Example 1 with Fault
use of org.apache.cxf.interceptor.Fault in project midpoint by Evolveum.
the class SpringAuthenticationInjectorInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage message) throws Fault {
//Note: in constructor we have specified that we will be called after we have been successfully authenticated the user through WS-Security
//Now we will only set the Spring Authentication object based on the user found in the header
LOGGER.trace("Intercepted message: {}", message);
SOAPMessage saajSoapMessage = securityHelper.getSOAPMessage(message);
if (saajSoapMessage == null) {
LOGGER.error("No soap message in handler");
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
String username = null;
try {
username = securityHelper.getUsernameFromMessage(saajSoapMessage);
LOGGER.trace("Attempt to authenticate user '{}'", username);
if (StringUtils.isBlank(username)) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Empty username");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
MidPointPrincipal principal;
try {
principal = userDetailsService.getPrincipal(username);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Schema error: " + e.getMessage());
throw new Fault(e);
}
LOGGER.trace("Principal: {}", principal);
if (principal == null) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Account validity and credentials and all this stuff should be already checked
// in the password callback
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
String operationName;
try {
operationName = DOMUtil.getFirstChildElement(saajSoapMessage.getSOAPBody()).getLocalName();
} catch (SOAPException e) {
LOGGER.debug("Access to web service denied for user '{}': SOAP error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "SOAP error: " + e.getMessage());
throw new Fault(e);
}
// AUTHORIZATION
boolean isAuthorized;
try {
isAuthorized = securityEnforcer.isAuthorized(AuthorizationConstants.AUTZ_WS_ALL_URL, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service access (action: {}): {}", AuthorizationConstants.AUTZ_WS_ALL_URL, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
if (!isAuthorized) {
String action = QNameUtil.qNameToUri(new QName(AuthorizationConstants.NS_AUTHORIZATION_WS, operationName));
try {
isAuthorized = securityEnforcer.isAuthorized(action, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service operation {} (action: {}): {}", operationName, action, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
}
if (!isAuthorized) {
LOGGER.debug("Access to web service denied for user '{}': not authorized", username);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Not authorized");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
} catch (WSSecurityException e) {
LOGGER.debug("Access to web service denied for user '{}': security exception: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Security exception: " + e.getMessage());
throw new Fault(e, e.getFaultCode());
} catch (ObjectNotFoundException e) {
LOGGER.debug("Access to web service denied for user '{}': object not found: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Avoid auditing login attempt again if the operation fails on internal authorization
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
LOGGER.debug("Access to web service allowed for user '{}'", username);
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
QName(javax.xml.namespace.QName)
Fault(org.apache.cxf.interceptor.Fault)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
Authentication(org.springframework.security.core.Authentication)
SOAPException(javax.xml.soap.SOAPException)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 2 with Fault
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class MessageLossSimulator method handleMessage.
public void handleMessage(Message message) throws Fault {
Object maps = RMContextUtils.retrieveMAPs(message, false, true);
// RMContextUtils.ensureExposedVersion(maps);
String action = getAction(maps);
if (RMContextUtils.isRMProtocolMessage(action)) {
return;
}
appMessageCount++;
// do not discard odd-numbered messages
if (0 != (appMessageCount % 2)) {
return;
}
// discard even-numbered message
InterceptorChain chain = message.getInterceptorChain();
ListIterator<Interceptor<? extends Message>> it = chain.getIterator();
while (it.hasNext()) {
PhaseInterceptor<?> pi = (PhaseInterceptor<?>) it.next();
if (MessageSenderInterceptor.class.getName().equals(pi.getId())) {
chain.remove(pi);
LOG.debug("Removed MessageSenderInterceptor from interceptor chain.");
break;
}
}
