Examples with SOAPMessage javax.xml.soap.SOAPMessage used on opensource projects

Example 31 with SOAPMessage

use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.

the class AssertionIDRequestServiceSOAP method doGetPost.

private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    // handle DOS attack
    SAMLUtils.checkHTTPContentLength(req);
    String pathInfo = req.getPathInfo();
    if (pathInfo == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestServiceSOAP.doGetPost: " + "pathInfo is null.");
        }
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
        return;
    }
    String role = null;
    int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
    if (index > 2) {
        role = pathInfo.substring(1, index - 1);
    }
    String samlAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
    String samlAuthorityEntityID = null;
    String realm = null;
    try {
        samlAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(samlAuthorityMetaAlias);
        realm = SAML2MetaUtils.getRealmByMetaAlias(samlAuthorityMetaAlias);
    } catch (SAML2Exception sme) {
        SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", sme);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
        return;
    }
    if (!SAML2Utils.isIDPProfileBindingSupported(realm, samlAuthorityEntityID, SAML2Constants.ASSERTION_ID_REQUEST_SERVICE, SAML2Constants.SOAP)) {
        SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:Assertion ID request" + " service SOAP binding is not supported for " + samlAuthorityEntityID);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
        return;
    }
    AssertionIDRequest assertionIDRequest = null;
    try {
        SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
        Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ASSERTION_ID_REQUEST);
        assertionIDRequest = ProtocolFactory.getInstance().createAssertionIDRequest(elem);
    } catch (Exception ex) {
        SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:", ex);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAssertionIDRequest", ex.getMessage());
        return;
    }
    SOAPMessage replymsg = null;
    try {
        Response samlResp = AssertionIDRequestUtil.processAssertionIDRequest(assertionIDRequest, req, resp, samlAuthorityEntityID, role, realm);
        replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
    } catch (Throwable t) {
        SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
        replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
    }
    try {
        if (replymsg.saveRequired()) {
            replymsg.saveChanges();
        }
        resp.setStatus(HttpServletResponse.SC_OK);
        SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
        OutputStream os = resp.getOutputStream();
        replymsg.writeTo(os);
        os.flush();
    } catch (SOAPException soap) {
        SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", soap);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
        return;
    }
}

Example 32 with SOAPMessage

use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.

the class AttributeServiceSOAP method doGetPost.

private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    // handle DOS attack
    SAMLUtils.checkHTTPContentLength(req);
    AttributeQuery attrQuery = null;
    try {
        SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
        Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ATTRIBUTE_QUERY);
        attrQuery = ProtocolFactory.getInstance().createAttributeQuery(elem);
    } catch (Exception ex) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost:", ex);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAttributeQuery", ex.getMessage());
        return;
    }
    String pathInfo = req.getPathInfo();
    if (pathInfo == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeServiceSOAP.doGetPost: " + "pathInfo is null.");
        }
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
        return;
    }
    String attrQueryProfileAlias = null;
    int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
    if (index > 2) {
        attrQueryProfileAlias = pathInfo.substring(1, index - 1);
    }
    String attrAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
    String attrAuthorityEntityID = null;
    String realm = null;
    try {
        attrAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrAuthorityMetaAlias);
        realm = SAML2MetaUtils.getRealmByMetaAlias(attrAuthorityMetaAlias);
    } catch (SAML2Exception sme) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", sme);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
        return;
    }
    SOAPMessage replymsg = null;
    try {
        Response samlResp = AttributeQueryUtil.processAttributeQuery(attrQuery, req, resp, attrAuthorityEntityID, realm, attrQueryProfileAlias);
        replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
    } catch (Throwable t) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
        replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
    }
    try {
        if (replymsg.saveRequired()) {
            replymsg.saveChanges();
        }
        resp.setStatus(HttpServletResponse.SC_OK);
        SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
        OutputStream os = resp.getOutputStream();
        replymsg.writeTo(os);
        os.flush();
    } catch (SOAPException soap) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", soap);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
        return;
    }
}

Example 33 with SOAPMessage

use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.

the class SOAPReceiver method FormSOAPError.

