public function AuthorizeAccess($resource, ORBSecurity $security) { $resource = ServiceRegistry::GetMapping($resource); $accessConstraintList = $security->GetConstraints($resource); $grantConstraints = array(); $rejectConstraints = array(); /*int*/ $currentPriority = 0; while ($currentPriority < count($accessConstraintList)) { /*StringCollection*/ $accessConstraintsNames = (array) $accessConstraintList[$currentPriority]; //StringCollection accessConstraintsNames = accessConstraintList[currentPriority]; foreach ($accessConstraintsNames as $constraintName) { /*AccessConstraint*/ $constraint = $security->getAccessConstraint($constraintName); //AccessConstraint constraint = (AccessConstraint)security.getAccessConstraint(constraintName); if ($constraint->IsGrant()) { array_push($grantConstraints, $constraint); } else { array_push($rejectConstraints, $constraint); } } ++$currentPriority; } foreach ($grantConstraints as $constraint) { if ($constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access allowed. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return true; } } foreach ($rejectConstraints as $constraint) { if (!$constraint->Validate()) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access denied. resource name - '" . $resource . "'. reason - " . $constraint->GetReason()); } return false; } } if ($security->GetDeploymentMode() == ORBSecurity::CLOSEDSYSTEM_MODE) { if (LOGGING) { Log::log(LoggingConstants::SECURITY, "access to resource " . $resource . " has been denied. WebORB Closed-System Mode requires explicit access declaration for all resources"); } return false; } return true; }
public function preConfig() { try { /*DestinationManager*/ $destinationManager = $this->orbConfig->getDataServices()->getDestinationManager(); if (count(self::$services) != 0) { for ($i = 0, $max = count(self::$services); $i < $max; $i++) { /*String*/ $serviceId = self::$services[$i]; /*RemotingDestination*/ $remotingDestination = $destinationManager->getDestination($serviceId); if ($remotingDestination == null) { continue; } ORBSecurity::unsecureResource($remotingDestination->serviceId); $destinationManager->removeDestination($serviceId); $this->orbConfig->getServiceRegistry()->_removeMapping($serviceId); } } } catch (Exception $exception) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, $exception->getMessage()); } } }
public function execute(Request $request) { if (LOGGING) { Log::log(LoggingConstants::DEBUG, "commandmessage " . $this->operation . " operation"); } /*Object*/ $returnValue = null; if ($this->operation == "0") { /*IDestination*/ $destObj = ORBConfig::getInstance()->getDataServices()->getDestinationManager()->getDestination($this->destination); /*Hashtable*/ $headers = array(); if ($destObj != null) { /*String*/ $selectorName = $this->headers["DSSelector"]; /*String*/ $subtopic = $this->headers["DSSubtopic"]; /*String*/ $dsId = $this->headers["DSId"]; /*Subscriber*/ $subscriber = new Subscriber($selectorName, $destObj); $subscriber->setDSId($dsId); $subscriber->setSubtopic($subtopic); $guid = new GUID(); $subscriber->setClientId($guid->toString()); SubscriptionsManager::getInstance()->addSubscriber($dsId, $subscriber); $destObj->getServiceHandler()->handleSubscribe($subscriber); } else { /*String*/ $error = "Unknown destination " . $this->destination . ". Cannot handle subscription request"; if (LOGGING) { Log::log(LoggingConstants::ERROR, $error); } return new ErrMessage($this->messageId, new Exception($error)); } return new AckMessage($this->messageId, $clientId, null, $headers); } else { if ($this->operation == "1") { /*String*/ $dsId = $this->headers["DSId"]; /*Subscriber*/ $subscriber = SubscriptionsManager::getInstance()->getSubscriber($dsId); if ($subscriber == null) { return new ErrMessage($this->messageId, new Exception("Unable to unsubscribe - unknown client")); } /*IDestination*/ $destination = $subscriber->getDestination(); $destination->getServiceHandler()->handleUnsubscribe($subscriber); SubscriptionsManager::getInstance()->removeSubscriber($dsId); } else { if ($this->operation == "2") { /*String*/ $dsId = $this->headers["DSId"]; /*Subscriber*/ $subscriber = SubscriptionsManager::getInstance()->getSubscriber($dsId); if ($subscriber == null) { /*String*/ $error = "Invalid client id " . $dsId; if (LOGGING) { Log::log(LoggingConstants::ERROR, $error); } return new ErrMessage($this->messageId, new Exception($error)); } /*IDestination*/ $destination = $subscriber->getDestination(); //Log::log( LoggingConstants::INFO, "Getting messages from " . $destination->getServiceHandler() ); /*ArrayList*/ $messages = $destination->getServiceHandler()->getMessages($subscriber); $subscriber->setLastRequestTime(microtime(true)); if (count($messages) == 0) { return new AckMessage(null, null, null, array()); } return $this->createCmdMessage("4", $messages); } else { if ($this->operation == "5") { /*Hashtable*/ $headers = array(); $guid = new GUID(); $headers["DSId"] = $guid->toString(); return new AckMessage($this->messageId, $this->clientId, null, $headers); } else { if ($this->operation == "9") { ThreadContext::setCallerCredentials(null); } else { if ($this->operation == "8") { $arr = $this->body->getBody(); $adaptingType = $arr[0]; $authData = split(":", base64_decode($adaptingType->defaultAdapt())); $credentials = new Credentials($authData[0], $authData[1]); $authHandler = ORBSecurity::getAuthenticationHandler(ThreadContext::getORBConfig()); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "got auth handler " . get_class($authHandler)); } if ($authHandler == null) { $errorMessage = new ErrMessage($this->messageId, new ServiceException("Missing authentication handler")); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } try { $authHandler->checkCredentials($credentials->getUserId(), $credentials->getPassword(), $request); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "credentials are valid "); } ThreadContext::setCallerCredentials($credentials); } catch (Exception $e) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, "authentication exception" . $e); } $errorMessage = new ErrMessage($this->messageId, $e); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } return new AckMessage($this->messageId, $this->clientId, null); } } } } } } //echo $this->operation; exit; return new AckMessage($this->messageId, $this->clientId, $returnValue, array()); }
public function execute(Request $request) { if ("5" == $this->operation || "2" == $this->operation || "0" == $this->operation || "1" == $this->operation) { // $bodyData = $request->getRequestBodyData(); // $namedObject = $bodyData[0]; // /*CommandMessage*/ $commandMessage = new CommandMessage($this->operation, $namedObject); // return $commandMessage->execute($request); } else { if ("9" == $this->operation) { ThreadContext::setCallerCredentials(null); return new AckMessage($this->messageId, $this->clientId, null); } else { if ("8" == $this->operation) { $arr = $this->body->getBody(); $adaptingType = $arr[0]; $authData = split(":", base64_decode($adaptingType->defaultAdapt())); $credentials = new Credentials($authData[0], $authData[1]); $authHandler = ORBSecurity::getAuthenticationHandler(ThreadContext::getORBConfig()); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "got auth handler " . get_class($authHandler)); } if (LOGGING) { Log::log(LoggingConstants::MYDEBUG, "file: 'ReqMessage.php' got auth handler " . get_class($authHandler)); } if ($authHandler == null) { $errorMessage = new ErrMessage($this->messageId, new ServiceException("Missing authentication handler")); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } try { $authHandler->checkCredentials($credentials->getUserId(), $credentials->getPassword(), $request); if (LOGGING) { Log::log(LoggingConstants::DEBUG, "credentials are valid "); } ThreadContext::setCallerCredentials($credentials); } catch (Exception $e) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, "authentication exception", $e); } $errorMessage = new ErrMessage($this->messageId, $e); $errorMessage->faultCode = "Client.Authentication"; return $errorMessage; } return new AckMessage($this->messageId, $this->clientId, null); } else { if (is_null($this->body->getBody())) { $arr = array(0); $this->body->setBody($arr); } else { if (!is_array($this->body->getBody())) { $arr = array($this->body->getBody()); $this->body->setBody($arr); } } try { // Log::log(LoggingConstants::MYDEBUG, $_SESSION["credentials"]); $resolvedName = ServiceRegistry::getMapping($this->destination); if ($resolvedName == "*") { $this->destination = $this->source; } $body = $this->body->getBody(); $returnValue = Invoker::handleInvoke($request, $this->destination, $this->operation, $body); return new AckMessage($this->messageId, $this->clientId, $returnValue); } catch (Exception $e) { if (LOGGING) { Log::log(LoggingConstants::EXCEPTION, "method invocation exception" . $e); } return new ErrMessage($this->messageId, $e); } } } } }