Examples with SoapOperationInfo - org.apache.cxf.binding.soap.model.SoapOperationInfo

Example 1 with SoapOperationInfo

use of org.apache.cxf.binding.soap.model.SoapOperationInfo in project ddf by codice.

the class PEPAuthorizingInterceptor method getActionUri.

/**
     * This method is an implementation of the WSA-M and WSA-W specs for determining the action URI.<br>
     * <ul>
     * <li>http://www.w3.org/TR/ws-addr-metadata/#actioninwsdl</li>
     * <li>http://www.w3.org/TR/ws-addr-wsdl/#actioninwsdl</li>
     * </ul>
     * Adapted from {@link org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl} and
     * {@link org.apache.cxf.ws.addressing.impl.InternalContextUtils}
     *
     * @param message
     * @return
     */
private String getActionUri(Message message) {
    String actionURI = null;
    /**
         * See if the action is explicitly defined in the WSDL message service model. Retrieves one
         * of the Action attribute in the wsdl:input message.
         */
    MessageInfo msgInfo = (MessageInfo) message.get(MessageInfo.class.getName());
    if (msgInfo != null && msgInfo.getExtensionAttributes() != null) {
        // wsaw:Action
        Object attr = msgInfo.getExtensionAttribute(JAXWSAConstants.WSAW_ACTION_QNAME);
        // wsam:Action
        if (attr == null) {
            attr = msgInfo.getExtensionAttribute(JAXWSAConstants.WSAM_ACTION_QNAME);
        }
        // support for older usages
        if (attr == null) {
            attr = msgInfo.getExtensionAttributes().get(new QName(JAXWSAConstants.NS_WSA, Names.WSAW_ACTION_NAME));
        }
        if (attr == null) {
            attr = msgInfo.getExtensionAttributes().get(new QName(Names.WSA_NAMESPACE_WSDL_NAME_OLD, Names.WSAW_ACTION_NAME));
        }
        if (attr instanceof QName) {
            actionURI = ((QName) attr).getLocalPart();
        } else {
            actionURI = attr == null ? null : attr.toString();
        }
    }
    /**
         * See if the action is explicitly defined in the WSDL operation service model. Retrieves
         * the operation soap:soapAction property.
         */
    if (StringUtils.isEmpty(actionURI)) {
        BindingOperationInfo bindingOpInfo = message.getExchange().get(BindingOperationInfo.class);
        SoapOperationInfo soi = null;
        if (bindingOpInfo != null) {
            soi = bindingOpInfo.getExtensor(SoapOperationInfo.class);
            if (soi == null && bindingOpInfo.isUnwrapped()) {
                soi = bindingOpInfo.getWrappedOperation().getExtensor(SoapOperationInfo.class);
            }
        }
        actionURI = soi == null ? null : soi.getAction();
        actionURI = StringUtils.isEmpty(actionURI) ? null : actionURI;
    }
    /**
         * If the service model doesn't explicitly defines the action, we'll construct the default
         * URI string.
         */
    if (StringUtils.isEmpty(actionURI)) {
        QName op = (QName) message.get(MessageContext.WSDL_OPERATION);
        QName port = (QName) message.get(MessageContext.WSDL_PORT);
        if (op != null && port != null) {
            actionURI = port.getNamespaceURI();
            actionURI = addPath(actionURI, port.getLocalPart());
            actionURI = addPath(actionURI, op.getLocalPart() + "Request");
        }
    }
    return actionURI;
}

Also used : BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) QName(javax.xml.namespace.QName) SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo) MessageInfo(org.apache.cxf.service.model.MessageInfo)

Example 2 with SoapOperationInfo

use of org.apache.cxf.binding.soap.model.SoapOperationInfo in project ddf by codice.

the class TestPepInterceptorActions method testMessageWithOperationAction.

@Test
public void testMessageWithOperationAction() throws SecurityServiceException {
    PEPAuthorizingInterceptor interceptor = new PEPAuthorizingInterceptor();
    SecurityManager mockSecurityManager = mock(SecurityManager.class);
    interceptor.setSecurityManager(mockSecurityManager);
    Message messageWithAction = mock(Message.class);
    SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
    SecurityToken mockSecurityToken = mock(SecurityToken.class);
    Subject mockSubject = mock(Subject.class);
    assertNotNull(mockSecurityAssertion);
    PowerMockito.mockStatic(SecurityAssertionStore.class);
    PowerMockito.mockStatic(SecurityLogger.class);
    when(SecurityAssertionStore.getSecurityAssertion(messageWithAction)).thenReturn(mockSecurityAssertion);
    // SecurityLogger is already stubbed out
    when(mockSecurityAssertion.getSecurityToken()).thenReturn(mockSecurityToken);
    when(mockSecurityToken.getToken()).thenReturn(null);
    when(mockSecurityManager.getSubject(mockSecurityToken)).thenReturn(mockSubject);
    Exchange mockExchange = mock(Exchange.class);
    BindingOperationInfo mockBOI = mock(BindingOperationInfo.class);
    SoapOperationInfo mockSOI = mock(SoapOperationInfo.class);
    when(messageWithAction.getExchange()).thenReturn(mockExchange);
    when(mockExchange.get(BindingOperationInfo.class)).thenReturn(mockBOI);
    when(mockBOI.getExtensor(SoapOperationInfo.class)).thenReturn(mockSOI);
    when(mockSOI.getAction()).thenReturn("urn:catalog:query:query-port:search");
    doAnswer(new Answer<Boolean>() {

        @Override
        public Boolean answer(InvocationOnMock invocation) throws Throwable {
            CollectionPermission perm = (CollectionPermission) invocation.getArguments()[0];
            assertEquals("urn:catalog:query:query-port:search", perm.getAction());
            return true;
        }
    }).when(mockSubject).isPermitted(isA(CollectionPermission.class));
    // This should work.
    interceptor.handleMessage(messageWithAction);
    PowerMockito.verifyStatic();
}

Also used : BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo) SecurityManager(ddf.security.service.SecurityManager) Message(org.apache.cxf.message.Message) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Exchange(org.apache.cxf.message.Exchange) InvocationOnMock(org.mockito.invocation.InvocationOnMock) SoapOperationInfo(org.apache.cxf.binding.soap.model.SoapOperationInfo) CollectionPermission(ddf.security.permission.CollectionPermission) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

SoapOperationInfo (org.apache.cxf.binding.soap.model.SoapOperationInfo)2 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)2 Subject (ddf.security.Subject)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 CollectionPermission (ddf.security.permission.CollectionPermission)1 SecurityManager (ddf.security.service.SecurityManager)1 QName (javax.xml.namespace.QName)1 Exchange (org.apache.cxf.message.Exchange)1 Message (org.apache.cxf.message.Message)1 MessageInfo (org.apache.cxf.service.model.MessageInfo)1 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)1 Test (org.junit.Test)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1