public static function getInstance() { if (empty(self::$_instance)) { self::$_instance = new Registry(); } return self::$_instance; }
public function AuthorizeAccess($resource, ORBSecurity $security) { $resource = ServiceRegistry::GetMapping($resource); $accessConstraintList = $security->GetConstraints($resource); $grantConstraints = array(); $rejectConstraints = array(); /*int*/ $currentPriority = 0; while ($currentPriority < count($accessConstraintList)) { /*StringCollection*/ $accessConstraintsNames = (array) $accessConstraintList[$currentPriority]; //StringCollection accessConstraintsNames = accessConstraintList[currentPriority]; foreach ($accessConstraintsNames as $constraintName) { /*AccessConstraint*/ $constraint = $security->getAccessConstraint($constraintName); //AccessConstraint constraint = (AccessConstraint)security.getAccessConstraint(constraintName); if ($constraint->IsGrant()) { array_push($grantConstraints, $constraint); } else { array_push($rejectConstraints, $constraint); } } ++$currentPriority; } foreach ($grantConstraints as $constraint) { if ($constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access allowed. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return true; } } foreach ($rejectConstraints as $constraint) { if (!$constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access denied. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return false; } } if ($security->GetDeploymentMode() == ORBSecurity::CLOSEDSYSTEM_MODE) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access to resource " . $resource . " has been denied. WebORB Closed-System Mode requires explicit access declaration for all resources"); } return false; } return true; }
public static function handleInvoke(Request $request, $targetObject, $function, &$arg) { $config = ORBConfig::getInstance(); $handlers = $config->getHandlers(); $resolvedName = ServiceRegistry::getMapping($targetObject); if (!$config->getSecurity()->canAccess($resolvedName)) { throw new ServiceException("WebORB security has rejected access to class " . $targetObject . ". see server log or contact system administrator", 401); } if (!$config->getSecurity()->canAccess($resolvedName . "#" . $function)) { throw new ServiceException("WebORB security has rejected access to method " . $targetObject . "." . $function . ". see server log or contact system administrator", 401); } $timeStart = microtime(true); $value = $handlers->invoke($resolvedName, $function, $arg); $logMessage = sprintf("Service \"{$resolvedName}::{$function}\" execute time: %0.3f", microtime(true) - $timeStart); if (LOGGING) { Log::log(LoggingConstants::PERFORMANCE, $logMessage); } return $value->getObject(); }
/** * @param message * @return * @throws ServiceException */ public function dispatch(Request &$request) { $message = $request; if (!$this->isInspectionRequest($message)) { return false; } if (LOGGING) { Log::log(LoggingConstants::INFO, "Request is recognized as an inspection request. Handling service inspection"); } /*String*/ $requestURI = $message->getRequestURI(); /*String*/ $targetObject = substr($requestURI, 0, strrpos($requestURI, '.')); $targetObject = ServiceRegistry::getMapping($targetObject); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "Request URI - " . $requestURI); Log::log(LoggingConstants::DEBUG, "Target Service - " . $targetObject); } $responseObject = ORBConfig::getInstance()->getHandlers()->inspect($targetObject); if ($responseObject == null || $responseObject->getObject() instanceof Exception) { if (LOGGING) { Log::log(LoggingConstants::ERROR, "None of the handlers were able to inspect the target service. The service may not be found"); } /*Exception*/ $exception = $responseObject != null ? $responseObject->getObject() : new InspectionException($targetObject); $message->setResponseBodyPart($exception); $message->setResponseURI("/onStatus"); } else { if (LOGGING) { Log::log(LoggingConstants::DEBUG, "Inspection response object is " . $responseObject->getName()); } $responseObject->setAddress($targetObject); $message->setResponseBodyPart($responseObject->getObject()); $message->setResponseURI("/onResult"); } return true; }