/**
     * Constructs a SOAPMessage with specified fault code and fault string.
     * The fault code will have same namespace of soap envelope.
     *
     * @param req the request Message
     * @param faultCode the fault code
     * @param faultString the fault string
     * @return the SOAPMessage object
     */
private SOAPMessage FormSOAPError(Message req, String faultCode, String faultString) {
    String logMsg;
    if (req == null) {
        logMsg = faultString;
    } else {
        logMsg = Utils.bundle.getString("messageID") + "=" + req.getCorrelationHeader().getMessageID() + ". " + faultString;
    }
    String[] data = { logMsg };
    LogUtil.error(Level.INFO, LogUtil.WS_FAILURE, data);
    try {
        SOAPFault sf = new SOAPFault(new QName(SOAPBindingConstants.NS_SOAP, faultCode), faultString);
        Message resp = new Message(sf);
        return resp.toSOAPMessage();
    } catch (Exception e) {
        Utils.debug.error("SOAPReceiver.FormSOAPError: ", e);
    }
    return null;
}

Example 34 with SOAPMessage

use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.

the class MessageProcessor method validateRequest.

/**
     * This method is used to validate the SOAP Message Request by the
     * processing rules of Liberty SOAPBinding specifications.
     *
     * @param soapMessage SOAPMessage that needs to be validated.
     * @param subject Subject that may be used to populate the authenticated
     *        entity/user principal and any other credential information.
     * @param sharedData that may be used to store any data needed between
     *        the request and response.
     * @param httpRequest HttpServletRequest associated with this SOAP
     *        Message request.
     * @return Object Credential object after successful validation.
     * @throws SOAPBindingException for any error occured during validation.
     */
public Object validateRequest(SOAPMessage soapMessage, Subject subject, Map sharedData, HttpServletRequest httpRequest) throws SOAPBindingException {
    Utils.debug.message("SOAPProvider.validateRequest : Init");
    Message req = null;
    try {
        req = new Message(soapMessage);
        sharedData.put(SOAPBindingConstants.LIBERTY_REQUEST, req);
        if (req.getSecurityProfileType() != Message.ANONYMOUS && !SecurityUtils.verifyMessage(req)) {
            Utils.debug.error("MessageProcessor.validateRequest: Signature" + "Verification failed.");
            throw new SOAPBindingException(Utils.bundle.getString("cannotVerifySignature"));
        }
        Utils.enforceProcessingRules(req, null, true);
        if (_config != null) {
            String authMech = req.getAuthenticationMechanism();
            if (authMech == null || !_config.getSupportedAuthenticationMechanisms().contains(authMech)) {
                throw new SOAPBindingException(Utils.bundle.getString("unsupportedAuthMech"));
            }
        } else {
            throw new SOAPBindingException(Utils.bundle.getString("nullConfiguration"));
        }
        return _config.getAuthenticator().authenticate(req, subject, sharedData, httpRequest);
    } catch (SOAPBindingException sbe) {
        Utils.debug.error("MessageProcessor.validateRequest: Request" + "Validation has failed.", sbe);
        throw sbe;
    } catch (SOAPFaultException sfe) {
        Utils.debug.error("MessageProcessor.validateRequest: SOAPFault" + "Exception.", sfe);
        throw new SOAPBindingException(Utils.bundle.getString("soapFaultException"));
    }
}

Example 35 with SOAPMessage

use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.

the class MessageProcessor method secureResponse.

/**
     * Secures the SOAP Message response by adding necessary headers to the
     * given SOAP Message and also signs the message if it is required.
     * @param soapMessage SOAP Message that needs to be secured.
     * @param sharedData Any shared data that may be needed between the request
     *                   and response.
     * @return SOAPMessage Secured SOAP Message by adding liberty headers
     *         and also signs the message if configured.
     * @throws SOAPBindingException for any failure.
     */
public SOAPMessage secureResponse(SOAPMessage soapMessage, Map sharedData) throws SOAPBindingException {
    Utils.debug.message("MessageProcessor.secureResponse : Init");
    try {
        Message req = (Message) sharedData.get(SOAPBindingConstants.LIBERTY_REQUEST);
        addCorrelationHeader(soapMessage, req);
        if (_config.isResponseSignEnabled()) {
            soapMessage = signMessage(soapMessage, null, null);
        }
        if (Utils.debug.messageEnabled()) {
            Utils.debug.message("MessageProcessor.secureResponse: " + XMLUtils.print(soapMessage.getSOAPPart().getEnvelope()));
        }
        return soapMessage;
    } catch (Exception ex) {
        Utils.debug.error("MessageProcessor.secureResponse: " + "Failed in securing the response", ex);
        throw new SOAPBindingException(Utils.bundle.getString("secureResponseFailed"));
    }
}