org.apache.cxf.message.MessageUtils Java Examples

The following examples show how to use org.apache.cxf.message.MessageUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {

        boolean isReq = MessageUtils.isRequestor(message);
        boolean isOut = MessageUtils.isOutbound(message);
        
        if (isReq != isOut) {
            //outbound on server side and inbound on client side doesn't need
            //any saml token stuff, assert policies and return
            assertSamlTokens(message);
            return;
        }
        if (isReq) {
            if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            addSamlToken(message);
        } else {
            if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            processSamlToken(message);
        }
    }
 
Example #2
Source File: UsernameTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {

        boolean isReq = MessageUtils.isRequestor(message);
        boolean isOut = MessageUtils.isOutbound(message);
        if (isReq != isOut) {
            //outbound on server side and inbound on client side doesn't need
            //any username token stuff, assert policies and return
            assertUsernameTokens(message, null);
            return;
        }
        if (isReq) {
            if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            addUsernameToken(message);
        } else {
            if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            processUsernameToken(message);
        }
    }
 
Example #3
Source File: STSUtils.java    From steady with Apache License 2.0 6 votes vote down vote up
public static STSClient getClient(Message message, String type, IssuedToken itok) {
    STSClient client = (STSClient)message
        .getContextualProperty(SecurityConstants.STS_CLIENT);
    if (client == null) {
        if (type == null) {
            type = "";
        } else {
            type = "." + type + "-client";
        }
        client = new STSClient(message.getExchange().get(Bus.class));
        Endpoint ep = message.getExchange().get(Endpoint.class);
        client.setEndpointName(ep.getEndpointInfo().getName().toString() + type);
        client.setBeanName(ep.getEndpointInfo().getName().toString() + type);
        if (MessageUtils.getContextualBoolean(message, SecurityConstants.STS_CLIENT_SOAP12_BINDING, false)) {
            client.setSoap12();
        }
        if ((itok != null) && (itok.getIssuerEpr() != null)) {
            //configure via mex
            boolean useEPRWSAAddrAsMEXLocation = !Boolean.valueOf(
                    (String)message.getContextualProperty(
                     SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS));
            client.configureViaEPR(itok.getIssuerEpr(), useEPRWSAAddrAsMEXLocation);
        }
    }
    return client;
}
 
Example #4
Source File: RMSoapOutInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Encode the current RM properties in protocol-specific headers.
 *
 * @param message the SOAP message.
 * @param rmps the current RM properties.
 */
public static void encode(SoapMessage message, RMProperties rmps) {
    if (null == rmps) {
        return;
    }
    LOG.log(Level.FINE, "encoding RMPs in SOAP headers");
    try {

        AddressingProperties maps = RMContextUtils.retrieveMAPs(message, false, true);
        ProtocolVariation protocol = ProtocolVariation.findVariant(rmps.getNamespaceURI(), maps.getNamespaceURI());
        List<Header> headers = message.getHeaders();
        int startSize = headers.size();
        protocol.getCodec().buildHeaders(rmps, headers);
        if (startSize != headers.size() && MessageUtils.isPartialResponse(message)) {
            // make sure the response is returned as HTTP 200 and not 202
            message.put(Message.RESPONSE_CODE, HttpURLConnection.HTTP_OK);
        }
    } catch (JAXBException je) {
        LOG.log(Level.WARNING, "SOAP_HEADER_ENCODE_FAILURE_MSG", je);
    }
}
 
Example #5
Source File: AbstractBindingBuilder.java    From steady with Apache License 2.0 6 votes vote down vote up
public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WSSecurityException {
    Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
                              SecurityConstants.ENCRYPT_PROPERTIES);
    boolean enableRevocation = MessageUtils.isTrue(
                                   message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
    if (enableRevocation && crypto != null) {
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
        if (encrUser == null) {
            try {
                encrUser = crypto.getDefaultX509Identifier();
            } catch (WSSecurityException e1) {
                throw new Fault(e1);
            }
        }
        cryptoType.setAlias(encrUser);
        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
        if (certs != null && certs.length > 0) {
            crypto.verifyTrust(certs, enableRevocation);
        }
    }
    return crypto;