public function getConstraints($resource) { if (array_key_exists(str_replace("#", ".", $resource), $this->m_secureResources)) { return $this->m_secureResources[str_replace("#", ".", $resource)]; } // if(array_key_exists($resource,str_replace("#")$this->m_secureResources)) // return $this->m_secureResources[ $resource ]; if (strpos($resource, "*") === false && array_key_exists(ServiceRegistry::getReverseMapping($resource), $this->m_secureResources)) { return $this->m_secureResources[ServiceRegistry::getReverseMapping($resource)]; } //$dotIndex = strrpos($resource,'.'); //if($dotIndex !== false && $resource[ $dotIndex + 1 ] == '*' ) //{ // $dotIndex = strpos($resource,'.',$dotIndex - 1); //} //if($dotIndex !== false) //{ // $resource = substr($resource,0,$dotIndex+1 ) . "*"; // // return $this->getConstraints( $resource ); // } $parts = explode(".", $resource); if (count($parts) > 1 && $parts[count($parts) - 1] == "*") { array_pop($parts); } if (count($parts) > 1) { array_pop($parts); $resource = implode(".", $parts) . ".*"; return $this->getConstraints($resource); } if (array_key_exists("*", $this->m_secureResources)) { return $this->m_secureResources["*"]; } return null; }
private function createSelector() { /*IMessageSelector*/ $selector = null; if ($this->selectorName != null && strlen(trim($this->selectorName)) > 0) { $this->selectorName = ServiceRegistry::getMapping($this->selectorName); try { $selector = ObjectFactories::createServiceObject($this->selectorName); if ($selector != null) { $selector->setClientId($this->clientId); } } catch (Exception $exception) { if (LOGGING) { Log::log(LoggingConstants::ERROR, "unable to create message selector object"); Log::log(LoggingConstants::ERROR, "will treat the selector as a query - " . $this->selectorName); } } } }
public function execute(Request $request) { if ("5" == $this->operation || "2" == $this->operation || "0" == $this->operation || "1" == $this->operation) { // $bodyData = $request->getRequestBodyData(); // $namedObject = $bodyData[0]; // /*CommandMessage*/ $commandMessage = new CommandMessage($this->operation, $namedObject); // return $commandMessage->execute($request); } else { if ("9" == $this->operation) { ThreadContext::setCallerCredentials(null); return new AckMessage($this->messageId, $this->clientId, null); } else { if ("8" == $this->operation) { $arr = $this->body->getBody(); $adaptingType = $arr[0]; $authData = split(":", base64_decode($adaptingType->defaultAdapt())); $credentials = new Credentials($authData[0], $authData[1]); $authHandler = ORBSecurity::getAuthenticationHandler(ThreadContext::getORBConfig()); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "got auth handler " . get_class($authHandler)); } if (LOGGING) { Log::log(LoggingConstants::MYDEBUG, "file: 'ReqMessage.php' got auth handler " . get_class($authHandler)); } if ($authHandler == null) { $errorMessage = new ErrMessage($this->messageId, new ServiceException("Missing authentication handler")); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } try { $authHandler->checkCredentials($credentials->getUserId(), $credentials->getPassword(), $request); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "credentials are valid "); } ThreadContext::setCallerCredentials($credentials); } catch (Exception $e) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, "authentication exception", $e); } $errorMessage = new ErrMessage($this->messageId, $e); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } return new AckMessage($this->messageId, $this->clientId, null); } else { if (is_null($this->body->getBody())) { $arr = array(0); $this->body->setBody($arr); } else { if (!is_array($this->body->getBody())) { $arr = array($this->body->getBody()); $this->body->setBody($arr); } } try { // Log::log(LoggingConstants::MYDEBUG, $_SESSION["credentials"]); $resolvedName = ServiceRegistry::getMapping($this->destination); if ($resolvedName == "*") { $this->destination = $this->source; } $body = $this->body->getBody(); $returnValue = Invoker::handleInvoke($request, $this->destination, $this->operation, $body); return new AckMessage($this->messageId, $this->clientId, $returnValue); } catch (Exception $e) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, "method invocation exception" . $e); } return new ErrMessage($this->messageId, $e); } } } } }