Example 1 with SOAPFaultException
use of com.sun.identity.liberty.ws.soapbinding.SOAPFaultException in project OpenAM by OpenRock.
the class SPACSUtils method getResponseFromPostECP.
/**
* Obtains <code>SAML Response</code> from <code>SOAPBody</code>.
* Used by ECP profile.
*/
private static ResponseInfo getResponseFromPostECP(HttpServletRequest request, HttpServletResponse response, String orgName, String hostEntityId, SAML2MetaManager metaManager) throws SAML2Exception, IOException {
Message message = null;
try {
message = new Message(SOAPCommunicator.getInstance().getSOAPMessage(request));
} catch (SOAPException soapex) {
String[] data = { hostEntityId };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SOAP_MESSAGE_ECP, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateSOAPMessage", soapex.getMessage());
throw new SAML2Exception(soapex.getMessage());
} catch (SOAPBindingException soapex) {
String[] data = { hostEntityId };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SOAP_MESSAGE_ECP, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateSOAPMessage", soapex.getMessage());
throw new SAML2Exception(soapex.getMessage());
} catch (SOAPFaultException sfex) {
String[] data = { hostEntityId };
LogUtil.error(Level.INFO, LogUtil.RECEIVE_SOAP_FAULT_ECP, data, null);
String faultString = sfex.getSOAPFaultMessage().getSOAPFault().getFaultString();
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateSOAPMessage", faultString);
throw new SAML2Exception(faultString);
}
List soapHeaders = message.getOtherSOAPHeaders();
ECPRelayState ecpRelayState = null;
if ((soapHeaders != null) && (!soapHeaders.isEmpty())) {
for (Iterator iter = soapHeaders.iterator(); iter.hasNext(); ) {
Element headerEle = (Element) iter.next();
try {
ecpRelayState = ECPFactory.getInstance().createECPRelayState(headerEle);
break;
} catch (SAML2Exception saml2ex) {
// not ECP RelayState
}
}
}
String relayState = null;
if (ecpRelayState != null) {
relayState = ecpRelayState.getValue();
}
List soapBodies = message.getBodies();
if ((soapBodies == null) || (soapBodies.isEmpty())) {
String[] data = { hostEntityId };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SAML_RESPONSE_FROM_ECP, data, null);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "missingSAMLResponse", SAML2Utils.bundle.getString("missingSAMLResponse"));
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSAMLResponse"));
}
Element resElem = (Element) soapBodies.get(0);
Response resp = null;
try {
resp = ProtocolFactory.getInstance().createResponse(resElem);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP:" + "Couldn't create Response:", se);
}
String[] data = { hostEntityId };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_SAML_RESPONSE_FROM_ECP, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateResponse", se.getMessage());
throw se;
}
String idpEntityID = resp.getIssuer().getValue();
IDPSSODescriptorElement idpDesc = null;
try {
idpDesc = metaManager.getIDPSSODescriptor(orgName, idpEntityID);
} catch (SAML2MetaException se) {
String[] data = { orgName, idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToGetIDPSSODescriptor", se.getMessage());
throw se;
}
Set<X509Certificate> certificates = KeyUtil.getVerificationCerts(idpDesc, idpEntityID, SAML2Constants.IDP_ROLE);
List assertions = resp.getAssertion();
if ((assertions != null) && (!assertions.isEmpty())) {
for (Iterator iter = assertions.iterator(); iter.hasNext(); ) {
Assertion assertion = (Assertion) iter.next();
if (!assertion.isSigned()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP: " + " Assertion is not signed.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ECP_ASSERTION_NOT_SIGNED, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "assertionNotSigned", SAML2Utils.bundle.getString("assertionNotSigned"));
throw new SAML2Exception(SAML2Utils.bundle.getString("assertionNotSigned"));
} else if (!assertion.isSignatureValid(certificates)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponseFromPostECP: " + " Assertion signature is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ECP_ASSERTION_INVALID_SIGNATURE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
}
}
}
return new ResponseInfo(resp, SAML2Constants.PAOS, relayState);
}
Also used :
Message(com.sun.identity.liberty.ws.soapbinding.Message)
SOAPMessage(javax.xml.soap.SOAPMessage)
SOAPBindingException(com.sun.identity.liberty.ws.soapbinding.SOAPBindingException)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Assertion(com.sun.identity.saml2.assertion.Assertion)
SOAPFaultException(com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)
X509Certificate(java.security.cert.X509Certificate)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SOAPException(javax.xml.soap.SOAPException)
ECPRelayState(com.sun.identity.saml2.ecp.ECPRelayState)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 2 with SOAPFaultException
use of com.sun.identity.liberty.ws.soapbinding.SOAPFaultException in project OpenAM by OpenRock.
the class InteractionManager method handleInteraction.
