use of org.apache.cxf.interceptor.Fault in project midpoint by Evolveum.
the class CustomDataWriter method write.
@Override
public void write(Object obj, MessagePartInfo part, XMLStreamWriter output) {
QName rootElement = part.getElementQName();
Element serialized;
try {
serialized = prismContex.domSerializer().serializeAnyData(obj, rootElement);
StaxUtils.copy(serialized, output);
// output.writeCharacters(serialized);
} catch (SchemaException | XMLStreamException e) {
// TODO Auto-generated catch block
throw new Fault(e);
}
}
use of org.apache.cxf.interceptor.Fault in project midpoint by Evolveum.
the class ReportWebService method evaluateAuditScript.
@Override
public AuditEventRecordListType evaluateAuditScript(String script, RemoteReportParametersType parameters) {
try {
Map<QName, Object> params = getParamsMap(parameters);
Collection<AuditEventRecord> resultList = reportService.evaluateAuditScript(script, params);
return createAuditEventRecordListType(resultList);
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException e) {
// TODO Auto-generated catch block
throw new Fault(e);
}
}
use of org.apache.cxf.interceptor.Fault in project ddf by codice.
the class AbstractOverrideInterceptor method handleMessage.
/**
* Adds the policy retrieved from the configured policy loader to this message as the override
* policy.
*
* @param message
*/
@Override
public void handleMessage(Message message) {
if (policy == null) {
PolicyBuilder builder = message.getExchange().getBus().getExtension(PolicyBuilder.class);
try {
policy = builder.getPolicy(loader.getPolicy().getDocumentElement());
LOGGER.trace("Read in policy, adding to policy override of message.");
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
} catch (Exception e) {
throw new Fault(e);
}
} else {
message.put(PolicyConstants.POLICY_OVERRIDE, policy);
}
}
use of org.apache.cxf.interceptor.Fault in project ddf by codice.
the class GuestInterceptor method internalHandleMessage.
private void internalHandleMessage(SoapMessage message, SOAPMessage soapMessage) throws Fault {
//Check if security header exists; if not, execute GuestInterceptor logic
String actor = (String) getOption(WSHandlerConstants.ACTOR);
if (actor == null) {
actor = (String) message.getContextualProperty(SecurityConstants.ACTOR);
}
Element existingSecurityHeader = null;
try {
LOGGER.debug("Checking for security header.");
existingSecurityHeader = WSSecurityUtil.getSecurityHeader(soapMessage.getSOAPPart(), actor);
} catch (WSSecurityException e1) {
LOGGER.debug("Issue with getting security header", e1);
}
if (existingSecurityHeader != null) {
LOGGER.debug("SOAP message contains security header, no action taken by the GuestInterceptor.");
return;
}
LOGGER.debug("Current request has no security header, continuing with GuestInterceptor");
AssertionInfoMap assertionInfoMap = message.get(AssertionInfoMap.class);
boolean hasAddressingAssertion = assertionInfoMap.entrySet().stream().flatMap(p -> p.getValue().stream()).filter(info -> MetadataConstants.ADDRESSING_ASSERTION_QNAME.equals(info.getAssertion().getName())).findFirst().isPresent();
if (hasAddressingAssertion) {
createAddressing(message, soapMessage);
}
LOGGER.debug("Creating guest security token.");
HttpServletRequest request = (HttpServletRequest) message.get(AbstractHTTPDestination.HTTP_REQUEST);
SecurityToken securityToken = createSecurityToken(request.getRemoteAddr());
message.put(SecurityConstants.TOKEN, securityToken);
if (!MessageUtils.isRequestor(message)) {
try {
message.put(Message.REQUESTOR_ROLE, true);
policyBasedWss4jOutInterceptor.handleMessage(message);
} finally {
message.remove(Message.REQUESTOR_ROLE);
}
} else {
policyBasedWss4jOutInterceptor.handleMessage(message);
}
}
use of org.apache.cxf.interceptor.Fault in project ddf by codice.
the class PaosInInterceptor method handleMessage.
