Example 1 with SoapMessage
use of org.apache.cxf.binding.soap.SoapMessage in project ddf by codice.
the class IdpEndpoint method determineAuthMethod.
private AuthObj determineAuthMethod(String bodyStr, AuthnRequest authnRequest) {
XMLStreamReader xmlStreamReader = null;
try {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(new StringReader(bodyStr));
} catch (XMLStreamException e) {
LOGGER.debug("Unable to parse SOAP message from client.", e);
}
SoapMessage soapMessage = new SoapMessage(Soap11.getInstance());
SAAJInInterceptor.SAAJPreInInterceptor preInInterceptor = new SAAJInInterceptor.SAAJPreInInterceptor();
soapMessage.setContent(XMLStreamReader.class, xmlStreamReader);
preInInterceptor.handleMessage(soapMessage);
SAAJInInterceptor inInterceptor = new SAAJInInterceptor();
inInterceptor.handleMessage(soapMessage);
SOAPPart soapMessageContent = (SOAPPart) soapMessage.getContent(Node.class);
AuthObj authObj = new AuthObj();
try {
Iterator soapHeaderElements = soapMessageContent.getEnvelope().getHeader().examineAllHeaderElements();
while (soapHeaderElements.hasNext()) {
SOAPHeaderElement soapHeaderElement = (SOAPHeaderElement) soapHeaderElements.next();
if (soapHeaderElement.getLocalName().equals("Security")) {
Iterator childElements = soapHeaderElement.getChildElements();
while (childElements.hasNext()) {
Object nextElement = childElements.next();
if (nextElement instanceof SOAPElement) {
SOAPElement element = (SOAPElement) nextElement;
if (element.getLocalName().equals("UsernameToken")) {
Iterator usernameTokenElements = element.getChildElements();
Object next;
while (usernameTokenElements.hasNext()) {
if ((next = usernameTokenElements.next()) instanceof Element) {
Element nextEl = (Element) next;
if (nextEl.getLocalName().equals("Username")) {
authObj.username = nextEl.getTextContent();
} else if (nextEl.getLocalName().equals("Password")) {
authObj.password = nextEl.getTextContent();
}
}
}
if (authObj.username != null && authObj.password != null) {
authObj.method = USER_PASS;
break;
}
} else if (element.getLocalName().equals("Assertion") && element.getNamespaceURI().equals("urn:oasis:names:tc:SAML:2.0:assertion")) {
authObj.assertion = new SecurityToken(element.getAttribute("ID"), element, null, null);
authObj.method = SAML;
break;
}
}
}
}
}
} catch (SOAPException e) {
LOGGER.debug("Unable to parse SOAP message.", e);
}
RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
boolean requestingPki = false;
boolean requestingUp = false;
if (requestedAuthnContext != null) {
List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
for (AuthnContextClassRef authnContextClassRef : authnContextClassRefs) {
String authnContextClassRefStr = authnContextClassRef.getAuthnContextClassRef();
if (SAML2Constants.AUTH_CONTEXT_CLASS_REF_X509.equals(authnContextClassRefStr) || SAML2Constants.AUTH_CONTEXT_CLASS_REF_SMARTCARD_PKI.equals(authnContextClassRefStr) || SAML2Constants.AUTH_CONTEXT_CLASS_REF_SOFTWARE_PKI.equals(authnContextClassRefStr) || SAML2Constants.AUTH_CONTEXT_CLASS_REF_SPKI.equals(authnContextClassRefStr) || SAML2Constants.AUTH_CONTEXT_CLASS_REF_TLS_CLIENT.equals(authnContextClassRefStr)) {
requestingPki = true;
} else if (SAML2Constants.AUTH_CONTEXT_CLASS_REF_PASSWORD.equals(authnContextClassRefStr) || SAML2Constants.AUTH_CONTEXT_CLASS_REF_PASSWORD_PROTECTED_TRANSPORT.equals(authnContextClassRefStr)) {
requestingUp = true;
}
}
} else {
//The requested auth context isn't required so we don't know what they want... just set both to true
requestingPki = true;
requestingUp = true;
}