}
 
Example #6
Source File: ServerProviderFactory.java    From cxf with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unchecked")
public <T extends Throwable> ExceptionMapper<T> createExceptionMapper(Class<?> exceptionType,
                                                                      Message m) {
    
    boolean makeDefaultWaeLeastSpecific =
        MessageUtils.getContextualBoolean(m, MAKE_DEFAULT_WAE_LEAST_SPECIFIC, false);
    
    return (ExceptionMapper<T>)exceptionMappers.stream()
            .filter(em -> handleMapper(em, exceptionType, m, ExceptionMapper.class, Throwable.class, true))
            .sorted(new ExceptionProviderInfoComparator(exceptionType,
                                                        makeDefaultWaeLeastSpecific))
            .map(ProviderInfo::getProvider)
            .findFirst()
            .orElse(null);
    
}
 
Example #7
Source File: AbstractTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    Token token,
    Message message
) {
    IncludeTokenType inclusion = token.getInclusion();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #8
Source File: RequestPreprocessor.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void handleMethod(Message m,
                          MultivaluedMap<String, String> queries,
                          HttpHeaders headers) {
    if (MessageUtils.getContextualBoolean(m, ALLOW_HTTP_METHOD_OVERRIDE, false)) {
        String method = queries.getFirst(METHOD_QUERY);
        if (method == null) {
            List<String> list = headers.getRequestHeader(METHOD_HEADER);
            if (list != null && list.size() == 1) {
                method = list.get(0);
            }
        }
        if (method != null) {
            m.put(Message.HTTP_REQUEST_METHOD, method);
        }
    }
}
 
Example #9
Source File: AbstractSecurityPolicyValidator.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    AbstractToken token,
    Message message
) {
    IncludeTokenType inclusion = token.getIncludeTokenType();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #10
Source File: STSUtils.java    From steady with Apache License 2.0 6 votes vote down vote up
public static STSClient getClient(Message message, String type, IssuedToken itok) {
    STSClient client = (STSClient)message
        .getContextualProperty(SecurityConstants.STS_CLIENT);
    if (client == null) {
        if (type == null) {
            type = "";
        } else {
            type = "." + type + "-client";
        }
        client = new STSClient(message.getExchange().get(Bus.class));
        Endpoint ep = message.getExchange().get(Endpoint.class);
        client.setEndpointName(ep.getEndpointInfo().getName().toString() + type);
        client.setBeanName(ep.getEndpointInfo().getName().toString() + type);
        if (MessageUtils.getContextualBoolean(message, SecurityConstants.STS_CLIENT_SOAP12_BINDING, false)) {
            client.setSoap12();
        }
        if ((itok != null) && (itok.getIssuerEpr() != null)) {
            //configure via mex
            boolean useEPRWSAAddrAsMEXLocation = !Boolean.valueOf(
                    (String)message.getContextualProperty(
                     SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS));
            client.configureViaEPR(itok.getIssuerEpr(), useEPRWSAAddrAsMEXLocation);
        }
    }
    return client;
}
 
Example #11
Source File: MAPAggregatorImpl.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Invoked for normal processing of inbound and outbound messages.
 *
 * @param message the current message
 */
public void handleMessage(Message message) {
    if (!MessageUtils.getContextualBoolean(message, ADDRESSING_DISABLED, false)) {
        mediate(message, ContextUtils.isFault(message));
    } else {
        //addressing is completely disabled manually, we need to assert the
        //assertions as the user is in control of those
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        if (null == aim) {
            return;
        }
        QName[] types = new QName[] {
            MetadataConstants.ADDRESSING_ASSERTION_QNAME,
            MetadataConstants.USING_ADDRESSING_2004_QNAME,
            MetadataConstants.USING_ADDRESSING_2005_QNAME,
            MetadataConstants.USING_ADDRESSING_2006_QNAME,
            MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME,
            MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME,
            MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705,
            MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705
        };
        for (QName type : types) {
            assertAssertion(aim, type);
        }
    }
}
 
