Java Code Examples for org.apache.cxf.binding.soap.SoapMessage#get()
The following examples show how to use
org.apache.cxf.binding.soap.SoapMessage#get() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
protected void policyNotAsserted(UsernameToken assertion, String reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais;
ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason);
}
}
}
if (!assertion.isOptional()) {
throw new PolicyException(new Message(reason, LOG));
}
}
Example 2
| Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
// TODO Auto-generated method stub
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim == null) {
return;
}
Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
SecureConversationToken tok = (SecureConversationToken)ais.iterator()
.next().getAssertion();
doCancel(message, aim, tok);
}
Example 3
| Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
// TODO Auto-generated method stub
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim == null) {
return;
}
Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
if (ais == null || ais.isEmpty()) {
return;
}
SecureConversationToken tok = (SecureConversationToken)ais.iterator()
.next().getAssertion();
doCancel(message, aim, tok);
}
Example 4
| Source File: SoapPreProtocolOutInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
private String getSoapAction(SoapMessage message, BindingOperationInfo boi) {
// allow an interceptor to override the SOAPAction if need be
String action = (String) message.get(SoapBindingConstants.SOAP_ACTION);
// Fall back on the SOAPAction in the operation info
if (action == null) {
if (boi == null) {
action = "\"\"";
} else {
SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
action = soi == null ? "\"\"" : soi.getAction() == null ? "\"\"" : soi.getAction();
}
}
if (!action.startsWith("\"")) {
action = new StringBuilder().append("\"").append(action).append("\"").toString();
}
return action;
}
Example 5
| Source File: AbstractUsernameTokenAuthenticatingInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken)token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Example 6
| Source File: SamlTokenInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
protected void policyNotAsserted(SamlToken assertion, Exception reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais;
ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason.getMessage());
}
}
}
throw new PolicyException(reason);
}
Example 7
| Source File: AbstractUsernameTokenAuthenticatingInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken)token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Example 8
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
protected void policyNotAsserted(UsernameToken assertion, String reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais;
ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason);
}
}
}
if (!assertion.isOptional()) {
throw new PolicyException(new Message(reason, LOG));
}
}
Example 9
| Source File: SCTTokenValidator.java From cxf with Apache License 2.0 | 6 votes |
|
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
// Sleep to make sure token gets replicated
try {
Thread.sleep(2 * 1000);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Credential validatedCredential = super.validate(credential, data);
// Hack to verify the IssuedToken assertion, as this is not done by default in CXF for a
// SecurityContextToken
SoapMessage soapMessage = (SoapMessage)data.getMsgContext();
AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
return validatedCredential;
}
Example 10
| Source File: PolicyBasedWSS4JStaxInInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
public void handleMessage(SoapMessage msg) throws Fault {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
boolean enableStax =
MessageUtils.getContextualBoolean(msg, SecurityConstants.ENABLE_STREAMING_SECURITY);
if (aim != null && enableStax) {
super.handleMessage(msg);
}
}
Example 11
| Source File: StaxSecurityContextInInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
@SuppressWarnings("unchecked")
final List<SecurityEvent> incomingSecurityEventList =
(List<SecurityEvent>)soapMessage.get(SecurityEvent.class.getName() + ".in");
if (incomingSecurityEventList != null) {
try {
doResults(soapMessage, incomingSecurityEventList);
} catch (WSSecurityException e) {
throw createSoapFault(soapMessage.getVersion(), e);
}
}
}
Example 12
| Source File: WSS4JInInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
private String getAction(SoapMessage msg, SoapVersion version) {
String action = (String)getOption(WSHandlerConstants.ACTION);
if (action == null) {
action = (String)msg.get(WSHandlerConstants.ACTION);
}
if (action == null) {
LOG.warning("No security action was defined!");
throw new SoapFault("No security action was defined!", version.getReceiver());
}
return action;
}
Example 13
| Source File: SecurityVerificationOutInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
/**
* Checks if some security assertions are specified without binding assertion and cannot be fulfilled.