/**
* Handles resource owner interactions on behalf of <code>WSP</code>.
* This is invoked at <code>WSP</code> side.
*
* @param requestMessage SOAP request that requires resource
* owner interactions
* @param inquiryElement query that <code>WSP</code> wants to pose to
* resource owner
* @param language language in which the query page needs to be rendered
* @return SOAP message that contains <code>InteractionResponse</code>,
* gathered by <code>InteractionManager</code>
*
* @throws InteractionException for generic interaction error
* @throws InteractionSOAPFaultException if a SOAP fault
* has to be returned to <code>WSC</code>
* @throws SOAPFaultException if the response message has SOAP fault
*
* @supported.api
*/
public Message handleInteraction(Message requestMessage, InquiryElement inquiryElement, String language) throws InteractionException, InteractionSOAPFaultException, SOAPFaultException {
if (debug.messageEnabled()) {
debug.message("InteractionManager.handleInteraction():entering");
}
//Check redirect is enabled for WSP
if (!interactionConfig.wspSupportsRedirect()) {
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + " WSP requests for interaction:wspWillRedirect=" + interactionConfig.wspSupportsRedirect());
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionException");
}
throw new InteractionException(INTERACTION_RB_NAME, "wsp_does_not_support_interaction", null);
}
//Check wsc provided UserInteraction header
UserInteractionElement ue = getUserInteractionElement(requestMessage);
if (ue == null) {
SOAPFaultException sfe = newRedirectFaultError(QNAME_INTERACTION_REQUIRED);
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + " WSP requests for interaction - WSC did not " + " provide UserInteractionHeader");
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
}
//Check WSC is willing to redirect
if (ue.isRedirect() == false) {
SOAPFaultException sfe = newRedirectFaultError(QNAME_INTERACTION_REQUIRED);
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + "WSP rquests for interaction - WSC " + " says redirect=false");
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
}
//Check WSC allowed interaction
if (ue.getInteract().equals(QNAME_DO_NOT_INTERACT)) {
SOAPFaultException sfe = newRedirectFaultError(QNAME_INTERACTION_REQUIRED);
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + "WSP rquests for interaction - WSC " + " UserInteractionHeader says doNotInteract");
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
}
//Check WSC allowed interaction for data
if (interactionConfig.wspRedirectsForData() && ue.getInteract().equals(QNAME_DO_NOT_INTERACT_FOR_DATA)) {
SOAPFaultException sfe = newRedirectFaultError(QNAME_INTERACTION_REQUIRED_FOR_DATA);
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + "WSP rquests interaction for data - WSC " + " UserInteractionHeader says doNotInteractForData");
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
}
//Check WSP will not exceed maxInteractionTime specified by WSC
BigInteger uemi = ue.getMaxInteractTime();
if ((uemi != null) && (interactionConfig.getWSPRedirectTime() > uemi.intValue())) {
SOAPFaultException sfe = newRedirectFaultError(QNAME_INTERACTION_TIME_NOT_SUFFICEINT);
if (debug.warningEnabled()) {
debug.warning("InteractionManager.handleInteraction():" + "WSP inteaction time =" + interactionConfig.getWSPRedirectTime() + " exceeds WSC maxInteractTime= " + ue.getMaxInteractTime());
debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
}
String requestMessageID = requestMessage.getCorrelationHeader().getMessageID();
SOAPFaultException sfe = newRedirectFault(requestMessageID);
String redirectResponseID = getResponseID(sfe);
String requestIP = requestMessage.getIPAddress();
String requestHost = null;
if (interactionConfig.wspEnforcesReturnToHostEqualsRequestHost()) {
try {
InetAddress inetAddress = InetAddress.getByName(requestIP);
//requestHost = inetAddress.getCanonicalHostName();
requestHost = inetAddress.getHostName();
if (debug.messageEnabled()) {
debug.message("InteractionManager.handleInteraction():" + " caching requestHost=" + requestHost + ", for redirectResponseID= " + redirectResponseID);
}
setRequestHost(redirectResponseID, requestHost);
} catch (UnknownHostException uhe) {
debug.error("InteractionManager.handleInteraction():" + " can not resolve host name", uhe);
debug.error("InteractionManager.handleInteraction():" + " throwing InteractionSOAPFaultException", sfe);
SOAPFaultException sfe1 = newRedirectFaultError(QNAME_INTERACTION_CAN_NOT_DETERMINE_REQUEST_HOST);
throw new InteractionSOAPFaultException(sfe1);
}
}
setInquiryElement(redirectResponseID, inquiryElement);
setRequestMessageID(redirectResponseID, requestMessageID);
setLanguage(redirectResponseID, language);
if (debug.messageEnabled()) {
debug.message("InteractionManager.handleInteraction():" + " throwing InteractionSOAPFaultException " + " to redirect user agent=" + sfe);
}
throw new InteractionSOAPFaultException(sfe);
//return responseMessage;
}
Also used :
UnknownHostException(java.net.UnknownHostException)
UserInteractionElement(com.sun.identity.liberty.ws.interaction.jaxb.UserInteractionElement)
BigInteger(java.math.BigInteger)
SOAPFaultException(com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)
InetAddress(java.net.InetAddress)
Example 3 with SOAPFaultException
use of com.sun.identity.liberty.ws.soapbinding.SOAPFaultException in project OpenAM by OpenRock.
