diff options
author | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-12-15 00:58:47 +0000 |
---|---|---|
committer | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2009-12-15 00:58:47 +0000 |
commit | e569f70dd1cc95ee8d30970389b718c529039261 (patch) | |
tree | 7aa918ed1b8909f2d827141de1b991ec56eb031b /sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security | |
parent | 4b42a1046edff7739d01f551704d5ad1112a7620 (diff) |
TUSCANY-3389 - Providing different http status code depending on the authentication/authorization error. 401 when user could not be authenticated, 403 when user was authenticated but it does not have the proper role to execute the operation
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@890591 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security')
-rw-r--r-- | sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java index 38cad3c0cd..89faccd699 100644 --- a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java +++ b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java @@ -24,7 +24,9 @@ import java.util.List; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import javax.security.jacc.WebRoleRefPermission; import org.apache.geronimo.security.ContextManager; @@ -34,7 +36,6 @@ import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationCallba import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; -import org.osoa.sca.ServiceRuntimeException; public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler { @@ -86,13 +87,19 @@ public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler { CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); /* Uses Geronimo to login */ - LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + try { + LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + + authenticatedSubject = geronimoLoginContext.getSubject(); + ContextManager.setCallers(authenticatedSubject, authenticatedSubject); + if (authenticatedSubject != null) { + //TODO: add authenticated subject to the msg header ? + } - authenticatedSubject = geronimoLoginContext.getSubject(); - ContextManager.setCallers(authenticatedSubject, authenticatedSubject); - if (authenticatedSubject != null) { - //TODO: add authenticated subject to the msg header ? + } catch(LoginException le) { + throw new FailedLoginException("Login failed: " + le.getMessage()); } + } AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); |