* Throw PolicyException in this case
*
* @param message
* @throws PolicyException if assertions are specified without binding
*/
public void handleMessage(SoapMessage message) throws Fault {
if (MessageUtils.isRequestor(message)) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
if (aim != null) {
Collection<AssertionInfo> aisTransport = aim.get(SP12Constants.TRANSPORT_BINDING);
Collection<AssertionInfo> aisAssymetric = aim.get(SP12Constants.ASYMMETRIC_BINDING);
Collection<AssertionInfo> aisSymetric = aim.get(SP12Constants.SYMMETRIC_BINDING);
if (((aisTransport == null) || aisTransport.isEmpty())
&& ((aisAssymetric == null) || aisAssymetric.isEmpty())
&& ((aisSymetric == null) || aisSymetric.isEmpty())) {
Collection<AssertionInfo> aisSignedParts = aim.get(SP12Constants.SIGNED_PARTS);
checkAssertion(aisSignedParts, SP12Constants.SIGNED_PARTS);
Collection<AssertionInfo> aisSignedElements = aim.get(SP12Constants.SIGNED_ELEMENTS);
checkAssertion(aisSignedElements, SP12Constants.SIGNED_ELEMENTS);
Collection<AssertionInfo> aisEncryptedParts = aim.get(SP12Constants.ENCRYPTED_PARTS);
checkAssertion(aisEncryptedParts, SP12Constants.ENCRYPTED_PARTS);
Collection<AssertionInfo> aisEncryptedElements =
aim.get(SP12Constants.ENCRYPTED_ELEMENTS);
checkAssertion(aisEncryptedElements, SP12Constants.ENCRYPTED_ELEMENTS);
Collection<AssertionInfo> aisContentEncryptedElements =
aim.get(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
checkAssertion(aisContentEncryptedElements, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
}
}
}
}
Example 14
| Source File: SoapPreProtocolOutInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
private void setSoapAction(SoapMessage message) {
BindingOperationInfo boi = message.getExchange().getBindingOperationInfo();
// The soap action is set on the wrapped operation.
if (boi != null && boi.isUnwrapped()) {
boi = boi.getWrappedOperation();
}
String action = getSoapAction(message, boi);
if (message.getVersion() instanceof Soap11) {
Map<String, List<String>> tempReqHeaders = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
Map<String, List<String>> reqHeaders
= CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
if (reqHeaders != null) {
tempReqHeaders.putAll(reqHeaders);
}
if (!tempReqHeaders.containsKey(SoapBindingConstants.SOAP_ACTION)) {
tempReqHeaders.put(SoapBindingConstants.SOAP_ACTION, Collections.singletonList(action));
}
message.put(Message.PROTOCOL_HEADERS, tempReqHeaders);
} else if (message.getVersion() instanceof Soap12 && !"\"\"".equals(action)) {
String ct = (String) message.get(Message.CONTENT_TYPE);
if (ct.indexOf("action=\"") == -1) {
ct = new StringBuilder().append(ct)
.append("; action=").append(action).toString();
message.put(Message.CONTENT_TYPE, ct);
}
}
}
Example 15
| Source File: WSS4JInOutTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testEncryptedUsernameToken() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(
ConfigurationConstants.ACTION,
ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION
);
outProperties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "alicePassword");
outProperties.put(ConfigurationConstants.ENCRYPTION_USER, "myalias");
outProperties.put(
ConfigurationConstants.ENCRYPTION_PARTS,
"{Content}{" + WSS4JConstants.WSSE_NS + "}UsernameToken"
);
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(
ConfigurationConstants.ACTION,
ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPTION
);
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
List<String> xpaths = new ArrayList<>();
xpaths.add("//wsse:Security");
SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties);
List<WSHandlerResult> handlerResults = getResults(inmsg);
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
//
// This should contain exactly 2 protection results
//
final java.util.List<WSSecurityEngineResult> protectionResults =
handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 2);
final Principal p1 = (Principal)protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Principal p2 = (Principal)protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL);
assertTrue(p1 instanceof UsernameTokenPrincipal || p2 instanceof UsernameTokenPrincipal);
Principal utPrincipal = p1 instanceof UsernameTokenPrincipal ? p1 : p2;
SecurityContext securityContext = inmsg.get(SecurityContext.class);
assertNotNull(securityContext);
assertSame(securityContext.getUserPrincipal(), utPrincipal);
}
Example 16
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
private void processUsernameToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())) {
try {
final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
if (princ != null) {
List<WSSecurityEngineResult>v = new ArrayList<WSSecurityEngineResult>();
int action = WSConstants.UT;
if (princ.getPassword() == null) {
action = WSConstants.UT_NOPASSWORD;
}
v.add(0, new WSSecurityEngineResult(action, princ, null, null, null));