message.setContent(OutputStream.class, new WrappedOutputStream(message));
message.getInterceptorChain().add(new AbstractPhaseInterceptor<Message>(Phase.PREPARE_SEND_ENDING) {
public void handleMessage(Message message) throws Fault {
try {
message.getContent(OutputStream.class).close();
} catch (IOException e) {
throw new Fault(e);
}
}
});
}
Also used :
Message(org.apache.cxf.message.Message)
AbstractPhaseInterceptor(org.apache.cxf.phase.AbstractPhaseInterceptor)
PhaseInterceptor(org.apache.cxf.phase.PhaseInterceptor)
Fault(org.apache.cxf.interceptor.Fault)
IOException(java.io.IOException)
InterceptorChain(org.apache.cxf.interceptor.InterceptorChain)
MessageSenderInterceptor(org.apache.cxf.interceptor.MessageSenderInterceptor)
AbstractWrappedOutputStream(org.apache.cxf.io.AbstractWrappedOutputStream)
Interceptor(org.apache.cxf.interceptor.Interceptor)
MessageSenderInterceptor(org.apache.cxf.interceptor.MessageSenderInterceptor)
AbstractPhaseInterceptor(org.apache.cxf.phase.AbstractPhaseInterceptor)
PhaseInterceptor(org.apache.cxf.phase.PhaseInterceptor)
Example 3 with Fault
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class DataInInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
DepthXMLStreamReader xmlReader = getXMLStreamReader(message);
try {
// put the payload source as a document
Document doc = StaxUtils.read(xmlReader);
message.setContent(Source.class, new DOMSource(doc));
} catch (XMLStreamException e) {
throw new Fault(new org.apache.cxf.common.i18n.Message("XMLSTREAM_EXCEPTION", JUL_LOG), e);
}
}
Also used :
DOMSource(javax.xml.transform.dom.DOMSource)
XMLStreamException(javax.xml.stream.XMLStreamException)
Message(org.apache.cxf.message.Message)
Fault(org.apache.cxf.interceptor.Fault)
DepthXMLStreamReader(org.apache.cxf.staxutils.DepthXMLStreamReader)
Document(org.w3c.dom.Document)
Example 4 with Fault
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class RawMessageWSDLGetOutInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
Document doc = (Document) message.get(RawMessageWSDLGetInterceptor.DOCUMENT_HOLDER);
if (doc == null) {
return;
}
message.remove(RawMessageWSDLGetInterceptor.DOCUMENT_HOLDER);
OutputStream out = message.getContent(OutputStream.class);
String enc = null;
try {
enc = doc.getXmlEncoding();
} catch (Exception ex) {
//ignore - not dom level 3
}
if (enc == null) {
enc = "utf-8";
}
XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(out, enc);
try {
StaxUtils.writeNode(doc, writer, true);
writer.flush();
} catch (XMLStreamException e) {
throw new Fault(e);
}
}
Also used :
XMLStreamException(javax.xml.stream.XMLStreamException)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
OutputStream(java.io.OutputStream)
Fault(org.apache.cxf.interceptor.Fault)
Document(org.w3c.dom.Document)
XMLStreamException(javax.xml.stream.XMLStreamException)
Example 5 with Fault
use of org.apache.cxf.interceptor.Fault in project ddf by codice.
the class AbstractOverrideInterceptor method handleMessage.
/**
* Adds the policy retrieved from the configured policy loader to this message as the override
* policy.
*
* @param message
*/
@Override
public void handleMessage(Message message) {
if (policy == null) {
PolicyBuilder builder = message.getExchange().getBus().getExtension(PolicyBuilder.class);
try {
policy = builder.getPolicy(loader.getPolicy().getDocumentElement());
LOGGER.trace("Read in policy, adding to policy override of message.");
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
} catch (Exception e) {
throw new Fault(e);
}
} else {
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
}
}
Also used :
Fault(org.apache.cxf.interceptor.Fault)
PolicyBuilder(org.apache.cxf.ws.policy.PolicyBuilder)
Aggregations
Fault (org.apache.cxf.interceptor.Fault)283
IOException (java.io.IOException)74
QName (javax.xml.namespace.QName)56
Message (org.apache.cxf.message.Message)52
XMLStreamException (javax.xml.stream.XMLStreamException)50
Element (org.w3c.dom.Element)42
Message (org.apache.cxf.common.i18n.Message)34
Exchange (org.apache.cxf.message.Exchange)30
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)30
SOAPException (javax.xml.soap.SOAPException)28
InputStream (java.io.InputStream)27
ArrayList (java.util.ArrayList)27
XMLStreamReader (javax.xml.stream.XMLStreamReader)26
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)26
BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)25
Test (org.junit.Test)24
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23
List (java.util.List)21
SOAPMessage (javax.xml.soap.SOAPMessage)21
MessagePartInfo (org.apache.cxf.service.model.MessagePartInfo)21
