static FortResponse initializeSession()

in src/main/java/org/apache/directory/fortress/rest/SecUtils.java [73:111]

• 33 lines of code
• 5 McCabe index (conditional complexity)

    static FortResponse initializeSession(FortRequest fortRequest, HttpServletRequest httpRequest)
    {
        Session realmSession;
        FortResponse fortResponse = null;
        // Have the fortress arbac02 runtime checks been enabled?.
        if (Config.getInstance().getBoolean(GlobalIds.IS_ARBAC02))
        {
            if (httpRequest == null)
            {
                // Improper container config.
                fortResponse = createError( GlobalErrIds.REST_NULL_HTTP_REQ_ERR, "initializeSession detected null HTTP Request", 403);
            }
            else
            {
                try
                {
                    // Get the security principal from the runtime.
                    String szPrincipal = httpRequest.getUserPrincipal().toString();
                    // This has to happen before it can be used by Fortress.
                    realmSession = j2eePolicyMgr.deserialize(szPrincipal);
                    if (realmSession != null)
                    {
                        // The RBAC Session successfully grabbed from the container.
                        fortRequest.setSession(realmSession);
                    }
                    else
                    {
                        fortResponse = createError( GlobalErrIds.USER_SESS_NULL, "initializeSession couldn't get a Security Session.", 403);
                    }
                }
                catch (SecurityException se)
                {
                    // A problem deserializing the security principal.
                    fortResponse = createError( se.getErrorId(), "initializeSession caught SecurityException=" + se.getMessage(), se.getHttpStatus());
                }
            }
        }
        return fortResponse;
    }