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, v);
results.add(0, rResult);
assertUsernameTokens(message, princ);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, princ);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
Subject subject = createSubject(princ.getName(), princ.getPassword(),
princ.isPasswordDigest(), princ.getNonce(), princ.getCreatedTime());
message.put(SecurityContext.class,
createSecurityContext(princ, subject));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Example 17
| Source File: WSS4JInInterceptor.java From cxf with Apache License 2.0 | 4 votes |
|
public final boolean isGET(SoapMessage message) {
String method = (String)message.get(org.apache.cxf.message.Message.HTTP_REQUEST_METHOD);
return "GET".equals(method) && message.getContent(XMLStreamReader.class) == null;
}
Example 18
| Source File: AbstractTokenInterceptor.java From cxf with Apache License 2.0 | 4 votes |
|
protected boolean isTLSInUse(SoapMessage message) {
// See whether TLS is in use or not
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
return tlsInfo != null;
}
Example 19
| Source File: SoapActionInInterceptor.java From cxf with Apache License 2.0 | 4 votes |
|
public static String getSoapAction(Message m) {
if (!(m instanceof SoapMessage)) {
return null;
}
SoapMessage message = (SoapMessage)m;
if (message.getVersion() instanceof Soap11) {
Map<String, List<String>> headers
= CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
if (headers != null) {
List<String> sa = headers.get(SoapBindingConstants.SOAP_ACTION);
if (sa != null && !sa.isEmpty()) {
String action = sa.get(0);
if (action.startsWith("\"") || action.startsWith("\'")) {
action = action.substring(1, action.length() - 1);
}
return action;
}
}
} else if (message.getVersion() instanceof Soap12) {
String ct = (String) message.get(Message.CONTENT_TYPE);
if (ct == null) {
return null;
}
int start = ct.indexOf("action=");
if (start == -1 && ct.indexOf("multipart/related") == 0 && ct.indexOf("start-info") == -1) {
// the action property may not be found at the package's content-type for non-mtom multipart message
// but skip searching if the start-info property is set
List<String> cts = CastUtils.cast((List<?>)(((Map<?, ?>)
message.get(AttachmentDeserializer.ATTACHMENT_PART_HEADERS)).get(Message.CONTENT_TYPE)));
if (cts != null && !cts.isEmpty()) {
ct = cts.get(0);
start = ct.indexOf("action=");
}
}
if (start != -1) {
int end;
char c = ct.charAt(start + 7);
// handle the extraction robustly
if (c == '\"') {
start += 8;
end = ct.indexOf('\"', start);
} else if (c == '\\' && ct.charAt(start + 8) == '\"') {
start += 9;
end = ct.indexOf('\\', start);
} else {
start += 7;
end = ct.indexOf(';', start);
if (end == -1) {
end = ct.length();
}
}
return ct.substring(start, end);
}
}
// Return the Soap Action for the JMS Case
if (message.containsKey(SoapJMSInInterceptor.JMS_SOAP_ACTION_VALUE)) {
return (String)message.get(SoapJMSInInterceptor.JMS_SOAP_ACTION_VALUE);
}
return null;
}
Example 20
| Source File: WSS4JInOutTest.java From steady with Apache License 2.0 | 4 votes |
|
@Test
public void testEncryptedUsernameToken() throws Exception {
Map<String, String> outProperties = new HashMap<String, String>();
outProperties.put(
WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT
);
outProperties.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");
outProperties.put(WSHandlerConstants.USER, "alice");
outProperties.put("password", "alicePassword");
outProperties.put(WSHandlerConstants.ENCRYPTION_USER, "myalias");
outProperties.put(
WSHandlerConstants.ENCRYPTION_PARTS,
"{Content}{" + WSConstants.WSSE_NS + "}UsernameToken"
);
Map<String, String> inProperties = new HashMap<String, String>();
inProperties.put(
WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT
);
inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties");
inProperties.put(
WSHandlerConstants.PW_CALLBACK_CLASS,
"org.apache.cxf.ws.security.wss4j.TestPwdCallback"
);
List<String> xpaths = new ArrayList<String>();
xpaths.add("//wsse:Security");
SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties);
List<WSHandlerResult> handlerResults = getResults(inmsg);
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
//
// This should contain exactly 2 protection results
//
final java.util.List<WSSecurityEngineResult> protectionResults =
handlerResults.get(0).getResults();
assertNotNull(protectionResults);
assertSame(protectionResults.size(), 2);
final Principal p1 = (Principal)protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
final Principal p2 = (Principal)protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL);
assertTrue(p1 instanceof WSUsernameTokenPrincipal || p2 instanceof WSUsernameTokenPrincipal);
Principal utPrincipal = p1 instanceof WSUsernameTokenPrincipal ? p1 : p2;
Principal secContextPrincipal = (Principal)inmsg.get(WSS4JInInterceptor.PRINCIPAL_RESULT);
assertSame(secContextPrincipal, utPrincipal);
}
