/** * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Sun Microsystems, Inc. or the names of * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * This software is provided "AS IS," without a warranty of any * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY * DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR * DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN * OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, * OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR * PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF * LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that Software is not designed, licensed or * intended for use in the design, construction, operation or * maintenance of any nuclear facility. */ package com.cmtchips.procurement; import javax.jws.WebService; import javax.jws.WebMethod; import javax.annotation.PropertySet; import com.sun.tools.ide.soa.sc.annotation.OperationPosition; import com.sun.tools.ide.soa.sc.annotation.DiscoveryReg; import com.cmtchips.schemaobjs.*; import java.util.Set; import java.util.List; import java.util.Date; import java.util.Map; import java.util.HashMap; import com.sun.enterprise.security.SecurityContext; import javax.security.auth.Subject; import java.security.Principal; import org.w3c.dom.Element; import org.w3c.dom.DOMException; /** * This class WebservicesProviderWithJSR196 is a simple purchase * webservice implementation relies on asserted purchase limit and the * purchaser role of the user that has been authenticated at the liberty based * identity provider/discovery service. This web service uses Liberty based * JSR 196 server provider for the message level authentication and process the * request by using the security attributes that are exposed through the * Subject upon successul authentication. */ @WebService(wsdlLocation = "CMTChipsPurchase.wsdl", serviceName = "WebservicesProviderWithJSR196") @DiscoveryReg(securityMechID = "urn:liberty:security:2004-04:null:Bearer", serviceType = "urn:liberty:sample:tichips", resourceID = "urn:liberty:isf:implied-resource", endpoint = "http://krishna3.sfbay.sun.com:8080/CMTChips/CMTChipsPurchase", directive1 = "GenerateBearerToken", directive2 = "AuthenticateRequester") @PropertySet( {"transformSet = CMTChipsPurchaseTransformation.java"}) public class WebservicesProviderWithJSR196 { /** * Default constructor */ public WebservicesProviderWithJSR196() {} /** * Process the PurchaseOrder request and returns * the PurchaseOrderStatus. * @param request purchase order request. * @return PurchaseOrderStatus. */ public PurchaseOrderStatus requestPurchase(PurchaseOrder request) { PurchaseOrderStatus _retVal = new PurchaseOrderStatus();; System.out.println("PO ID obtained is " + request.getPoID()); SecurityContext iSC = SecurityContext.getCurrent(); String role = null; String limit = "0"; if (iSC != null) { //Read the authenticated principal. final Subject subject = iSC.getSubject(); Set iPrincipals = subject.getPrincipals(); for (Principal principal : iPrincipals) { String iUname = principal.getName(); System.out.println("name obtained is " + iUname); } //Obtain the credentials and read the purchase security // attributes that are exposed by the JSR196 Server provider // upon successul authentication. Set publicCreds = subject.getPublicCredentials(); // Process the credential attributes for the request. boolean roleFound = false; boolean limitFound = false; try { for (Object obj : publicCreds) { Map vals = (HashMap)obj; if (vals != null) { role = (String)vals.get("UserRole"); limit = (String)vals.get("PurchaseLimit"); System.out.println("role " + role); System.out.println("limit " + limit); if (role != null && role.equals("purchaser")) roleFound = true; if (limit != null) limitFound = true; } } Date now = new Date(); if (roleFound && limitFound) { //Verify if the request is within the limit of an // asserted limit. if (isWithinLimit(request, limit)) { _retVal.setOrderid(request.getPoID()); _retVal.setTimestamp(now.toString()); _retVal.setMessage("Thank you for the purchase!"); } else { _retVal.setOrderid("XXXX"); _retVal.setTimestamp(now.toString()); _retVal.setMessage("Sorry you dont have the proper" + " purchase limit"); } } } catch(DOMException excp) { System.out.println("request parsing failed."); excp.printStackTrace(); } } return _retVal; } /** * Returns true if the requested limit is within the asserted limit. */ private boolean isWithinLimit(PurchaseOrder request, String limit) { boolean inLimit = false; LineItem[] items = request.getItems(); int total = 0; for (LineItem item : items) { System.out.println("item name is " + item.getItemname()); total += item.getPrice().intValue() * item.getQuantity(); } if (total <= Integer.valueOf(limit).intValue()) inLimit = true; return inLimit; } }