Example #12
Source File: AbstractMetricsInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
private Object createEndpointMetrics(Message m) {
    final Endpoint ep = m.getExchange().getEndpoint();
    Object o = ep.get(MetricsContext.class.getName());
    if (o == null) {
        List<MetricsContext> contexts = new ArrayList<>();
        for (MetricsProvider p : getMetricProviders(m.getExchange().getBus())) {
            MetricsContext c = p.createEndpointContext(ep, MessageUtils.isRequestor(m),
                                                       (String)m.getContextualProperty(MetricsProvider.CLIENT_ID));
            if (c != null) {
                contexts.add(c);
            }
            if (c instanceof Closeable) {
                ep.addCleanupHook((Closeable)c);
            }
        }
        if (contexts.size() == 1) {
            o = contexts.get(0);
        } else {
            o = contexts;
        }
        ep.put(MetricsContext.class.getName(), o);
    }
    return o;
}
 
Example #13
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {

        boolean isReq = MessageUtils.isRequestor(message);
        boolean isOut = MessageUtils.isOutbound(message);
        
        if (isReq != isOut) {
            //outbound on server side and inbound on client side doesn't need
            //any saml token stuff, assert policies and return
            assertSamlTokens(message);
            return;
        }
        if (isReq) {
            if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            addSamlToken(message);
        } else {
            if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            processSamlToken(message);
        }
    }
 
Example #14
Source File: AbstractTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    Token token,
    Message message
) {
    IncludeTokenType inclusion = token.getInclusion();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #15
Source File: AbstractSamlPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    Token token,
    Message message
) {
    IncludeTokenType inclusion = token.getInclusion();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #16
Source File: AbstractSoapInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
static String getFaultMessage(SoapMessage message, SoapFault fault) {
    if (message.get("forced.faultstring") != null) {
        return (String) message.get("forced.faultstring");
    }
    boolean config = MessageUtils.getContextualBoolean(message, Message.EXCEPTION_MESSAGE_CAUSE_ENABLED, false);
    if (fault.getMessage() != null) {
        if (config && fault.getCause() != null
            && fault.getCause().getMessage() != null && !fault.getMessage().equals(fault.getCause().getMessage())) {
            return fault.getMessage() + " Caused by: " + fault.getCause().getMessage();
        }
        return fault.getMessage();
    } else if (config && fault.getCause() != null) {
        if (fault.getCause().getMessage() != null) {
            return fault.getCause().getMessage();
        }
        return fault.getCause().toString();
    } else {
        return "Fault occurred while processing.";
    }
}
 
Example #17
Source File: ProviderFactory.java    From cxf with Apache License 2.0 6 votes vote down vote up
public <T> ContextResolver<T> createContextResolver(Type contextType,
                                                    Message m) {
    boolean isRequestor = MessageUtils.isRequestor(m);
    Message requestMessage = isRequestor ? m.getExchange().getOutMessage()
                                         : m.getExchange().getInMessage();

    Message responseMessage = isRequestor ? m.getExchange().getInMessage()
                                          : m.getExchange().getOutMessage();
    Object ctProperty = null;
    if (responseMessage != null) {
        ctProperty = responseMessage.get(Message.CONTENT_TYPE);
    } else {
        ctProperty = requestMessage.get(Message.CONTENT_TYPE);
    }
    MediaType mt = ctProperty != null ? JAXRSUtils.toMediaType(ctProperty.toString())
        : MediaType.WILDCARD_TYPE;
    return createContextResolver(contextType, m, mt);

