[wsas-java-dev] svn commit r2637 - trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox

Tue May 15 04:01:13 PDT 2007

Author: azeez
Date: Tue May 15 04:00:55 2007
New Revision: 2637

Modified:
   trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
Log:
Setting the HTTP Basic Auth properties in the MessageContext




Modified: trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
==============================================================================

--- trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java	(original)
+++ trunk/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java	Tue May 15 04:00:55 2007
@@ -25,6 +25,7 @@
 import org.apache.axis2.description.HandlerDescription;
 import org.apache.axis2.description.Parameter;
 import org.apache.axis2.engine.Handler;
+import org.apache.axis2.transport.http.HTTPConstants;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.rampart.util.Axis2Util;
@@ -35,12 +36,16 @@
 import org.apache.ws.security.message.WSSecUsernameToken;
 import org.w3c.dom.Document;
 import org.wso2.utils.ServerConfiguration;
+import org.wso2.utils.NetworkUtils;
 import org.wso2.wsas.persistence.PersistenceManager;
 import org.wso2.wsas.persistence.dataobject.ServiceDO;
 import org.wso2.wsas.persistence.dataobject.ServiceIdentifierDO;
+import org.wso2.wsas.ServerManager;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.Map;
+import java.io.IOException;
 
 /**
  * Handler to conver the HTTP basic auth information into
@@ -85,18 +90,38 @@
             return InvocationResponse.CONTINUE;
         }
 
-        ServiceDO serviceDO = pm.getService(service.getName(), ServiceIdentifierDO.EMPTY_SERVICE_VERSION);
+        ServiceDO serviceDO =
+                pm.getService(service.getName(), ServiceIdentifierDO.EMPTY_SERVICE_VERSION);
 
         if (serviceDO != null) {
             if (!serviceDO.getIsUTAuthEnabled()) {
-                //TODO: We specifically have to checkx for UT auth
+                //TODO: We specifically have to check for UT auth
                 return InvocationResponse.CONTINUE;
             }
         } else {
-            log.warn("Serivce " + service.getName() + " is not persisted.");
+            log.warn("Service " + service.getName() + " is not persisted.");
             return InvocationResponse.CONTINUE;
         }
 
+        HttpServletRequest request =
+                (HttpServletRequest) msgCtx.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
+        String url = request.getRequestURL().toString();
+        int index = url.indexOf("://");
+        String protocol = url.substring(0, index);
+        if (!protocol.equalsIgnoreCase("https")) {
+            HttpServletResponse response =
+                    (HttpServletResponse) msgCtx.getProperty(HTTPConstants.MC_HTTP_SERVLETRESPONSE);
+            try {
+                String requestURI = request.getRequestURI();
+                response.sendRedirect("https://" +
+                                      NetworkUtils.getLocalHostname() + ":" + ServerManager.httpsPort +
+                                      requestURI);
+                return InvocationResponse.CONTINUE;
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+
         try {
 
             // Set the DOM impl to DOOM
@@ -130,10 +155,9 @@
             //Throw an error
             if (username == null || password == null ||
                 password.trim().length() == 0 || username.trim().length() == 0) {
-                OperationContext opCtx = msgCtx.getOperationContext();
-                opCtx.setProperty(org.apache.axis2.Constants.HTTP_RESPONSE_STATE,
+                msgCtx.setProperty(org.apache.axis2.Constants.HTTP_RESPONSE_STATE,
                                   String.valueOf(HttpServletResponse.SC_UNAUTHORIZED));
-                opCtx.setProperty(org.apache.axis2.Constants.HTTP_BASIC_AUTH_REALM,
+                msgCtx.setProperty(org.apache.axis2.Constants.HTTP_BASIC_AUTH_REALM,
                                   ServerConfiguration.getInstance().getFirstProperty("Name"));
                 throw new AxisFault("Authentication Failure");
             }