if (requestingUp && authObj.method != null && authObj.method.equals(USER_PASS)) {
LOGGER.trace("Found UsernameToken and correct AuthnContextClassRef");
return authObj;
} else if (requestingPki && authObj.method == null) {
LOGGER.trace("Found no token, but client requested PKI AuthnContextClassRef");
authObj.method = PKI;
return authObj;
} else if (authObj.method == null) {
LOGGER.debug("No authentication tokens found for the current request and the client did not request PKI authentication");
}
return authObj;
}
Also used :
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Node(org.w3c.dom.Node)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
Element(org.w3c.dom.Element)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SAAJInInterceptor(org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
XMLStreamException(javax.xml.stream.XMLStreamException)
SOAPException(javax.xml.soap.SOAPException)
StringReader(java.io.StringReader)
SOAPPart(javax.xml.soap.SOAPPart)
Iterator(java.util.Iterator)
SOAPElement(javax.xml.soap.SOAPElement)
SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject)
SignableXMLObject(org.opensaml.xmlsec.signature.SignableXMLObject)
XMLObject(org.opensaml.core.xml.XMLObject)
Example 2 with SoapMessage
use of org.apache.cxf.binding.soap.SoapMessage in project ddf by codice.
the class GuestInterceptor method internalHandleMessage.
private void internalHandleMessage(SoapMessage message, SOAPMessage soapMessage) throws Fault {
//Check if security header exists; if not, execute GuestInterceptor logic
String actor = (String) getOption(WSHandlerConstants.ACTOR);
if (actor == null) {
actor = (String) message.getContextualProperty(SecurityConstants.ACTOR);
}
Element existingSecurityHeader = null;
try {
LOGGER.debug("Checking for security header.");
existingSecurityHeader = WSSecurityUtil.getSecurityHeader(soapMessage.getSOAPPart(), actor);
} catch (WSSecurityException e1) {
LOGGER.debug("Issue with getting security header", e1);
}
if (existingSecurityHeader != null) {
LOGGER.debug("SOAP message contains security header, no action taken by the GuestInterceptor.");
return;
}
LOGGER.debug("Current request has no security header, continuing with GuestInterceptor");
AssertionInfoMap assertionInfoMap = message.get(AssertionInfoMap.class);
boolean hasAddressingAssertion = assertionInfoMap.entrySet().stream().flatMap(p -> p.getValue().stream()).filter(info -> MetadataConstants.ADDRESSING_ASSERTION_QNAME.equals(info.getAssertion().getName())).findFirst().isPresent();
if (hasAddressingAssertion) {
createAddressing(message, soapMessage);
}
LOGGER.debug("Creating guest security token.");
HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
SecurityToken securityToken = createSecurityToken(request.getRemoteAddr());
message.put(SecurityConstants.TOKEN, securityToken);
if (!MessageUtils.isRequestor(message)) {
try {
message.put(Message.REQUESTOR_ROLE, true);
policyBasedWss4jOutInterceptor.handleMessage(message);
} finally {
message.remove(Message.REQUESTOR_ROLE);
}
} else {
policyBasedWss4jOutInterceptor.handleMessage(message);
}
}
Also used :
WSSecurityUtil(org.apache.wss4j.dom.util.WSSecurityUtil)
StringUtils(org.apache.commons.lang.StringUtils)
EndpointReferenceType(org.apache.cxf.ws.addressing.EndpointReferenceType)
MetadataConstants(org.apache.cxf.ws.addressing.policy.MetadataConstants)
SOAPException(javax.xml.soap.SOAPException)
STSClientConfiguration(ddf.security.sts.client.configuration.STSClientConfiguration)
LoggerFactory(org.slf4j.LoggerFactory)
XMLUtils(org.codice.ddf.platform.util.XMLUtils)