}
 
Example #18
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {

        boolean isReq = MessageUtils.isRequestor(message);
        boolean isOut = MessageUtils.isOutbound(message);
        
        if (isReq != isOut) {
            //outbound on server side and inbound on client side doesn't need
            //any saml token stuff, assert policies and return
            assertSamlTokens(message);
            return;
        }
        if (isReq) {
            if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            addSamlToken(message);
        } else {
            if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            processSamlToken(message);
        }
    }
 
Example #19
Source File: WSDLGetUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Create a wsdl Definition object from the endpoint information and register
 * it in the local data structure for future reference.
 *
 * @param bus CXF's hub for access to internal constructs
 * @param mp  a map of known wsdl Definition objects
 * @param message
 * @param smp a map of known xsd SchemaReference objects
 * @param base the request URL
 * @param endpointInfo information for a web service 'port' inside of a service
 * @throws WSDLException
 */
protected void updateWSDLKeyDefinition(Bus bus,
                                       Map<String, Definition> mp,
                                       Message message,
                                       Map<String, SchemaReference> smp,
                                       String base,
                                       EndpointInfo endpointInfo) throws WSDLException {
    if (!mp.containsKey("")) {
        ServiceWSDLBuilder builder =
            new ServiceWSDLBuilder(bus, endpointInfo.getService());

        builder.setUseSchemaImports(
            MessageUtils.getContextualBoolean(message, WSDL_CREATE_IMPORTS, false));

        // base file name is ignored if createSchemaImports == false!
        builder.setBaseFileName(endpointInfo.getService().getName().getLocalPart());

        Definition def = builder.build(new HashMap<String, SchemaInfo>());

        mp.put("", def);
        updateDefinition(bus, def, mp, smp, base, "", "");
    }

}
 
Example #20
Source File: AbstractSamlPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    Token token,
    Message message
) {
    IncludeTokenType inclusion = token.getInclusion();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #21
Source File: AbstractCommonBindingHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected boolean isTokenRequired(IncludeTokenType includeToken) {
    if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
            || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
            return true;
        } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
            return true;
        }
        return false;
    }
}
 
Example #22
Source File: AbstractJwsJsonWriterProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected List<String> getPropertyLocations() {
    Message m = JAXRSUtils.getCurrentMessage();
    Object propLocsProp =
        MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,
                                           JoseConstants.RSSEC_SIGNATURE_PROPS);
    if (propLocsProp == null) {
        if (sigProviders == null) {
            LOG.warning("JWS JSON init properties resource is not identified");
            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
        }
        return Collections.emptyList();
    }
    List<String> propLocs = null;
    if (propLocsProp instanceof String) {
        String[] props = ((String)propLocsProp).split(",");
        propLocs = Arrays.asList(props);
    } else {
        propLocs = CastUtils.cast((List<?>)propLocsProp);
    }
    return propLocs;
}
 
Example #23
Source File: AbstractMetricsInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
private synchronized Object createMetricsContextForRestResource(Message message, String resource) {
    Map<String, Object> restMap = getRestMetricsMap(message.getExchange().getEndpoint());
    Object o = restMap.get(resource);
    if (o != null) {
        return o;
    }
    List<MetricsContext> contexts = new ArrayList<>();
    for (MetricsProvider p : getMetricProviders(message.getExchange().getBus())) {
        MetricsContext c = p.createResourceContext(message.getExchange().getEndpoint(),
                                 resource, MessageUtils.isRequestor(message),
                                 (String)message.getContextualProperty(MetricsProvider.CLIENT_ID));
        if (c != null) {
            contexts.add(c);
        }
        if (c instanceof Closeable) {
            message.getExchange().getEndpoint().addCleanupHook((Closeable)c);
        }
    }
    if (contexts.size() == 1) {
        o = contexts.get(0);
    } else {
        o = contexts;
    }
    restMap.put(resource, o);
    return o;
}
 
