Example 46 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project midpoint by Evolveum.
the class WsFaultListener method faultOccurred.
@Override
public boolean faultOccurred(Exception exception, String description, Message message) {
LOGGER.trace("Handling fault: {}: {} - {}", new Object[] { exception, description, message, exception });
Object audited = message.getContextualProperty(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME);
if (audited != null && ((Boolean) audited)) {
return true;
}
if (exception instanceof PasswordCallbackException) {
return true;
}
if (exception.getCause() instanceof PasswordCallbackException) {
return true;
}
if (exception.getCause() != null && exception.getCause().getCause() instanceof PasswordCallbackException) {
return true;
}
try {
String auditMessage = exception.getMessage();
if (exception.getClass() != null) {
// Exception cause has much better message because CXF masks real messages in the SOAP faults.
auditMessage = exception.getCause().getMessage();
}
SOAPMessage saajSoapMessage = message.getContent(SOAPMessage.class);
String username = securityHelper.getUsernameFromMessage(saajSoapMessage);
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
securityHelper.auditLoginFailure(username, null, connEnv, auditMessage);
} catch (WSSecurityException e) {
// Ignore
LOGGER.trace("Exception getting username from soap message (probably safe to ignore)", e);
} catch (Exception e) {
LOGGER.error("Error auditing SOAP fault: " + e.getMessage(), e);
// but otherwise ignore it
}
return true;
}
Also used :
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPMessage(javax.xml.soap.SOAPMessage)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
Example 47 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project midpoint by Evolveum.
the class SpringAuthenticationInjectorInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage message) throws Fault {
//Note: in constructor we have specified that we will be called after we have been successfully authenticated the user through WS-Security
//Now we will only set the Spring Authentication object based on the user found in the header
LOGGER.trace("Intercepted message: {}", message);
SOAPMessage saajSoapMessage = securityHelper.getSOAPMessage(message);
if (saajSoapMessage == null) {
LOGGER.error("No soap message in handler");
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
String username = null;
try {
username = securityHelper.getUsernameFromMessage(saajSoapMessage);
LOGGER.trace("Attempt to authenticate user '{}'", username);
if (StringUtils.isBlank(username)) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Empty username");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
MidPointPrincipal principal;
try {
principal = userDetailsService.getPrincipal(username);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Schema error: " + e.getMessage());
throw new Fault(e);
}
LOGGER.trace("Principal: {}", principal);
if (principal == null) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Account validity and credentials and all this stuff should be already checked
// in the password callback
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
String operationName;
try {
operationName = DOMUtil.getFirstChildElement(saajSoapMessage.getSOAPBody()).getLocalName();
} catch (SOAPException e) {
LOGGER.debug("Access to web service denied for user '{}': SOAP error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "SOAP error: " + e.getMessage());
throw new Fault(e);
}
// AUTHORIZATION
boolean isAuthorized;
try {
isAuthorized = securityEnforcer.isAuthorized(AuthorizationConstants.AUTZ_WS_ALL_URL, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service access (action: {}): {}", AuthorizationConstants.AUTZ_WS_ALL_URL, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
if (!isAuthorized) {
String action = QNameUtil.qNameToUri(new QName(AuthorizationConstants.NS_AUTHORIZATION_WS, operationName));
try {
isAuthorized = securityEnforcer.isAuthorized(action, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service operation {} (action: {}): {}", operationName, action, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
}
if (!isAuthorized) {
LOGGER.debug("Access to web service denied for user '{}': not authorized", username);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Not authorized");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
} catch (WSSecurityException e) {
LOGGER.debug("Access to web service denied for user '{}': security exception: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Security exception: " + e.getMessage());
throw new Fault(e, e.getFaultCode());
} catch (ObjectNotFoundException e) {
LOGGER.debug("Access to web service denied for user '{}': object not found: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Avoid auditing login attempt again if the operation fails on internal authorization
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
LOGGER.debug("Access to web service allowed for user '{}'", username);
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
QName(javax.xml.namespace.QName)
Fault(org.apache.cxf.interceptor.Fault)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ConnectionEnvironment(com.evolveum.midpoint.security.api.ConnectionEnvironment)
Authentication(org.springframework.security.core.Authentication)
SOAPException(javax.xml.soap.SOAPException)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Example 48 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project jdk8u_jdk by JetBrains.
the class SaajEmptyNamespaceTest method createSoapMessage.