the class InteractionManager method newRedirectFaultError.
private SOAPFaultException newRedirectFaultError(QName errorCode) {
StatusElement se = null;
try {
se = objectFactory.createStatusElement();
} catch (JAXBException je) {
debug.error("InteractionManager.newRedirectFaultError():" + " can not create StatusElement", je);
}
se.setCode(errorCode);
List details = new ArrayList();
try {
details.add(Utils.convertJAXBToElement(se));
} catch (JAXBException je) {
debug.error("InteractionManager.newRedirectFaultError():" + "can not create new RedirectFaultError:" + "can not convert JAXBObject to Element", je);
}
SOAPFault sf = new SOAPFault(QNAME_SERVER, SERVER_ERROR, FAULT_ACTOR, new SOAPFaultDetail(details));
SOAPFaultException sfe = new SOAPFaultException(new Message(sf));
return sfe;
}
Also used :
Message(com.sun.identity.liberty.ws.soapbinding.Message)
JAXBException(javax.xml.bind.JAXBException)
StatusElement(com.sun.identity.liberty.ws.interaction.jaxb.StatusElement)
ArrayList(java.util.ArrayList)
SOAPFaultDetail(com.sun.identity.liberty.ws.soapbinding.SOAPFaultDetail)
ArrayList(java.util.ArrayList)
List(java.util.List)
SOAPFault(com.sun.identity.liberty.ws.soapbinding.SOAPFault)
SOAPFaultException(com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)
Example 4 with SOAPFaultException
use of com.sun.identity.liberty.ws.soapbinding.SOAPFaultException in project OpenAM by OpenRock.
the class DSTRequestHandler method processRequest.
/**
* Processes the request for the given personal profile service request.
* @param msg SOAP Request message
* @return Message SOAP Response Message.
* @exception SOAPFaultException if the service requires an interaction.
* @exception Exception for any generic failure.
*/
public Message processRequest(Message msg) throws SOAPFaultException, Exception {
if (DSTUtils.debug.messageEnabled()) {
DSTUtils.debug.message("DSTRequestHandler:processRequest:" + "Request received: " + msg.toString());
}
List requestBodies = msg.getBodies();
requestBodies = Utils.convertElementToJAXB(requestBodies);
if (requestBodies == null || requestBodies.size() == 0) {
DSTUtils.debug.error("DSTRequestHandler:processRequest:" + "SOAPBodies are null");
throw new Exception(DSTUtils.bundle.getString("nullInputParams"));
}
Message response = null;
int securityProfile = msg.getSecurityProfileType();
if ((securityProfile == Message.X509_TOKEN) || (securityProfile == Message.SAML_TOKEN) || (securityProfile == Message.BEARER_TOKEN)) {
response = new Message(null, generateBinarySecurityToken(msg));
} else {
response = new Message();
}
response.setCorrelationHeader(msg.getCorrelationHeader());
response.setWSFVersion(msg.getWSFVersion());
List responseBodies = processSOAPBodies(requestBodies, msg, response);
responseBodies = Utils.convertJAXBToElement(responseBodies);
response.setSOAPBodies(responseBodies);
if (DSTUtils.debug.messageEnabled()) {
DSTUtils.debug.message("DSTRequestHandler:processRequest:" + "returned response: " + response.toString());
}
return response;
}
Also used :
Message(com.sun.identity.liberty.ws.soapbinding.Message)
ArrayList(java.util.ArrayList)
List(java.util.List)
SOAPFaultException(com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)
DSTException(com.sun.identity.liberty.ws.dst.DSTException)
Example 5 with SOAPFaultException
use of com.sun.identity.liberty.ws.soapbinding.SOAPFaultException in project OpenAM by OpenRock.
the class DSTClient method sendMessage.
/**
* Sends the SOAP Message to the data service.
* @param List of Request Objects.
* @return List of Response Objects.
* @exception DSTException for failure.
