From df63437fdf5eacc9e26ec105fb684bc245f5ec25 Mon Sep 17 00:00:00 2001
From: rayhanp1402 <rayhan.hanif14maulana@gmail.com>
Date: Wed, 15 Nov 2023 07:54:38 +0700
Subject: [PATCH] Prohibit unauthorized request to be processed

---
 .../com/gymtracker/handler/LogAuthHandler.java     | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gymtracker/handler/LogAuthHandler.java b/src/main/java/com/gymtracker/handler/LogAuthHandler.java
index 2bafb44..fdabd28 100644
--- a/src/main/java/com/gymtracker/handler/LogAuthHandler.java
+++ b/src/main/java/com/gymtracker/handler/LogAuthHandler.java
@@ -9,6 +9,7 @@ import org.hibernate.SessionFactory;
 
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPFault;
 import javax.xml.soap.SOAPMessage;
 import javax.xml.ws.handler.MessageContext;
 import javax.xml.ws.handler.soap.SOAPHandler;
@@ -39,11 +40,20 @@ public class LogAuthHandler implements SOAPHandler<SOAPMessageContext> {
             if (!outbound) {
                 log(smc, authorized);
             }
-            smc.put("authorized", authorized);
+            if(!authorized) {
+                SOAPBody body = smc.getMessage().getSOAPBody();
+                body.removeContents();
+                SOAPFault soapFault = body.addFault();
+                soapFault.setFaultCode("Access");
+                soapFault.setFaultString("Unauthorized access");
+
+                return false;
+            }
+            return true;
         } catch (Exception e) {
             e.printStackTrace();
+            return false;
         }
-        return true;
     }
 
     private boolean authorize(SOAPMessageContext smc) {
-- 
GitLab