Example #24
Source File: UsernameTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {

        boolean isReq = MessageUtils.isRequestor(message);
        boolean isOut = MessageUtils.isOutbound(message);
        if (isReq != isOut) {
            //outbound on server side and inbound on client side doesn't need
            //any username token stuff, assert policies and return
            assertUsernameTokens(message, null);
            return;
        }
        if (isReq) {
            if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            addUsernameToken(message);
        } else {
            if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
                //The full policy interceptors handled this
                return;
            }
            processUsernameToken(message);
        }
    }
 
Example #25
Source File: AbstractBindingBuilder.java    From steady with Apache License 2.0 6 votes vote down vote up
public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WSSecurityException {
    Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
                              SecurityConstants.ENCRYPT_PROPERTIES);
    boolean enableRevocation = MessageUtils.isTrue(
                                   message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
    if (enableRevocation && crypto != null) {
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
        if (encrUser == null) {
            try {
                encrUser = crypto.getDefaultX509Identifier();
            } catch (WSSecurityException e1) {
                throw new Fault(e1);
            }
        }
        cryptoType.setAlias(encrUser);
        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
        if (certs != null && certs.length > 0) {
            crypto.verifyTrust(certs, enableRevocation);
        }
    }
    return crypto;

}
 
Example #26
Source File: AbstractTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a token is required or not.
 * @param token the token
 * @param message The message
 * @return true if the token is required
 */
protected boolean isTokenRequired(
    Token token,
    Message message
) {
    IncludeTokenType inclusion = token.getInclusion();
    if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
        return false;
    } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
        return true;
    } else {
        boolean initiator = MessageUtils.isRequestor(message);
        if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
            return true;
        } else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
            || inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
            return true;
        }
        return false;
    }
}
 
Example #27
Source File: AbstractOutDatabindingInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected boolean writeToOutputStream(Message m, BindingInfo info, Service s) {
    /**
     * Yes, all this code is EXTREMELY ugly. But it gives about a 60-70% performance
     * boost with the JAXB RI, so its worth it.
     */

    if (s == null) {
        return false;
    }

    String enc = (String)m.get(Message.ENCODING);
    return "org.apache.cxf.binding.soap.model.SoapBindingInfo".equals(info.getClass().getName())
        && "org.apache.cxf.jaxb.JAXBDataBinding".equals(s.getDataBinding().getClass().getName())
        && !MessageUtils.isDOMPresent(m)
        && (enc == null || StandardCharsets.UTF_8.name().equals(enc));
}
 
Example #28
Source File: ClaimsAuthorizingInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (!(sc instanceof ClaimsSecurityContext)) {
        throw new AccessDeniedException("Security Context is unavailable or unrecognized");
    }

    Method method = MessageUtils.getTargetMethod(message).orElseThrow(() ->
        new AccessDeniedException("Method is not available : Unauthorized"));

    if (authorize((ClaimsSecurityContext)sc, method)) {
        return;
    }

    throw new AccessDeniedException("Unauthorized");
}
 
Example #29
Source File: UriInfoImpl.java    From cxf with Apache License 2.0 5 votes vote down vote up
private String getAbsolutePathAsString() {
    String address = getBaseUri().toString();
    if (MessageUtils.isRequestor(message)) {
        return address;
    }
    String path = doGetPath(false, false);
    if (path.startsWith("/") && address.endsWith("/")) {
        address = address.substring(0, address.length() - 1);
    }
    if (!path.isEmpty() && !path.startsWith("/") && !address.endsWith("/")) {
        address = address + "/";
    }
    return address + path;
}
 
Example #30
Source File: AbstractBraveInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
Message getEffectiveMessage() {
    boolean isRequestor = MessageUtils.isRequestor(message);
    boolean isOutbound = MessageUtils.isOutbound(message);
    if (isRequestor) {
        return isOutbound ? message : message.getExchange().getOutMessage();
    }
    return isOutbound ? message.getExchange().getInMessage() : message;
}