@Override
public void handleMessage(Message message) throws Fault {
List authHeader = (List) ((Map) message.getExchange().getOutMessage().get(Message.PROTOCOL_HEADERS)).get("Authorization");
String authorization = null;
if (authHeader != null && authHeader.size() > 0) {
authorization = (String) authHeader.get(0);
}
InputStream content = message.getContent(InputStream.class);
String contentType = (String) message.get(Message.CONTENT_TYPE);
if (contentType == null || !contentType.contains(APPLICATION_VND_PAOS_XML)) {
return;
}
try {
SOAPPart soapMessage = SamlProtocol.parseSoapMessage(IOUtils.toString(content, Charset.forName("UTF-8")));
Iterator iterator = soapMessage.getEnvelope().getHeader().examineAllHeaderElements();
IDPEntry idpEntry = null;
String relayState = "";
String responseConsumerURL = "";
String messageId = "";
while (iterator.hasNext()) {
Element soapHeaderElement = (SOAPHeaderElement) iterator.next();
if (RELAY_STATE.equals(soapHeaderElement.getLocalName())) {
relayState = DOM2Writer.nodeToString(soapHeaderElement);
} else if (REQUEST.equals(soapHeaderElement.getLocalName()) && soapHeaderElement.getNamespaceURI().equals(URN_OASIS_NAMES_TC_SAML_2_0_PROFILES_SSO_ECP)) {
try {
soapHeaderElement = SamlProtocol.convertDomImplementation(soapHeaderElement);
Request ecpRequest = (Request) OpenSAMLUtil.fromDom(soapHeaderElement);
IDPList idpList = ecpRequest.getIDPList();
if (idpList == null) {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection. Unable to determine IdP server."));
}
List<IDPEntry> idpEntrys = idpList.getIDPEntrys();
if (idpEntrys == null || idpEntrys.size() == 0) {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection. Unable to determine IdP server."));
}
//choose the right entry, probably need to do something better than select the first one
//but the spec doesn't specify how this is supposed to be done
idpEntry = idpEntrys.get(0);
} catch (WSSecurityException e) {
//TODO figure out IdP alternatively
LOGGER.info("Unable to determine IdP appropriately. ECP connection will fail. SP may be incorrectly configured. Contact the administrator for the remote system.");
}
} else if (REQUEST.equals(soapHeaderElement.getLocalName()) && soapHeaderElement.getNamespaceURI().equals(URN_LIBERTY_PAOS_2003_08)) {
responseConsumerURL = soapHeaderElement.getAttribute(RESPONSE_CONSUMER_URL);
messageId = soapHeaderElement.getAttribute(MESSAGE_ID);
}
}
if (idpEntry == null) {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection. Unable to determine IdP server."));
}
String token = createToken(authorization);
checkAuthnRequest(soapMessage);
Element authnRequestElement = SamlProtocol.getDomElement(soapMessage.getEnvelope().getBody().getFirstChild());
String loc = idpEntry.getLoc();
String soapRequest = buildSoapMessage(token, relayState, authnRequestElement, null);
HttpResponseWrapper httpResponse = getHttpResponse(loc, soapRequest, null);
InputStream httpResponseContent = httpResponse.content;
SOAPPart idpSoapResponse = SamlProtocol.parseSoapMessage(IOUtils.toString(httpResponseContent, Charset.forName("UTF-8")));
Iterator responseHeaderElements = idpSoapResponse.getEnvelope().getHeader().examineAllHeaderElements();
String newRelayState = "";
while (responseHeaderElements.hasNext()) {
SOAPHeaderElement soapHeaderElement = (SOAPHeaderElement) responseHeaderElements.next();
if (RESPONSE.equals(soapHeaderElement.getLocalName())) {
String assertionConsumerServiceURL = soapHeaderElement.getAttribute(ASSERTION_CONSUMER_SERVICE_URL);
if (!responseConsumerURL.equals(assertionConsumerServiceURL)) {
String soapFault = buildSoapFault(ECP_RESPONSE, "The responseConsumerURL does not match the assertionConsumerServiceURL.");
httpResponse = getHttpResponse(responseConsumerURL, soapFault, null);
message.setContent(InputStream.class, httpResponse.content);
return;
}
} else if (RELAY_STATE.equals(soapHeaderElement.getLocalName())) {
newRelayState = DOM2Writer.nodeToString(soapHeaderElement);
if (StringUtils.isNotEmpty(relayState) && !relayState.equals(newRelayState)) {
LOGGER.debug("RelayState does not match between ECP request and response");
}
if (StringUtils.isNotEmpty(relayState)) {
newRelayState = relayState;
}
}
}
checkSamlpResponse(idpSoapResponse);
Element samlpResponseElement = SamlProtocol.getDomElement(idpSoapResponse.getEnvelope().getBody().getFirstChild());
Response paosResponse = null;
if (StringUtils.isNotEmpty(messageId)) {
paosResponse = getPaosResponse(messageId);
}
String soapResponse = buildSoapMessage(null, newRelayState, samlpResponseElement, paosResponse);
httpResponse = getHttpResponse(responseConsumerURL, soapResponse, message.getExchange().getOutMessage());
if (httpResponse.statusCode < 400) {
httpResponseContent = httpResponse.content;
message.setContent(InputStream.class, httpResponseContent);
} else {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection due to an error."));
}
} catch (IOException e) {
LOGGER.debug("Error encountered while performing ECP handshake.", e);
} catch (XMLStreamException | SOAPException e) {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection. The server's response was not in the correct format."));
} catch (WSSecurityException e) {
throw new Fault(new AccessDeniedException("Unable to complete SAML ECP connection. Unable to send SOAP request messages."));
}
}
Aggregations