use of org.apache.cxf.interceptor.Fault in project midpoint by Evolveum.
the class SpringAuthenticationInjectorInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage message) throws Fault {
//Note: in constructor we have specified that we will be called after we have been successfully authenticated the user through WS-Security
//Now we will only set the Spring Authentication object based on the user found in the header
LOGGER.trace("Intercepted message: {}", message);
SOAPMessage saajSoapMessage = securityHelper.getSOAPMessage(message);
if (saajSoapMessage == null) {
LOGGER.error("No soap message in handler");
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
ConnectionEnvironment connEnv = ConnectionEnvironment.create(SchemaConstants.CHANNEL_WEB_SERVICE_URI);
String username = null;
try {
username = securityHelper.getUsernameFromMessage(saajSoapMessage);
LOGGER.trace("Attempt to authenticate user '{}'", username);
if (StringUtils.isBlank(username)) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Empty username");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
MidPointPrincipal principal;
try {
principal = userDetailsService.getPrincipal(username);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Schema error: " + e.getMessage());
throw new Fault(e);
}
LOGGER.trace("Principal: {}", principal);
if (principal == null) {
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Account validity and credentials and all this stuff should be already checked
// in the password callback
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
String operationName;
try {
operationName = DOMUtil.getFirstChildElement(saajSoapMessage.getSOAPBody()).getLocalName();
} catch (SOAPException e) {
LOGGER.debug("Access to web service denied for user '{}': SOAP error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "SOAP error: " + e.getMessage());
throw new Fault(e);
}
// AUTHORIZATION
boolean isAuthorized;
try {
isAuthorized = securityEnforcer.isAuthorized(AuthorizationConstants.AUTZ_WS_ALL_URL, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service access (action: {}): {}", AuthorizationConstants.AUTZ_WS_ALL_URL, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
if (!isAuthorized) {
String action = QNameUtil.qNameToUri(new QName(AuthorizationConstants.NS_AUTHORIZATION_WS, operationName));
try {
isAuthorized = securityEnforcer.isAuthorized(action, AuthorizationPhaseType.REQUEST, null, null, null, null);
LOGGER.trace("Determined authorization for web service operation {} (action: {}): {}", operationName, action, isAuthorized);
} catch (SchemaException e) {
LOGGER.debug("Access to web service denied for user '{}': schema error: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Schema error: " + e.getMessage());
throw createFault(WSSecurityException.ErrorCode.FAILURE);
}
}
if (!isAuthorized) {
LOGGER.debug("Access to web service denied for user '{}': not authorized", username);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, principal.getUser(), connEnv, "Not authorized");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
} catch (WSSecurityException e) {
LOGGER.debug("Access to web service denied for user '{}': security exception: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "Security exception: " + e.getMessage());
throw new Fault(e, e.getFaultCode());
} catch (ObjectNotFoundException e) {
LOGGER.debug("Access to web service denied for user '{}': object not found: {}", username, e.getMessage(), e);
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
securityHelper.auditLoginFailure(username, null, connEnv, "No user");
throw createFault(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Avoid auditing login attempt again if the operation fails on internal authorization
message.put(SecurityHelper.CONTEXTUAL_PROPERTY_AUDITED_NAME, true);
LOGGER.debug("Access to web service allowed for user '{}'", username);
}
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class MessageLossSimulator method handleMessage.
public void handleMessage(Message message) throws Fault {
Object maps = RMContextUtils.retrieveMAPs(message, false, true);
// RMContextUtils.ensureExposedVersion(maps);
String action = getAction(maps);
if (RMContextUtils.isRMProtocolMessage(action)) {
return;
}
appMessageCount++;
// do not discard odd-numbered messages
if (0 != (appMessageCount % 2)) {
return;
}
// discard even-numbered message
InterceptorChain chain = message.getInterceptorChain();
ListIterator<Interceptor<? extends Message>> it = chain.getIterator();
while (it.hasNext()) {
PhaseInterceptor<?> pi = (PhaseInterceptor<?>) it.next();
if (MessageSenderInterceptor.class.getName().equals(pi.getId())) {
chain.remove(pi);
LOG.debug("Removed MessageSenderInterceptor from interceptor chain.");
break;
}
}
message.setContent(OutputStream.class, new WrappedOutputStream(message));
message.getInterceptorChain().add(new AbstractPhaseInterceptor<Message>(Phase.PREPARE_SEND_ENDING) {
public void handleMessage(Message message) throws Fault {
try {
message.getContent(OutputStream.class).close();
} catch (IOException e) {
throw new Fault(e);
}
}
});
}
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class DataInInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
DepthXMLStreamReader xmlReader = getXMLStreamReader(message);
try {
// put the payload source as a document
Document doc = StaxUtils.read(xmlReader);
message.setContent(Source.class, new DOMSource(doc));
} catch (XMLStreamException e) {
throw new Fault(new org.apache.cxf.common.i18n.Message("XMLSTREAM_EXCEPTION", JUL_LOG), e);
}
}
use of org.apache.cxf.interceptor.Fault in project camel by apache.
the class RawMessageWSDLGetOutInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
Document doc = (Document) message.get(RawMessageWSDLGetInterceptor.DOCUMENT_HOLDER);
if (doc == null) {
return;
}
message.remove(RawMessageWSDLGetInterceptor.DOCUMENT_HOLDER);
OutputStream out = message.getContent(OutputStream.class);
String enc = null;
try {
enc = doc.getXmlEncoding();
} catch (Exception ex) {
//ignore - not dom level 3
}
if (enc == null) {
enc = "utf-8";
}
XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(out, enc);
try {
StaxUtils.writeNode(doc, writer, true);
writer.flush();
} catch (XMLStreamException e) {
throw new Fault(e);
}
}
use of org.apache.cxf.interceptor.Fault in project ddf by codice.
the class AbstractOverrideInterceptor method handleMessage.
/**
* Adds the policy retrieved from the configured policy loader to this message as the override
* policy.
*
* @param message
*/
@Override
public void handleMessage(Message message) {
if (policy == null) {
PolicyBuilder builder = message.getExchange().getBus().getExtension(PolicyBuilder.class);
try {
policy = builder.getPolicy(loader.getPolicy().getDocumentElement());
LOGGER.trace("Read in policy, adding to policy override of message.");
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
} catch (Exception e) {
throw new Fault(e);
}
} else {
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
}
}
Aggregations