AdminSessionPrx
RegistryI::createAdminSession(const string& user, const string& password, const Current& current)
{
assert(_reaper && _adminSessionFactory);
if(!_adminVerifier)
{
PermissionDeniedException ex;
ex.reason = "no admin permissions verifier configured, use the property\n";
ex.reason += "`IceGrid.Registry.AdminPermissionsVerifier' to configure\n";
ex.reason += "a permissions verifier.";
throw ex;
}
if(user.empty())
{
PermissionDeniedException ex;
ex.reason = "empty user id";
throw ex;
}
try
{
string reason;
if(!_adminVerifier->checkPermissions(user, password, reason, current.ctx))
{
PermissionDeniedException exc;
exc.reason = reason;
throw exc;
}
}
catch(const LocalException& ex)
{
if(_traceLevels && _traceLevels->session > 0)
{
Trace out(_traceLevels->logger, _traceLevels->sessionCat);
out << "exception while verifying password with admin permission verifier:\n" << ex;
}
PermissionDeniedException exc;
exc.reason = "internal server error";
throw exc;
}
AdminSessionIPtr session = _adminSessionFactory->createSessionServant(user);
Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this);
if(_sessionTimeout > 0)
{
_reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout);
}
return AdminSessionPrx::uncheckedCast(proxy);
}
AdminSessionPrx
RegistryI::createAdminSessionFromSecureConnection(const Current& current)
{
assert(_reaper && _adminSessionFactory);
if(!_sslAdminVerifier)
{
PermissionDeniedException ex;
ex.reason = "no ssl admin permissions verifier configured, use the property\n";
ex.reason += "`IceGrid.Registry.AdminSSLPermissionsVerifier' to configure\n";
ex.reason += "a permissions verifier.";
throw ex;
}
string userDN;
Glacier2::SSLInfo info = getSSLInfo(current.con, userDN);
try
{
string reason;
if(!_sslAdminVerifier->authorize(info, reason, current.ctx))
{
PermissionDeniedException exc;
exc.reason = reason;
throw exc;
}
}
catch(const LocalException& ex)
{
if(_traceLevels && _traceLevels->session > 0)
{
Trace out(_traceLevels->logger, _traceLevels->sessionCat);
out << "exception while verifying password with SSL admin permission verifier:\n" << ex;
}
PermissionDeniedException exc;
exc.reason = "internal server error";
throw exc;
}
//
// We let the connection access the administrative interface.
//
AdminSessionIPtr session = _adminSessionFactory->createSessionServant(userDN);
Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this);
if(_sessionTimeout > 0)
{
_reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout);
}
return AdminSessionPrx::uncheckedCast(proxy);
}
Glacier2::SessionPrx
AdminSessionFactory::createGlacier2Session(const string& sessionId, const Glacier2::SessionControlPrx& ctl)
{
assert(_servantManager);
AdminSessionIPtr session = createSessionServant(sessionId);
Ice::ObjectPrx proxy = session->_register(_servantManager, 0);
int timeout = 0;
if(ctl)
{
try
{
if(_filters)
{
Ice::IdentitySeq ids;
Ice::Identity queryId;
queryId.category = _database->getInstanceName();
queryId.name = "Query";
ids.push_back(queryId);
_servantManager->setSessionControl(session, ctl, ids);
}
timeout = ctl->getSessionTimeout();
}
catch(const Ice::LocalException& e)
{
session->destroy(Ice::Current());
Ice::Warning out(_database->getTraceLevels()->logger);
out << "Failed to callback Glacier2 session control object:\n" << e;
Glacier2::CannotCreateSessionException ex;
ex.reason = "internal server error";
throw ex;
}
}
_reaper->add(new SessionReapable<AdminSessionI>(_database->getTraceLevels()->logger, session), timeout);
return Glacier2::SessionPrx::uncheckedCast(proxy);
}
