From e569f70dd1cc95ee8d30970389b718c529039261 Mon Sep 17 00:00:00 2001
From: lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68>
Date: Tue, 15 Dec 2009 00:58:47 +0000
Subject: TUSCANY-3389 - Providing different http status code depending on the
 authentication/authorization error. 401 when user could not be authenticated,
 403 when user was authenticated but it does not have the proper role to
 execute the operation

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@890591 13f79535-47bb-0310-9956-ffa450edef68
---
 .../geronimo/GeronimoLDAPSecurityHandler.java         | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'sca-java-1.x/trunk/modules/policy-security-geronimo/src')

diff --git a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
index 38cad3c0cd..89faccd699 100644
--- a/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
+++ b/sca-java-1.x/trunk/modules/policy-security-geronimo/src/main/java/org/apache/tuscany/sca/policy/security/geronimo/GeronimoLDAPSecurityHandler.java
@@ -24,7 +24,9 @@ import java.util.List;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.security.jacc.WebRoleRefPermission;
 
 import org.apache.geronimo.security.ContextManager;
@@ -34,7 +36,6 @@ import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationCallba
 import org.apache.tuscany.sca.policy.security.http.LDAPRealmAuthenticationPolicy;
 import org.apache.tuscany.sca.policy.security.http.extensibility.LDAPSecurityHandler;
 import org.apache.tuscany.sca.policy.security.http.util.HttpSecurityUtil;
-import org.osoa.sca.ServiceRuntimeException;
 
 public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler {
 
@@ -86,13 +87,19 @@ public class GeronimoLDAPSecurityHandler implements LDAPSecurityHandler {
             CallbackHandler callbackHandler = new LDAPRealmAuthenticationCallbackHandler(subject);
 
             /* Uses Geronimo to login */
-            LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+            try {
+                LoginContext geronimoLoginContext = ContextManager.login(authenticationPolicy.getRealmConfigurationName(), callbackHandler);
+                
+                authenticatedSubject = geronimoLoginContext.getSubject();
+                ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
+                if (authenticatedSubject != null) {
+                    //TODO: add authenticated subject to the msg header ?
+                }
 
-            authenticatedSubject = geronimoLoginContext.getSubject();
-            ContextManager.setCallers(authenticatedSubject, authenticatedSubject);
-            if (authenticatedSubject != null) {
-                //TODO: add authenticated subject to the msg header ?
+            } catch(LoginException le) {
+                throw new FailedLoginException("Login failed: " + le.getMessage());
             }
+
         }
 
         AuthorizationPolicy authorizationPolicy = authorizationPolicies.get(0);
-- 
cgit v1.2.3