public static function getInstance()
{
if (empty(self::$_instance)) {
self::$_instance = new Registry();
}
return self::$_instance;
}
public function AuthorizeAccess($resource, ORBSecurity $security)
{
$resource = ServiceRegistry::GetMapping($resource);
$accessConstraintList = $security->GetConstraints($resource);
$grantConstraints = array();
$rejectConstraints = array();
/*int*/
$currentPriority = 0;
while ($currentPriority < count($accessConstraintList)) {
/*StringCollection*/
$accessConstraintsNames = (array) $accessConstraintList[$currentPriority];
//StringCollection accessConstraintsNames = accessConstraintList[currentPriority];
foreach ($accessConstraintsNames as $constraintName) {
/*AccessConstraint*/
$constraint = $security->getAccessConstraint($constraintName);
//AccessConstraint constraint = (AccessConstraint)security.getAccessConstraint(constraintName);
if ($constraint->IsGrant()) {
array_push($grantConstraints, $constraint);
} else {
array_push($rejectConstraints, $constraint);
}
}
++$currentPriority;
}
foreach ($grantConstraints as $constraint) {
if ($constraint->Validate()) {
if (LOGGING) {
Log::log(LoggingConstants::SECURITY, "access allowed. resource name - '" . $resource . "'. reason - " . $constraint->GetReason());
}
return true;
}
}
foreach ($rejectConstraints as $constraint) {
if (!$constraint->Validate()) {
if (LOGGING) {
Log::log(LoggingConstants::SECURITY, "access denied. resource name - '" . $resource . "'. reason - " . $constraint->GetReason());
}
return false;
}
}
if ($security->GetDeploymentMode() == ORBSecurity::CLOSEDSYSTEM_MODE) {
if (LOGGING) {
Log::log(LoggingConstants::SECURITY, "access to resource " . $resource . " has been denied. WebORB Closed-System Mode requires explicit access declaration for all resources");
}
return false;
}
return true;
}
public static function handleInvoke(Request $request, $targetObject, $function, &$arg)
{
$config = ORBConfig::getInstance();
$handlers = $config->getHandlers();
$resolvedName = ServiceRegistry::getMapping($targetObject);
if (!$config->getSecurity()->canAccess($resolvedName)) {
throw new ServiceException("WebORB security has rejected access to class " . $targetObject . ". see server log or contact system administrator", 401);
}
if (!$config->getSecurity()->canAccess($resolvedName . "#" . $function)) {
throw new ServiceException("WebORB security has rejected access to method " . $targetObject . "." . $function . ". see server log or contact system administrator", 401);
}
$timeStart = microtime(true);
$value = $handlers->invoke($resolvedName, $function, $arg);
$logMessage = sprintf("Service \"{$resolvedName}::{$function}\" execute time: %0.3f", microtime(true) - $timeStart);
if (LOGGING) {
Log::log(LoggingConstants::PERFORMANCE, $logMessage);
}
return $value->getObject();
}
/**
* @param message
* @return
* @throws ServiceException
*/
public function dispatch(Request &$request)
{
$message = $request;
if (!$this->isInspectionRequest($message)) {
return false;
}
if (LOGGING) {
Log::log(LoggingConstants::INFO, "Request is recognized as an inspection request. Handling service inspection");
}
/*String*/
$requestURI = $message->getRequestURI();
/*String*/
$targetObject = substr($requestURI, 0, strrpos($requestURI, '.'));
$targetObject = ServiceRegistry::getMapping($targetObject);
if (LOGGING) {
Log::log(LoggingConstants::DEBUG, "Request URI - " . $requestURI);
Log::log(LoggingConstants::DEBUG, "Target Service - " . $targetObject);
}
$responseObject = ORBConfig::getInstance()->getHandlers()->inspect($targetObject);
if ($responseObject == null || $responseObject->getObject() instanceof Exception) {
if (LOGGING) {
Log::log(LoggingConstants::ERROR, "None of the handlers were able to inspect the target service. The service may not be found");
}
/*Exception*/
$exception = $responseObject != null ? $responseObject->getObject() : new InspectionException($targetObject);
$message->setResponseBodyPart($exception);
$message->setResponseURI("/onStatus");
} else {
if (LOGGING) {
Log::log(LoggingConstants::DEBUG, "Inspection response object is " . $responseObject->getName());
}
$responseObject->setAddress($targetObject);
$message->setResponseBodyPart($responseObject->getObject());
$message->setResponseURI("/onResult");
}
return true;
}
public function getConstraints($resource)
{