SoapBindingConstants(org.apache.cxf.binding.soap.SoapBindingConstants)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
AbstractHTTPDestination(org.apache.cxf.transport.http.AbstractHTTPDestination)
SOAPElement(javax.xml.soap.SOAPElement)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Fault(org.apache.cxf.interceptor.Fault)
AttributedURIType(org.apache.cxf.ws.addressing.AttributedURIType)
PolicyBasedWSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
EncryptionService(ddf.security.encryption.EncryptionService)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Phase(org.apache.cxf.phase.Phase)
SAAJInInterceptor(org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)
ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager)
PolicyBasedWSS4JOutInterceptor(org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Logger(org.slf4j.Logger)
Security(org.codice.ddf.security.common.Security)
Message(org.apache.cxf.message.Message)
WSHandlerConstants(org.apache.wss4j.dom.handler.WSHandlerConstants)
Set(java.util.Set)
Subject(ddf.security.Subject)
UUID(java.util.UUID)
SecurityConstants(org.apache.cxf.ws.security.SecurityConstants)
TimeUnit(java.util.concurrent.TimeUnit)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
MessageUtils(org.apache.cxf.message.MessageUtils)
AbstractWSS4JInterceptor(org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor)
CacheBuilder(com.google.common.cache.CacheBuilder)
SOAPMessage(javax.xml.soap.SOAPMessage)
Cache(com.google.common.cache.Cache)
SecurityManager(ddf.security.service.SecurityManager)
SOAPFactory(javax.xml.soap.SOAPFactory)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SOAPElement(javax.xml.soap.SOAPElement)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 3 with SoapMessage
use of org.apache.cxf.binding.soap.SoapMessage in project tomee by apache.
the class EjbInterceptor method intercept.
@AroundInvoke
public Object intercept(InvocationContext context) throws Exception {
Endpoint endpoint = this.exchange.get(Endpoint.class);
Service service = endpoint.getService();
Binding binding = ((JaxWsEndpointImpl) endpoint).getJaxwsBinding();
this.exchange.put(InvocationContext.class, context);
if (binding.getHandlerChain() == null || binding.getHandlerChain().isEmpty()) {
// no handlers so let's just directly invoke the bean
log.debug("No handlers found.");
EjbMethodInvoker invoker = (EjbMethodInvoker) service.getInvoker();
return invoker.directEjbInvoke(this.exchange, this.method, this.params);
} else {
// have handlers so have to run handlers now and redo data binding
// as handlers can change the soap message
log.debug("Handlers found.");
Message inMessage = exchange.getInMessage();
PhaseInterceptorChain chain = new PhaseInterceptorChain(bus.getExtension(PhaseManager.class).getInPhases());
chain.setFaultObserver(endpoint.getOutFaultObserver());
/*
* Since we have to re-do data binding and the XMLStreamReader
* contents are already consumed by prior data binding step
* we have to reinitialize the XMLStreamReader from the SOAPMessage
* created by SAAJInInterceptor.
*/
if (inMessage instanceof SoapMessage) {
try {
reserialize((SoapMessage) inMessage);
} catch (Exception e) {
throw new ServerRuntimeException("Failed to reserialize soap message", e);
}
} else {
// TODO: how to handle XML/HTTP binding?
}
this.exchange.setOutMessage(null);
// install default interceptors
chain.add(new ServiceInvokerInterceptor());
//chain.add(new OutgoingChainInterceptor()); // it is already in the enclosing chain, if we add it there we are in the tx so we write the message in the tx!
