summaryrefslogtreecommitdiffstats
path: root/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java
diff options
context:
space:
mode:
Diffstat (limited to 'branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java')
-rw-r--r--branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java82
1 files changed, 7 insertions, 75 deletions
diff --git a/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java b/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java
index 47af843eb4..373063fece 100644
--- a/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java
+++ b/branches/sca-java-1.x/modules/policy-security-http/src/main/java/org/apache/tuscany/sca/policy/security/http/LDAPRealmAuthenticationInterceptor.java
@@ -19,33 +19,29 @@
package org.apache.tuscany.sca.policy.security.http;
-import java.security.AccessControlContext;
import java.util.List;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginContext;
-import javax.security.jacc.WebRoleRefPermission;
-
-import org.apache.geronimo.security.ContextManager;
import org.apache.tuscany.sca.invocation.Interceptor;
import org.apache.tuscany.sca.invocation.Invoker;
import org.apache.tuscany.sca.invocation.Message;
import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy;
-import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil;
+import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler;
import org.osoa.sca.ServiceRuntimeException;
/**
* @version $Rev$ $Date$
*/
public class LDAPRealmAuthenticationInterceptor implements Interceptor {
+ private LDAPSecurityHandler securityHandler;
private List<LDAPRealmAuthenticationPolicy> authenticationPolicies;
private List<AuthorizationPolicy> authorizationPolicies;
private Invoker next;
- public LDAPRealmAuthenticationInterceptor(List<LDAPRealmAuthenticationPolicy> authenticationPolicies,
+ public LDAPRealmAuthenticationInterceptor(LDAPSecurityHandler securityHandler,
+ List<LDAPRealmAuthenticationPolicy> authenticationPolicies,
List<AuthorizationPolicy> authorizationPolicies) {
super();
+ this.securityHandler = securityHandler;
this.authenticationPolicies = authenticationPolicies;
this.authorizationPolicies = authorizationPolicies;
}
@@ -59,76 +55,12 @@ public class LDAPRealmAuthenticationInterceptor implements Interceptor {
}
public Message invoke(Message msg) {
- Subject subject = null;
- Subject authenticatedSubject = null;
-
try {
- // Perform user authentication
- LDAPRealmAuthenticationPolicy authenticationPolicy = authenticationPolicies.get(0);
- if( authenticationPolicy != null) {
- subject = HttpSecurityUtil.getSubject(msg);
- CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject);
-
- /* This bypass Java EE */
- LoginContext lc = new LoginContext(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
- lc.login();
-
-
- /* Uses Geronimo to login */
- /*
- LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
-
- authenticatedSubject = geronimoLoginContext.getSubject();
- ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
- if (authenticatedSubject != null) {
- //TODO: add authenticated subject to the msg header ?
- }
- */
- }
-
- AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0);
- if(authorizationPolicy != null) {
- if(authorizationPolicy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) {
- /* Geronimo Specific code */
- /*
- AccessControlContext acc = ContextManager.getCurrentContext();
-
- boolean isAllowed = false;
- for (String requiredRole : authorizationPolicy.getRoleNames()) {
- isAllowed = isUserInRole(acc, requiredRole);
- if(isAllowed) {
- break;
- }
- }
-
- if(! isAllowed ) {
- throw new javax.security.auth.login.LoginException("Insufficient access rights !");
- }
- */
- }
-
- }
+ securityHandler.handleSecurity(msg, authenticationPolicies, authorizationPolicies);
} catch (Exception e) {
throw new ServiceRuntimeException(e);
}
return getNext().invoke(msg);
}
-
- public boolean isUserInRole(AccessControlContext acc, String role) {
- /* Geronimo Specific code */
- /*
-
- try {
- acc.checkPermission(new WebRoleRefPermission("", role));
- } catch (Exception e) {
- System.out.println(">>> NO : " + e.getMessage());
- return false;
- }
-
- return true;
- */
-
- return false;
- }
-}
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 07:36:39 +0000