if (array_key_exists(str_replace("#", ".", $resource), $this->m_secureResources)) {
return $this->m_secureResources[str_replace("#", ".", $resource)];
}
// if(array_key_exists($resource,str_replace("#")$this->m_secureResources))
// return $this->m_secureResources[ $resource ];
if (strpos($resource, "*") === false && array_key_exists(ServiceRegistry::getReverseMapping($resource), $this->m_secureResources)) {
return $this->m_secureResources[ServiceRegistry::getReverseMapping($resource)];
}
//$dotIndex = strrpos($resource,'.');
//if($dotIndex !== false && $resource[ $dotIndex + 1 ] == '*' )
//{
// $dotIndex = strpos($resource,'.',$dotIndex - 1);
//}
//if($dotIndex !== false)
//{
// $resource = substr($resource,0,$dotIndex+1 ) . "*";
//
// return $this->getConstraints( $resource );
// }
$parts = explode(".", $resource);
if (count($parts) > 1 && $parts[count($parts) - 1] == "*") {
array_pop($parts);
}
if (count($parts) > 1) {
array_pop($parts);
$resource = implode(".", $parts) . ".*";
return $this->getConstraints($resource);
}
if (array_key_exists("*", $this->m_secureResources)) {
return $this->m_secureResources["*"];
}
return null;
}
private function createSelector()
{
/*IMessageSelector*/
$selector = null;
if ($this->selectorName != null && strlen(trim($this->selectorName)) > 0) {
$this->selectorName = ServiceRegistry::getMapping($this->selectorName);
try {
$selector = ObjectFactories::createServiceObject($this->selectorName);
if ($selector != null) {
$selector->setClientId($this->clientId);
}
} catch (Exception $exception) {
if (LOGGING) {
Log::log(LoggingConstants::ERROR, "unable to create message selector object");
Log::log(LoggingConstants::ERROR, "will treat the selector as a query - " . $this->selectorName);
}
}
}
}
public function execute(Request $request)
{
if ("5" == $this->operation || "2" == $this->operation || "0" == $this->operation || "1" == $this->operation) {
// $bodyData = $request->getRequestBodyData();
// $namedObject = $bodyData[0];
// /*CommandMessage*/ $commandMessage = new CommandMessage($this->operation, $namedObject);
// return $commandMessage->execute($request);
} else {
if ("9" == $this->operation) {
ThreadContext::setCallerCredentials(null);
return new AckMessage($this->messageId, $this->clientId, null);
} else {
if ("8" == $this->operation) {
$arr = $this->body->getBody();
$adaptingType = $arr[0];
$authData = split(":", base64_decode($adaptingType->defaultAdapt()));
$credentials = new Credentials($authData[0], $authData[1]);
$authHandler = ORBSecurity::getAuthenticationHandler(ThreadContext::getORBConfig());
if (LOGGING) {
Log::log(LoggingConstants::DEBUG, "got auth handler " . get_class($authHandler));
}
if (LOGGING) {
Log::log(LoggingConstants::MYDEBUG, "file: 'ReqMessage.php' got auth handler " . get_class($authHandler));
}
if ($authHandler == null) {
$errorMessage = new ErrMessage($this->messageId, new ServiceException("Missing authentication handler"));
$errorMessage->faultCode = "Client.Authentication";
return $errorMessage;
}
try {
$authHandler->checkCredentials($credentials->getUserId(), $credentials->getPassword(), $request);
if (LOGGING) {
Log::log(LoggingConstants::DEBUG, "credentials are valid ");
}
ThreadContext::setCallerCredentials($credentials);
} catch (Exception $e) {
if (LOGGING) {
Log::log(LoggingConstants::EXCEPTION, "authentication exception", $e);
}
$errorMessage = new ErrMessage($this->messageId, $e);
$errorMessage->faultCode = "Client.Authentication";
return $errorMessage;
}
return new AckMessage($this->messageId, $this->clientId, null);
} else {
if (is_null($this->body->getBody())) {
$arr = array(0);
$this->body->setBody($arr);
} else {
if (!is_array($this->body->getBody())) {
$arr = array($this->body->getBody());
$this->body->setBody($arr);
}
}
try {
// Log::log(LoggingConstants::MYDEBUG, $_SESSION["credentials"]);
$resolvedName = ServiceRegistry::getMapping($this->destination);
if ($resolvedName == "*") {
$this->destination = $this->source;
}
$body = $this->body->getBody();
$returnValue = Invoker::handleInvoke($request, $this->destination, $this->operation, $body);
return new AckMessage($this->messageId, $this->clientId, $returnValue);
} catch (Exception $e) {
if (LOGGING) {
Log::log(LoggingConstants::EXCEPTION, "method invocation exception" . $e);
}
return new ErrMessage($this->messageId, $e);
}
}
}
}
}