*/
private List sendMessage(List requestObjects) throws DSTException, InteractionRedirectException {
DSTUtils.debug.message("DSTClient:sendMessage:Init");
if (requestObjects == null || requestObjects.size() == 0) {
DSTUtils.debug.message("DSTClient:sendMessage: requestobj are null");
throw new DSTException(DSTUtils.bundle.getString("nullInputParams"));
}
try {
Message msg = null;
ProviderHeader provH = null;
if (providerID != null) {
provH = new ProviderHeader(providerID);
}
if (securityProfile == Message.X509_TOKEN) {
if (token == null) {
throw new DSTException(DSTUtils.bundle.getString("nullToken"));
}
DSTUtils.debug.message("DSTClient:sendMessage:using x509");
msg = new Message(provH, token);
} else if (securityProfile == Message.SAML_TOKEN) {
DSTUtils.debug.message("DSTClient:sendMessage:using SAML");
msg = new Message(provH, assertion);
} else if (securityProfile == Message.BEARER_TOKEN) {
DSTUtils.debug.message("DSTClient:sendMessage:using Bearer");
msg = new Message(provH, assertion);
} else if (securityProfile == Message.ANONYMOUS) {
DSTUtils.debug.message("DSTClient:sendMessage:using Anonymous");
msg = new Message(provH);
} else {
throw new DSTException(DSTUtils.bundle.getString("invalidSecurityProfile"));
}
msg.setSOAPBodies(requestObjects);
msg.setWSFVersion(wsfVersion);
if (clientAuthEnabled) {
msg.setClientAuthentication(clientAuthEnabled);
}
if (DSTUtils.debug.messageEnabled()) {
DSTUtils.debug.message("DSTClient:sendMessage: request:" + msg.toString());
}
Message response = null;
if (httpRequest != null) {
response = handleInteraction(msg);
} else {
response = Client.sendRequest(msg, soapURI, certAlias, soapAction);
}
if (DSTUtils.debug.messageEnabled()) {
DSTUtils.debug.message("DSTClient:sendMessage:response = " + response.toString());
}
serviceInstanceUpdateHeader = response.getServiceInstanceUpdateHeader();
return response.getBodies();
} catch (SOAPBindingException sbe) {
DSTUtils.debug.error("DSTClient:sendMessage:soapbindexception", sbe);
throw new DSTException(sbe);
} catch (SOAPFaultException sfe) {
DSTUtils.debug.error("DSTClient:sendMessage:soapfault", sfe);
serviceInstanceUpdateHeader = sfe.getSOAPFaultMessage().getServiceInstanceUpdateHeader();
throw new DSTException(sfe);
}
}
Also used :
Message(com.sun.identity.liberty.ws.soapbinding.Message)
ProviderHeader(com.sun.identity.liberty.ws.soapbinding.ProviderHeader)
SOAPBindingException(com.sun.identity.liberty.ws.soapbinding.SOAPBindingException)
SOAPFaultException(com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)
Aggregations
SOAPFaultException (com.sun.identity.liberty.ws.soapbinding.SOAPFaultException)9
Message (com.sun.identity.liberty.ws.soapbinding.Message)7
ArrayList (java.util.ArrayList)6
List (java.util.List)6
JAXBException (javax.xml.bind.JAXBException)4
SOAPBindingException (com.sun.identity.liberty.ws.soapbinding.SOAPBindingException)3
SOAPFault (com.sun.identity.liberty.ws.soapbinding.SOAPFault)3
SOAPFaultDetail (com.sun.identity.liberty.ws.soapbinding.SOAPFaultDetail)3
DSTException (com.sun.identity.liberty.ws.dst.DSTException)2
InteractionSOAPFaultException (com.sun.identity.liberty.ws.interaction.InteractionSOAPFaultException)2
InquiryElement (com.sun.identity.liberty.ws.interaction.jaxb.InquiryElement)2
RedirectRequestElement (com.sun.identity.liberty.ws.interaction.jaxb.RedirectRequestElement)2
StatusElement (com.sun.identity.liberty.ws.interaction.jaxb.StatusElement)2
UserInteractionElement (com.sun.identity.liberty.ws.interaction.jaxb.UserInteractionElement)2
Iterator (java.util.Iterator)2
Element (org.w3c.dom.Element)2
InteractionResponseElement (com.sun.identity.liberty.ws.interaction.jaxb.InteractionResponseElement)1
ServiceInstanceUpdate (com.sun.identity.liberty.ws.interfaces.ServiceInstanceUpdate)1
CorrelationHeader (com.sun.identity.liberty.ws.soapbinding.CorrelationHeader)1
ProviderHeader (com.sun.identity.liberty.ws.soapbinding.ProviderHeader)1