// Create SOAP message with empty body
private static SOAPMessage createSoapMessage() throws SOAPException, UnsupportedEncodingException {
String xml = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">" + "<SOAP-ENV:Body/></SOAP-ENV:Envelope>";
MessageFactory mFactory = MessageFactory.newInstance();
SOAPMessage msg = mFactory.createMessage();
msg.getSOAPPart().setContent(new StreamSource(new ByteArrayInputStream(xml.getBytes("utf-8"))));
return msg;
}
Also used :
MessageFactory(javax.xml.soap.MessageFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
StreamSource(javax.xml.transform.stream.StreamSource)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 49 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project jdk8u_jdk by JetBrains.
the class SaajEmptyNamespaceTest method testAddElementToNullNsNoDeclarations.
/*
* Test that adding element with explicitly null namespace URI shall put the
* element into global namespace. Namespace declarations are not added explicitly.
*/
@Test
public void testAddElementToNullNsNoDeclarations() throws Exception {
// Create empty SOAP message
SOAPMessage msg = createSoapMessage();
SOAPBody body = msg.getSOAPPart().getEnvelope().getBody();
// Add elements
SOAPElement parentExplicitNS = body.addChildElement("content", "", TEST_NS);
SOAPElement childGlobalNS = parentExplicitNS.addChildElement("global-child", "", null);
SOAPElement childDefaultNS = parentExplicitNS.addChildElement("default-child");
// Check namespace URIs
Assert.assertNull(childGlobalNS.getNamespaceURI());
Assert.assertEquals(childDefaultNS.getNamespaceURI(), TEST_NS);
}
Also used :
SOAPBody(javax.xml.soap.SOAPBody)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Test(org.testng.annotations.Test)
Example 50 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project jdk8u_jdk by JetBrains.
the class SaajEmptyNamespaceTest method testAddElementToGlobalNs.
/*
* Test that adding element with explicitly empty namespace URI shall put
* the element into global namespace.
*/
@Test
public void testAddElementToGlobalNs() throws Exception {
// Create empty SOAP message
SOAPMessage msg = createSoapMessage();
SOAPBody body = msg.getSOAPPart().getEnvelope().getBody();
// Add elements
SOAPElement parentExplicitNS = body.addChildElement("content", "", TEST_NS);
parentExplicitNS.addNamespaceDeclaration("", TEST_NS);
SOAPElement childGlobalNS = parentExplicitNS.addChildElement("global-child", "", "");
childGlobalNS.addNamespaceDeclaration("", "");
SOAPElement grandChildGlobalNS = childGlobalNS.addChildElement("global-grand-child");
SOAPElement childDefaultNS = parentExplicitNS.addChildElement("default-child");
// Check namespace URIs
Assert.assertNull(childGlobalNS.getNamespaceURI());
Assert.assertNull(grandChildGlobalNS.getNamespaceURI());
Assert.assertEquals(childDefaultNS.getNamespaceURI(), TEST_NS);
}
Also used :
SOAPBody(javax.xml.soap.SOAPBody)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Test(org.testng.annotations.Test)
Aggregations
SOAPMessage (javax.xml.soap.SOAPMessage)219
SOAPException (javax.xml.soap.SOAPException)87
SOAPBody (javax.xml.soap.SOAPBody)47
Test (org.junit.Test)46
InputStream (java.io.InputStream)45
QName (javax.xml.namespace.QName)45
Element (org.w3c.dom.Element)44
IOException (java.io.IOException)40
MessageFactory (javax.xml.soap.MessageFactory)40
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)30
SOAPElement (javax.xml.soap.SOAPElement)28
ByteArrayInputStream (java.io.ByteArrayInputStream)26
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)25
XMLStreamReader (javax.xml.stream.XMLStreamReader)25
Node (org.w3c.dom.Node)24
Document (org.w3c.dom.Document)22
URL (java.net.URL)21
SOAPPart (javax.xml.soap.SOAPPart)21
Exchange (org.apache.cxf.message.Exchange)19
MessageImpl (org.apache.cxf.message.MessageImpl)19
