Search in sources :

Example 1 with StreamReaderDelegate

use of javax.xml.stream.util.StreamReaderDelegate in project cxf by apache.

the class WSS4JStaxInInterceptor method handleMessage.

@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
    if (soapMessage.containsKey(SECURITY_PROCESSED) || isGET(soapMessage)) {
        return;
    }
    soapMessage.getInterceptorChain().add(new StaxStartBodyInterceptor());
    XMLStreamReader originalXmlStreamReader = soapMessage.getContent(XMLStreamReader.class);
    XMLStreamReader newXmlStreamReader;
    soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
    try {
        @SuppressWarnings("unchecked") List<SecurityEvent> requestSecurityEvents = (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
        WSSSecurityProperties secProps = createSecurityProperties();
        translateProperties(soapMessage, secProps);
        configureCallbackHandler(soapMessage, secProps);
        configureProperties(soapMessage, secProps);
        if (secProps.getActions() != null && secProps.getActions().size() > 0) {
            soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
        }
        if (secProps.getAttachmentCallbackHandler() == null) {
            secProps.setAttachmentCallbackHandler(new AttachmentCallbackHandler(soapMessage));
        }
        final TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(secProps.getCallbackHandler(), TokenStoreUtils.getTokenStore(soapMessage));
        secProps.setCallbackHandler(callbackHandler);
        setTokenValidators(secProps, soapMessage);
        secProps.setMsgContext(soapMessage);
        final List<SecurityEventListener> securityEventListeners = configureSecurityEventListeners(soapMessage, secProps);
        boolean returnSecurityError = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.RETURN_SECURITY_ERROR, false);
        final InboundWSSec inboundWSSec = WSSec.getInboundWSSec(secProps, MessageUtils.isRequestor(soapMessage), returnSecurityError);
        newXmlStreamReader = inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents, securityEventListeners);
        final Object provider = soapMessage.getExchange().get(Provider.class);
        if (provider != null && ThreadLocalSecurityProvider.isInstalled()) {
            newXmlStreamReader = new StreamReaderDelegate(newXmlStreamReader) {

                @Override
                public int next() throws XMLStreamException {
                    try {
                        ThreadLocalSecurityProvider.setProvider((Provider) provider);
                        return super.next();
                    } finally {
                        ThreadLocalSecurityProvider.unsetProvider();
                    }
                }
            };
        }
        soapMessage.setContent(XMLStreamReader.class, newXmlStreamReader);
        // Warning: The exceptions which can occur here are not security relevant exceptions
        // but configuration-errors. To catch security relevant exceptions you have to catch
        // them e.g.in the FaultOutInterceptor. Why? Because we do streaming security. This
        // interceptor doesn't handle the ws-security stuff but just setup the relevant stuff
        // for it. Exceptions will be thrown as a wrapped XMLStreamException during further
        // processing in the WS-Stack.
        soapMessage.put(SECURITY_PROCESSED, Boolean.TRUE);
    } catch (WSSecurityException e) {
        throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), e);
    } catch (XMLSecurityException e) {
        throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
    } catch (WSSPolicyException e) {
        throw new SoapFault(e.getMessage(), e, soapMessage.getVersion().getSender());
    } catch (XMLStreamException e) {
        throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) SoapFault(org.apache.cxf.binding.soap.SoapFault) XMLStreamReader(javax.xml.stream.XMLStreamReader) Message(org.apache.cxf.common.i18n.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) LinkedList(java.util.LinkedList) List(java.util.List) SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) Provider(java.security.Provider) ThreadLocalSecurityProvider(org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider) XMLStreamException(javax.xml.stream.XMLStreamException) StreamReaderDelegate(javax.xml.stream.util.StreamReaderDelegate) WSSPolicyException(org.apache.wss4j.common.WSSPolicyException) SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener) InboundWSSec(org.apache.wss4j.stax.setup.InboundWSSec)

Aggregations

Provider (java.security.Provider)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 XMLStreamReader (javax.xml.stream.XMLStreamReader)1 StreamReaderDelegate (javax.xml.stream.util.StreamReaderDelegate)1 SoapFault (org.apache.cxf.binding.soap.SoapFault)1 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1 Message (org.apache.cxf.common.i18n.Message)1 WSSPolicyException (org.apache.wss4j.common.WSSPolicyException)1 ThreadLocalSecurityProvider (org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)1 InboundWSSec (org.apache.wss4j.stax.setup.InboundWSSec)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1 SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)1