonServerSecurityPipe{ //extends AbstractFilterPipeImpl { // /*protected static final Logger _logger = LogDomains.getLogger( CommonServerSecurityPipe.class, // LogDomains.SECURITY_LOGGER); // protected static final LocalStringManagerImpl localStrings = // new LocalStringManagerImpl(CommonServerSecurityPipe.class); // // private final boolean isHttpBinding; // // private PipeHelper helper; // // CommonServerSecurityPipe(Map props, final Pipe next, // boolean isHttpBinding) { // // super(next); // // props.put(PipeConstants.SECURITY_PIPE,this); // // this.helper = new PipeHelper(PipeConstants.SOAP_LAYER,props,null); // // this.isHttpBinding = isHttpBinding; // // } // // protected CommonServerSecurityPipe(CommonServerSecurityPipe that, // PipeCloner cloner) { // // super(that, cloner); // // we can share the helper for all pipes so that the remove // // registration (in server side) can be done properly // this.helper = that.helper; // // this.isHttpBinding = that.isHttpBinding; // // } // // *//** // * This method is called once in server side and at most one in client side. // *//* // public void preDestroy() { // helper.disable(); // } // // *//** // * This is used in creating subsequent pipes. // *//* // public Pipe copy(PipeCloner cloner) { // return new CommonServerSecurityPipe(this, cloner); // } // // public Packet process(Packet request) { // // if (isHttpBinding) { // return next.process(request); // } // // Packet response = null; // // try { // // response = processRequest(request); // // } catch(Exception e) { // if (_logger.isLoggable(Level.FINE)) { // _logger.log(Level.FINE, "Failure in security pipe process", e); // } // response = helper.makeFaultResponse(response,e); // } // // return response; // } // // private Packet processRequest(Packet request) throws Exception { // // AuthStatus status = AuthStatus.SUCCESS; // // PacketMessageInfo info= new PacketMapMessageInfo(request,new Packet()); // // // XXX at this time, we expect the server subject to be null // // Subject serverSubject = (Subject) // request.invocationProperties.get(PipeConstants.SERVER_SUBJECT); // // //could change the request packet // ServerAuthContext sAC = // helper.getServerAuthContext(info,serverSubject); // // Subject clientSubject = getClientSubject(request); // // final Packet validatedRequest; // // try { // // if (sAC != null) { // // // client subject must not be null // // and when return status is SUCCESS, module // // must have called handler.handle(CallerPrincipalCallback) // // status = sAC.validateRequest(info,clientSubject,serverSubject); // // } // } catch(Exception e) { // // _logger.log(Level.SEVERE,"ws.error_validate_request", e); // // WebServiceException wse = new WebServiceException // (localStrings.getLocalString // ("enterprise.webservice.cantValidateRequest", // "Cannot validate request for {0}", // new Object[] { helper.getModelName() }),e); // // //set status for audit // status = AuthStatus.SEND_FAILURE; // // // if unable to determine if two-way will return empty response // return helper.getFaultResponse // (info.getRequestPacket(),info.getResponsePacket(),wse); // // } finally { // // validatedRequest = info.getRequestPacket(); // helper.auditInvocation(validatedRequest,status); // } // // Packet response = null; // // if (status == AuthStatus.SUCCESS) { // // boolean authorized = false; // // try { // // helper.authorize(validatedRequest); // // authorized = true; // // } catch (Exception e) { // // not authorized, construct fault and proceded // response = helper.getFaultResponse // (validatedRequest,info.getResponsePacket(),e); // } // // if (authorized) { // // // only do doAdPriv if SecurityManager is in effect // if (System.getSecurityManager() == null) { // try { // // proceed to invoke the endpoint // response = next.process(validatedRequest); // } catch (Exception e) { // if (e instanceof AuthException){ // _logger.log(Level.SEVERE,"ws.error_next_pipe", e); // } // response = helper.getFaultResponse // (validatedRequest,info.getResponsePacket(),e); // } // } else { // try { // response = (Packet)Subject.doAsPrivileged // (clientSubject,new PrivilegedExceptionAction() { // public Object run() throws Exception { // // proceed to invoke the endpoint // return next.process(validatedRequest); // } // }, null); // } catch (PrivilegedActionException pae) { // Throwable cause = pae.getCause(); // if (cause instanceof AuthException){ // _logger.log(Level.SEVERE,"ws.error_next_pipe", cause); // } // response = helper.getFaultResponse // (validatedRequest,info.getResponsePacket(),cause); // } // } // } // // //pipes are not supposed to return a null response packet // if (response == null) { // // WebServiceException wse = new WebServiceException // (localStrings.getLocalString // ("enterprise.webservice.nullResponsePacket", // "Invocation of Service {0} returned null response packet", // new Object[] { helper.getModelName() })); // // response = helper.getFaultResponse // (validatedRequest,info.getResponsePacket(),wse); // // _logger.log(Level.SEVERE,"",wse); // // } // // // secure response, including if it is a fault // if (sAC != null && response.getMessage() != null) { // info.setResponsePacket(response); // response = processResponse(info, sAC, serverSubject); // } // // } else { // // validateRequest did not return success // if (_logger.isLoggable(Level.FINE)) { // _logger.log(Level.FINE,"ws.status_validate_request", status); // } // // even for one-way mep, may return response with non-empty message // response = info.getResponsePacket(); // } // // return response; // } // // // called when secureResponse is to be called // private Packet processResponse(PacketMessageInfo info, // ServerAuthContext sAC, // Subject serverSubject) throws Exception { // // AuthStatus status; // // try { // // status = sAC.secureResponse(info, serverSubject); // // } catch (Exception e) { // if (e instanceof AuthException) { // if (_logger.isLoggable(Level.INFO)) { // _logger.log(Level.INFO, "ws.error_secure_response", e); // } // } else { // _logger.log(Level.SEVERE, "ws.error_secure_response", e); // } // // return helper.makeFaultResponse(info.getResponsePacket(),e); // } // // if (_logger.isLoggable(Level.FINE)) { // _logger.log(Level.FINE,"ws.status_secure_response", status); // } // // return info.getResponsePacket(); // // } // // private static Subject getClientSubject(Packet p) { // // Subject s = null; // // if (p != null) { // // s =(Subject) // p.invocationProperties.get(PipeConstants.CLIENT_SUBJECT); // // } // if (s == null) { // // s = PipeHelper.getClientSubject(); // // if (p != null) { // p.invocationProperties.put(PipeConstants.CLIENT_SUBJECT,s); // } // } // // return s; // } } Other Glassfish examples (source code examples)Here is a short list of links related to this Glassfish CommonServerSecurityPipe.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.