public void ProcessRequest(HttpContext context)
{
try
{
var form = _factory.BuildParamsCollectionFrom(new HttpRequest(new HttpRequestWrapper(HttpContext.Current.Request)));
var serviceInstance = _container.Get(_type);
var authorizationResult = _securityManager.Authorize <InvokeService>(serviceInstance);
if (!authorizationResult.IsAuthorized)
{
throw new HttpStatus.HttpStatusException(404, "Forbidden");
}
var result = _invoker.Invoke(_url, serviceInstance, context.Request.Url, form);
context.Response.Write(result);
}
catch (Exception e)
{
_exceptionPublisher.Publish(e);
if (e.InnerException is HttpStatus.HttpStatusException)
{
var ex = e.InnerException as HttpStatus.HttpStatusException;
context.Response.StatusCode = ex.Code;
context.Response.StatusDescription = ex.Description;
}
else
{
context.Response.StatusCode = 500;
context.Response.StatusDescription = e.Message.Substring(0, e.Message.Length >= 512 ? 512: e.Message.Length);
}
}
}
public Task ProcessRequest(HttpContext context)
{
try
{
var request = context.Request;
_logger.Information($"Request : {request.Path}");
var form = _factory.BuildParamsCollectionFrom(new HttpRequest(context.Request));
var serviceInstance = _container.Get(_type);
_logger.Trace("Authorize");
var authorizationResult = _securityManager.Authorize <InvokeService>(serviceInstance);
if (!authorizationResult.IsAuthorized)
{
_logger.Trace("Not authorized");
throw new HttpStatus.HttpStatusException(404, "Forbidden");
}
_logger.Trace("Authorized");
var url = $"{request.Scheme}://{request.Host}{request.Path}";
_logger.Trace($"URL : {url}");
var result = _invoker.Invoke(_url, serviceInstance, new Uri(url), form);
_logger.Trace($"Result : {result}");
return(context.Response.WriteAsync(result));
}
catch (Exception e)
{
_exceptionPublisher.Publish(e);
var message = string.Empty;
if (e.InnerException is HttpStatus.HttpStatusException)
{
var ex = e.InnerException as HttpStatus.HttpStatusException;
context.Response.StatusCode = ex.Code;
message = ex.Description;
}
else
{
context.Response.StatusCode = 500;
message = e.Message.Substring(0, e.Message.Length >= 512 ? 512: e.Message.Length);
}
context.Response.ContentType = "application/json";
return(context.Response.WriteAsync($"{{'message':'{message}'}}"));
}
}
/// <summary>
/// Checks the permission for requested action as specified in particular permission .ctor.
/// The check is performed in the scope of supplied session, or if no session was supplied then
/// current execution context session is assumed
/// </summary>
/// <returns>True when action is authorized, false otherwise</returns>
public virtual bool Check(ISecurityManager secman, ISession sessionInstance = null)
{
secman.NonNull(nameof(secman));
var session = sessionInstance ?? ExecutionContext.Session ?? NOPSession.Instance;
var user = session.User;
//System user passes all permission checks
if (user.Status == UserStatus.System)
{
return(true);
}
var access = secman.Authorize(user, this);
if (!access.IsAssigned)
{
return(false);
}
return(DoCheckAccessLevel(secman, session, access));
}
#pragma warning disable 1591 // Xml Comments
public AuthorizationResult Authorize(ICommand command)
{
return(_securityManager.Authorize <HandleCommand>(command));
}
public bool Authorize(IDBOperation operation, bool isInitializeCall)
{
if (_nodeContext.StatusLatch.IsAnyBitsSet(NodeStatus.Initializing))
{
_nodeContext.StatusLatch.WaitForAny(NodeStatus.Running);
}
bool isInitialized = true;
if (!isInitializeCall)
//This portion is to verify if database is initialized or not, it has nothing to do with security (authorization or authentication)
{
ClientSessionId clientSessionId = operation.SessionId as ClientSessionId;
if (!(initializedDatabases != null && initializedDatabases.ContainsKey(operation.Database) && (initializedDatabases[operation.Database].Contains(operation.SessionId) || (clientSessionId != null && initializedDatabases[operation.Database].Contains(clientSessionId.RouterSessionId)))))
{
isInitialized = false;
}
//throw new DistributorException(ErrorCodes.Distributor.DATABASE_NOT_INITIALIZED, new[] {operation.Database});
}
//Authorization
bool isAuthorized = false;
ISessionId sessionId = operation.SessionId;
Permission permission = null;
switch (operation.OperationType)
{
case DatabaseOperationType.Get:
case DatabaseOperationType.GetChunk:
case DatabaseOperationType.ReadQuery:
case DatabaseOperationType.DisposeReader:
permission = Permission.Read;
break;
case DatabaseOperationType.Insert:
case DatabaseOperationType.Delete:
case DatabaseOperationType.Replace:
case DatabaseOperationType.Update:
case DatabaseOperationType.WriteQuery:
permission = Permission.Write;
break;
case DatabaseOperationType.Init:
permission = Permission.Init;
break;
}
//if(LoggerManager.Instance.SecurityLogger != null && LoggerManager.Instance.SecurityLogger.IsInfoEnabled)
//{
// LoggerManager.Instance.SecurityLogger.Info("DataBaseEngine.Authorize", "Operation: " + operation.OperationType);
//}
if (permission != null)
{
ResourceId resourceId;
ResourceId superResourceId;
Security.Impl.SecurityManager.GetSecurityInformation(permission, operation.Database, out resourceId, out superResourceId, null);
isAuthorized = SecurityManager.Authorize(_nodeContext.LocalShardName, sessionId, resourceId, superResourceId, permission);
_nodeContext.TopologyImpl.IsOpertionAllow(operation.Database);
}
if (isAuthorized && !isInitialized)
{
this.InitializeDatabase(new InitDatabaseOperation()
{
Database = operation.Database, SessionId = operation.SessionId
});
}
return(isAuthorized);
}
#pragma warning disable 1591 // Xml Comments
public AuthorizationResult Authorize <T>(IReadModelOf <T> readModelOf) where T : IReadModel
{
return(_securityManager.Authorize <Fetching>(readModelOf));
}
/// <inheritdoc/>
public AuthorizationResult Authorize(CommandRequest command)
{
return(_securityManager.Authorize <HandleCommand>(_converter.Convert(command)));
}
