Skip to content
Permalink
Browse files
add a switch to turn on / off arbac02 checks.
  • Loading branch information
shawnmckinney committed Mar 16, 2019
1 parent 72c9600 commit e66a5e639e3c3d9807bd42676269cac8aa52998a
Showing 1 changed file with 35 additions and 38 deletions.
@@ -59,61 +59,58 @@
*
* @param fortRequest Used to carry the session and other data.
* @param httpRequest Used to get the security principal.
* @return Response containing the RBAC session object if found or error, otherwise (not arbac02 not enabled) return NULL value.
* @return Response will contain the RBAC session object (if found) or a system error if a problem in the get. If arbac02 isn't enabled, it will return a NULL.
*/
static FortResponse initializeSession(FortRequest fortRequest, HttpServletRequest httpRequest)
{
Session realmSession;
FortResponse fortResponse = null;
try
// Have the fortress arbac02 runtime checks been enabled?.
if (Config.getInstance().getBoolean("is.arbac02"))
{
// Only grab RBAC session from realm if needed for ARBAC02 checks later on.
if (Config.getInstance().getBoolean("is.arbac02"))
if (httpRequest == null)
{
if (httpRequest == null)
{
fortResponse = new FortResponse();
fortResponse.setErrorCode(GlobalErrIds.REST_NULL_HTTP_REQ_ERR);
fortResponse.setErrorMessage("initializeSession detected null HTTP Request");
fortResponse.setHttpStatus(403);
}
else
// Improper container config.
fortResponse = new FortResponse();
fortResponse.setErrorCode(GlobalErrIds.REST_NULL_HTTP_REQ_ERR);
fortResponse.setErrorMessage("initializeSession detected null HTTP Request");
fortResponse.setHttpStatus(403);
}
else
{
try
{
try
// Get the security principal from the runtime.
String szPrincipal = httpRequest.getUserPrincipal().toString();
// This has to happen before it can be used by Fortress.
realmSession = j2eePolicyMgr.deserialize(szPrincipal);
if (realmSession != null)
{
String szPrincipal = httpRequest.getUserPrincipal().toString();
realmSession = j2eePolicyMgr.deserialize(szPrincipal);
if (realmSession != null)
{
fortRequest.setSession(realmSession);
}
else
{
String error = "initializeSession couldn't get a Security Session from the runtime.";
fortResponse = new FortResponse();
fortResponse.setErrorCode(GlobalErrIds.USER_SESS_NULL);
fortResponse.setErrorMessage(error);
fortResponse.setHttpStatus(403);
LOG.info(error);
}
// The RBAC Session successfully grabbed from the container.
fortRequest.setSession(realmSession);
}
catch (SecurityException se)
else
{
String error = "initializeSession caught SecurityException=" + se.getMessage();
String error = "initializeSession couldn't get a Security Session.";
fortResponse = new FortResponse();
LOG.info(error);
fortResponse.setErrorCode(se.getErrorId());
fortResponse.setErrorCode(GlobalErrIds.USER_SESS_NULL);
fortResponse.setErrorMessage(error);
fortResponse.setHttpStatus(se.getHttpStatus());
fortResponse.setHttpStatus(403);
LOG.info(error);
}
}
catch (SecurityException se)
{
// A problem deserializing the security principal.
String error = "initializeSession caught SecurityException=" + se.getMessage();
fortResponse = new FortResponse();
LOG.info(error);
fortResponse.setErrorCode(se.getErrorId());
fortResponse.setErrorMessage(error);
fortResponse.setHttpStatus(se.getHttpStatus());
}
}
}
catch (java.util.NoSuchElementException e )
{
// Means the config property to turn on/off delegated admin checks wasn't present. Allow the request to continue.
LOG.info("ARBAC02 checks not enforced on the current request.");
}
return fortResponse;
}
}

0 comments on commit e66a5e6

Please sign in to comment.