diff options
2 files changed, 16 insertions, 7 deletions
diff --git a/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java b/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java index a6ccd195ae..346a51e5e7 100644 --- a/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java +++ b/sca-java-1.x/trunk/modules/binding-jsonrpc-runtime/src/main/java/org/apache/tuscany/sca/binding/jsonrpc/provider/JSONRPCServiceServlet.java @@ -97,7 +97,9 @@ public class JSONRPCServiceServlet extends JSONRPCServlet { handleServiceRequest(request, response); } catch(RuntimeException re) { - if (re.getCause() instanceof javax.security.auth.login.LoginException) { + if (re.getCause() instanceof javax.security.auth.login.FailedLoginException) { + response.sendError(HttpServletResponse.SC_FORBIDDEN); + }else if (re.getCause() instanceof javax.security.auth.login.LoginException) { response.setHeader("WWW-Authenticate", "BASIC realm=\"" + "ldap-realm" + "\""); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); } diff --git a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java index 38cad3c0cd..89faccd699 100644 --- a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java +++ b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java @@ -24,7 +24,9 @@ import java.util.List; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import javax.security.jacc.WebRoleRefPermission; import org.apache.geronimo.security.ContextManager; @@ -34,7 +36,6 @@ import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationCallba import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy; import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler; import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil; -import org.osoa.sca.ServiceRuntimeException; public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler { @@ -86,13 +87,19 @@ public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler { CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject); /* Uses Geronimo to login */ - LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + try { + LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler); + + authenticatedSubject = geronimoLoginContext.getSubject(); + ContextManager.setCallers(authenticatedSubject, authenticatedSubject); + if (authenticatedSubject != null) { + //TODO: add authenticated subject to the msg header ? + } - authenticatedSubject = geronimoLoginContext.getSubject(); - ContextManager.setCallers(authenticatedSubject, authenticatedSubject); - if (authenticatedSubject != null) { - //TODO: add authenticated subject to the msg header ? + } catch(LoginException le) { + throw new FailedLoginException("Login failed: " + le.getMessage()); } + } AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0); |