// See http://cwiki.apache.org/CXF20DOC/interceptors.html
// install Holder and Wrapper interceptors
chain.add(new WrapperClassInInterceptor());
chain.add(new HolderInInterceptor());
// install interceptors for handler processing
chain.add(new MustUnderstandInterceptor());
chain.add(new LogicalHandlerInInterceptor(binding));
chain.add(new SOAPHandlerInterceptor(binding));
// install data binding interceptors - todo: check we need it
copyDataBindingInterceptors(chain, inMessage.getInterceptorChain());
InterceptorChain oldChain = inMessage.getInterceptorChain();
inMessage.setInterceptorChain(chain);
try {
chain.doIntercept(inMessage);
} finally {
inMessage.setInterceptorChain(oldChain);
}
// TODO: the result should be deserialized from SOAPMessage
Object result = getResult();
return result;
}
}
Also used :
Binding(javax.xml.ws.Binding)
PhaseInterceptorChain(org.apache.cxf.phase.PhaseInterceptorChain)
Message(org.apache.cxf.message.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SOAPMessage(javax.xml.soap.SOAPMessage)
HolderInInterceptor(org.apache.cxf.jaxws.interceptors.HolderInInterceptor)
SOAPHandlerInterceptor(org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor)
MustUnderstandInterceptor(org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor)
Service(org.apache.cxf.service.Service)
ServerRuntimeException(org.apache.openejb.server.ServerRuntimeException)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
InterceptorChain(org.apache.cxf.interceptor.InterceptorChain)
PhaseInterceptorChain(org.apache.cxf.phase.PhaseInterceptorChain)
Endpoint(org.apache.cxf.endpoint.Endpoint)
JaxWsEndpointImpl(org.apache.cxf.jaxws.support.JaxWsEndpointImpl)
LogicalHandlerInInterceptor(org.apache.cxf.jaxws.handler.logical.LogicalHandlerInInterceptor)
ServiceInvokerInterceptor(org.apache.cxf.interceptor.ServiceInvokerInterceptor)
ServerRuntimeException(org.apache.openejb.server.ServerRuntimeException)
WrapperClassInInterceptor(org.apache.cxf.jaxws.interceptors.WrapperClassInInterceptor)
AroundInvoke(javax.interceptor.AroundInvoke)
Example 4 with SoapMessage
use of org.apache.cxf.binding.soap.SoapMessage in project ddf by codice.
the class SamlProtocol method parseSoapMessage.
public static SOAPPart parseSoapMessage(String samlRequest) throws XMLStreamException {
XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(new StringReader(samlRequest));
SoapMessage soapMessage = new SoapMessage(Soap11.getInstance());
SAAJInInterceptor.SAAJPreInInterceptor preInInterceptor = new SAAJInInterceptor.SAAJPreInInterceptor();
soapMessage.setContent(XMLStreamReader.class, xmlStreamReader);
preInInterceptor.handleMessage(soapMessage);
SAAJInInterceptor inInterceptor = new SAAJInInterceptor();
inInterceptor.handleMessage(soapMessage);
return ((SOAPPart) soapMessage.getContent(Node.class));
}
Also used :
SAAJInInterceptor(org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StringReader(java.io.StringReader)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
Aggregations
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)4
SAAJInInterceptor (org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)3
StringReader (java.io.StringReader)2
SOAPElement (javax.xml.soap.SOAPElement)2
SOAPException (javax.xml.soap.SOAPException)2
SOAPMessage (javax.xml.soap.SOAPMessage)2
XMLStreamReader (javax.xml.stream.XMLStreamReader)2
Message (org.apache.cxf.message.Message)2
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)2
Element (org.w3c.dom.Element)2
Cache (com.google.common.cache.Cache)1
CacheBuilder (com.google.common.cache.CacheBuilder)1
Subject (ddf.security.Subject)1
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
EncryptionService (ddf.security.encryption.EncryptionService)1
SecurityManager (ddf.security.service.SecurityManager)1
STSClientConfiguration (ddf.security.sts.client.configuration.STSClientConfiguration)1
Iterator (java.util.Iterator)1
Set (java.util.Set)1
UUID (java.util.UUID)1
