package oracle.j2ee.ws.server;

import com.evermind.net.AddressContainer;
import com.evermind.security.User;
import com.evermind.server.RuntimeSecurityRole;
import com.evermind.server.ThreadState;
import com.oracle.server.Invocation;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.GenericHandler;
import javax.xml.rpc.handler.MessageContext;

/* loaded from: input_file:oracle/j2ee/ws/server/EjbContainerPreHandler.class */
public class EjbContainerPreHandler extends GenericHandler {
    private Logger logger = Logger.getLogger(JAXRPCServlet.LOGGER_NAME, JAXRPCServlet.RESOURCE_BUNDLE_NAME);

    public QName[] getHeaders() {
        return null;
    }

    public boolean handleRequest(MessageContext messageContext) {
        this.logger.log(Level.FINE, "msg.ejb.pre-handler", "handleRequest()");
        Invocation currentInvocation = ThreadState.getCurrentState().getCurrentInvocation();
        try {
            currentInvocation.method = WebServiceUtils.getInvocationMethod((Tie) currentInvocation.getWebServiceTie(), messageContext);
            currentInvocation.setWebServiceMethod(currentInvocation.method);
            if (!authorize(currentInvocation)) {
                currentInvocation.exception = new Exception(new StringBuffer().append("Client not authorized for invocation of ").append(currentInvocation.method).toString());
            }
        } catch (Exception e) {
            String stringBuffer = new StringBuffer().append("Error unmarshalling method for ejb ").append(e.getMessage()).toString();
            this.logger.log(Level.WARNING, "msg.ejb.pre-handler.error", stringBuffer);
            WebServiceUtils.throwSOAPFaultException(stringBuffer, messageContext);
        }
        if (currentInvocation.exception == null) {
            return true;
        }
        this.logger.log(Level.WARNING, "msg.ejb.pre-handler.error", currentInvocation.exception);
        WebServiceUtils.throwSOAPFaultException(currentInvocation.exception.getMessage(), messageContext);
        return true;
    }

    public static boolean authorize(Invocation invocation) {
        try {
            RuntimeSecurityRole runtimeSecurityRole = invocation.abstractEjbHome.getEJBPackage().getRuntimeSecurityRole(invocation.method, invocation.abstractEjbHome.getBeanName(), invocation.isWebService);
            User user = ThreadState.getCurrentState().getUser();
            if (runtimeSecurityRole.impliesAll()) {
                return true;
            }
            return runtimeSecurityRole.impliesUser(user, (AddressContainer) null);
        } catch (Throwable th) {
            th.printStackTrace();
            return false;
        }
    }
}
