add a switch to turn on / off arbac02 checks.
diff --git a/src/main/java/org/apache/directory/fortress/rest/SecUtils.java b/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
index 3172ba6..4d3981a 100644
--- a/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
+++ b/src/main/java/org/apache/directory/fortress/rest/SecUtils.java
@@ -59,61 +59,58 @@
*
* @param fortRequest Used to carry the session and other data.
* @param httpRequest Used to get the security principal.
- * @return Response containing the RBAC session object if found or error, otherwise (not arbac02 not enabled) return NULL value.
+ * @return Response will contain the RBAC session object (if found) or a system error if a problem in the get. If arbac02 isn't enabled, it will return a NULL.
*/
static FortResponse initializeSession(FortRequest fortRequest, HttpServletRequest httpRequest)
{
Session realmSession;
FortResponse fortResponse = null;
- try
+ // Have the fortress arbac02 runtime checks been enabled?.
+ if (Config.getInstance().getBoolean("is.arbac02"))
{
- // Only grab RBAC session from realm if needed for ARBAC02 checks later on.
- if (Config.getInstance().getBoolean("is.arbac02"))
+ if (httpRequest == null)
{
- if (httpRequest == null)
+ // Improper container config.
+ fortResponse = new FortResponse();
+ fortResponse.setErrorCode(GlobalErrIds.REST_NULL_HTTP_REQ_ERR);
+ fortResponse.setErrorMessage("initializeSession detected null HTTP Request");
+ fortResponse.setHttpStatus(403);
+ }
+ else
+ {
+ try
{
- fortResponse = new FortResponse();
- fortResponse.setErrorCode(GlobalErrIds.REST_NULL_HTTP_REQ_ERR);
- fortResponse.setErrorMessage("initializeSession detected null HTTP Request");
- fortResponse.setHttpStatus(403);
- }
- else
- {
- try
+ // Get the security principal from the runtime.
+ String szPrincipal = httpRequest.getUserPrincipal().toString();
+ // This has to happen before it can be used by Fortress.
+ realmSession = j2eePolicyMgr.deserialize(szPrincipal);
+ if (realmSession != null)
{
- String szPrincipal = httpRequest.getUserPrincipal().toString();
- realmSession = j2eePolicyMgr.deserialize(szPrincipal);
- if (realmSession != null)
- {
- fortRequest.setSession(realmSession);
- }
- else
- {
- String error = "initializeSession couldn't get a Security Session from the runtime.";
- fortResponse = new FortResponse();
- fortResponse.setErrorCode(GlobalErrIds.USER_SESS_NULL);
- fortResponse.setErrorMessage(error);
- fortResponse.setHttpStatus(403);
- LOG.info(error);
- }
+ // The RBAC Session successfully grabbed from the container.
+ fortRequest.setSession(realmSession);
}
- catch (SecurityException se)
+ else
{
- String error = "initializeSession caught SecurityException=" + se.getMessage();
+ String error = "initializeSession couldn't get a Security Session.";
fortResponse = new FortResponse();
- LOG.info(error);
- fortResponse.setErrorCode(se.getErrorId());
+ fortResponse.setErrorCode(GlobalErrIds.USER_SESS_NULL);
fortResponse.setErrorMessage(error);
- fortResponse.setHttpStatus(se.getHttpStatus());
+ fortResponse.setHttpStatus(403);
+ LOG.info(error);
}
}
+ catch (SecurityException se)
+ {
+ // A problem deserializing the security principal.
+ String error = "initializeSession caught SecurityException=" + se.getMessage();
+ fortResponse = new FortResponse();
+ LOG.info(error);
+ fortResponse.setErrorCode(se.getErrorId());
+ fortResponse.setErrorMessage(error);
+ fortResponse.setHttpStatus(se.getHttpStatus());
+ }
}
}
- catch (java.util.NoSuchElementException e )
- {
- // Means the config property to turn on/off delegated admin checks wasn't present. Allow the request to continue.
- LOG.info("ARBAC02 checks not enforced on the current request.");
- }
return fortResponse;
}
}
\ No newline at end of file
