use of org.apache.cxf.interceptor.Fault in project cxf by apache.
the class SamlTokenTest method testSaml1TokenHOK.
/**
* This test creates a holder-of-key SAML1 Assertion, and sends it in the security header
* to the provider.
*/
@Test
public void testSaml1TokenHOK() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "password");
outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
callbackHandler.setSignAssertion(true);
outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
List<String> xpaths = Arrays.asList("//wsse:Security", "//wsse:Security/saml1:Assertion");
try {
makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
fail("Failure expected in SAML Validator");
} catch (Fault ex) {
// expected
}
validator.setRequireSenderVouches(false);
Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
assertTrue(receivedAssertion.isSigned());
actionResult = handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
assertNotNull(actionResult);
}
use of org.apache.cxf.interceptor.Fault in project cxf by apache.
the class SamlTokenTest method testSaml2TokenHOK.
/**
* This test creates a holder-of-key SAML2 Assertion, and sends it in the security header
* to the provider.
*/
@Test
public void testSaml2TokenHOK() throws Exception {
Map<String, Object> outProperties = new HashMap<>();
outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
outProperties.put(ConfigurationConstants.USER, "alice");
outProperties.put("password", "password");
outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
callbackHandler.setSignAssertion(true);
outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
List<String> xpaths = Arrays.asList("//wsse:Security", "//wsse:Security/saml2:Assertion");
try {
makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
fail("Failure expected in SAML Validator");
} catch (Fault ex) {
// expected
}
validator.setRequireSenderVouches(false);
try {
makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
fail("Failure expected in SAML Validator");
} catch (Fault ex) {
// expected
}
validator.setRequireSAML1Assertion(false);
Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
assertTrue(receivedAssertion.isSigned());
actionResult = handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
assertNotNull(actionResult);
}
use of org.apache.cxf.interceptor.Fault in project cxf by apache.
the class SecurityOutFaultInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
Fault fault = (Fault) message.getContent(Exception.class);
Throwable ex = fault.getCause();
if (!(ex instanceof SecurityException)) {
throw new RuntimeException("Security Exception is expected");
}
HttpServletResponse response = (HttpServletResponse) message.getExchange().getInMessage().get(AbstractHTTPDestination.HTTP_RESPONSE);
int status = ex instanceof AccessDeniedException ? 403 : 401;
response.setStatus(status);
try {
response.getOutputStream().write(ex.getMessage().getBytes());
response.getOutputStream().flush();
} catch (IOException iex) {
// ignore
}
message.getInterceptorChain().abort();
}
use of org.apache.cxf.interceptor.Fault in project cxf by apache.
the class PolicyVerificationInInterceptor method handle.
/**
* Determines the effective policy, and checks if one of its alternatives
* is supported.
*
* @param message
* @throws PolicyException if none of the alternatives is supported
*/
protected void handle(Message message) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
if (null == aim) {
return;
}
Exchange exchange = message.getExchange();
BindingOperationInfo boi = exchange.getBindingOperationInfo();
if (null == boi) {
LOG.fine("No binding operation info.");
return;
}
Endpoint e = exchange.getEndpoint();
if (null == e) {
LOG.fine("No endpoint.");
return;
}
Bus bus = exchange.getBus();
PolicyEngine pe = bus.getExtension(PolicyEngine.class);
if (null == pe) {
return;
}
if (MessageUtils.isPartialResponse(message)) {
LOG.fine("Not verifying policies on inbound partial response.");
return;
}
getTransportAssertions(message);
EffectivePolicy effectivePolicy = message.get(EffectivePolicy.class);
if (effectivePolicy == null) {
EndpointInfo ei = e.getEndpointInfo();
if (MessageUtils.isRequestor(message)) {
effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi, message);
} else {
effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi, message);
}
}
try {
List<List<Assertion>> usedAlternatives = aim.checkEffectivePolicy(effectivePolicy.getPolicy());
if (usedAlternatives != null && !usedAlternatives.isEmpty() && message.getExchange() != null) {
message.getExchange().put("ws-policy.validated.alternatives", usedAlternatives);
}
} catch (PolicyException ex) {
LOG.log(Level.SEVERE, "Inbound policy verification failed: " + ex.getMessage());
// exception to pass jaxws2.2 tests
if (ex.getMessage().indexOf("Addressing") > -1) {
throw new Fault("A required header representing a Message Addressing Property " + "is not present", LOG).setFaultCode(new QName("http://www.w3.org/2005/08/addressing", "MessageAddressingHeaderRequired"));
}
throw ex;
}
LOG.fine("Verified policies for inbound message.");
}
use of org.apache.cxf.interceptor.Fault in project cxf by apache.
the class MEXInInterceptor method createEndpoint.
private synchronized Endpoint createEndpoint(Message message) {
if (mexEndpoint == null) {
MEXJaxWsServerFactoryBean factory = new MEXJaxWsServerFactoryBean(message.getExchange().getBus());
try {
Endpoint endpoint = factory.createEndpoint();
endpoint.getService().setInvoker(new JAXWSMethodInvoker(ep));
mexEndpoint = endpoint;
} catch (Exception ex) {
throw new Fault(ex);
}
}
return mexEndpoint;
}
Aggregations