View Javadoc

1   package org.astrogrid.security;
2   
3   import javax.security.auth.Subject;
4   import javax.security.auth.login.Configuration;
5   import javax.security.auth.login.FailedLoginException;
6   import javax.security.auth.login.LoginContext;
7   import javax.xml.rpc.handler.MessageContext;
8   import javax.xml.rpc.JAXRPCException;
9   import javax.xml.soap.SOAPMessage;
10  import org.astrogrid.security.jaas.SimpleLoginConfiguration;
11  
12  /***
13   * JAX-RPC handler for WSSE headers on the server side.
14   *
15   * This handler parses wsse:Security elements in incoming
16   * messages and uses the credentials therein to identify
17   * and authenticate the client.
18   *
19   * In the current implementation, authentication is by
20   * single-use passwords which are checked by reference to
21   * an external security-service. If credentials matching this
22   * pattern are not present then authentication fails; no
23   * attempt is made to use other credentials that may be present.
24   *
25   * @author Guy Rixon.
26   */
27  public class ServiceCredentialHandler extends CredentialHandler {
28  
29    /***
30     * Recover credentials from a message to a service.
31     *
32     * @param mc the context containing the message to which the
33     *          SOAP header-block is added.
34     *
35     * @return true, to allow further processing of the message.
36     *         This handler never returns false to stop processing.
37     *
38     * @throws JAXRPCException if the message context is inappropriate
39     *         JAXRPCException if the parsing of the header fails
40     */
41    public boolean handleRequest (MessageContext mc) throws JAXRPCException {
42      System.out.println("Entering ServiceCredentialHandler.handleRequest()");
43      SOAPMessage sm = this.getMessage(mc);
44      Subject s = new Subject();
45      mc.setProperty("Subject", s);
46  
47      try {
48        this.print("Parsing credentials...");
49        WsseHeaderElement.parse(sm, s);
50        this.print("Credentials were parsed successfully.");
51      }
52      catch (NoCredentialsException e1) {
53        // Don't authenticate.  Allow anonymous access.
54        this.print("No credentials were found. Access is anonymous.");
55        return true;
56      }
57      catch (Exception e2) {
58        throw new JAXRPCException("Failed to parse a WS-Security header", e2);
59      }
60  
61      try {
62        this.print("Attempting authentication...");
63        Configuration.setConfiguration(new SimpleLoginConfiguration());
64        LoginContext l = new LoginContext("", s);
65        l.login();
66        this.print("Authentication succeeded.");
67      }
68      catch (FailedLoginException e3) {
69        this.print("Authentication failed due to bad credentials.");
70        this.print(e3.getMessage());
71        this.print("Here's the rejected request:");
72        try {
73          sm.writeTo(System.out);
74        }
75        catch (Exception e4) {
76          // Ignore this.
77        }
78        System.out.println("");
79        throw new JAXRPCException("Authentication failed due to bad credentials", e3);
80      }
81      catch (Exception e5) {
82  	  this.print("Authentication failed due to internal system error.");
83  	  this.print(e5.getMessage());
84  	  throw new JAXRPCException("Authentication failed " +
85  	                            "due to internal system error", e5);
86      }
87  
88      return true;
89    }
90  
91    /***
92     * Logs a message from this handler.
93     */
94    private void print (String message) {
95  	System.out.println("ServiceCredentialHandler.handleRequest(): " + message);
96    }
97  
98  }