Example 11 with W3CDOMStreamReader
use of org.apache.cxf.staxutils.W3CDOMStreamReader in project cxf by apache.
the class SamlEnvelopedInHandler method filter.
@Override
public void filter(ContainerRequestContext context) {
Message message = JAXRSUtils.getCurrentMessage();
String method = (String) message.get(Message.HTTP_REQUEST_METHOD);
if (HttpMethod.GET.equals(method)) {
return;
}
Document doc = null;
InputStream is = message.getContent(InputStream.class);
if (is != null) {
try {
doc = StaxUtils.read(new InputStreamReader(is, StandardCharsets.UTF_8));
} catch (Exception ex) {
throwFault("Invalid XML payload", ex);
}
} else {
XMLStreamReader reader = message.getContent(XMLStreamReader.class);
if (reader instanceof W3CDOMStreamReader) {
doc = ((W3CDOMStreamReader) reader).getDocument();
}
}
if (doc == null) {
throwFault("No payload is available", null);
}
Element samlElement = getNode(doc.getDocumentElement(), SAML2_NS, SAML_ASSERTION);
if (samlElement == null) {
samlElement = getNode(doc.getDocumentElement(), SAML1_NS, SAML_ASSERTION);
}
if (samlElement == null) {
throwFault("SAML Assertion is not available", null);
}
validateToken(message, samlElement);
doc.getDocumentElement().removeChild(samlElement);
if (bodyIsRoot) {
message.setContent(XMLStreamReader.class, new W3CDOMStreamReader(doc));
message.setContent(InputStream.class, null);
} else {
Element actualBody = getActualBody(doc.getDocumentElement());
if (actualBody != null) {
Document newDoc = DOMUtils.createDocument();
newDoc.adoptNode(actualBody);
message.setContent(XMLStreamReader.class, new W3CDOMStreamReader(actualBody));
message.setContent(InputStream.class, null);
}
}
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Message(org.apache.cxf.message.Message)
InputStreamReader(java.io.InputStreamReader)
W3CDOMStreamReader(org.apache.cxf.staxutils.W3CDOMStreamReader)
InputStream(java.io.InputStream)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
Example 12 with W3CDOMStreamReader
use of org.apache.cxf.staxutils.W3CDOMStreamReader in project cxf by apache.
the class AbstractXmlEncInHandler method decryptContent.
public void decryptContent(Message message) {
Message outMs = message.getExchange().getOutMessage();
Message inMsg = outMs == null ? message : outMs.getExchange().getInMessage();
Document doc = getDocument(inMsg);
if (doc == null) {
return;
}
Element root = doc.getDocumentElement();
byte[] symmetricKeyBytes = getSymmetricKeyBytes(message, root);
String symKeyAlgo = getEncodingMethodAlgorithm(root);
if (encProps != null && encProps.getEncryptionSymmetricKeyAlgo() != null && !encProps.getEncryptionSymmetricKeyAlgo().equals(symKeyAlgo)) {
throwFault("Encryption Symmetric Key Algorithm is not supported", null);
}
byte[] decryptedPayload = null;
try {
decryptedPayload = decryptPayload(root, symmetricKeyBytes, symKeyAlgo);
} catch (Exception ex) {
throwFault("Payload can not be decrypted", ex);
}
Document payloadDoc = null;
try {
payloadDoc = StaxUtils.read(new InputStreamReader(new ByteArrayInputStream(decryptedPayload), StandardCharsets.UTF_8));
} catch (Exception ex) {
throwFault("Payload document can not be created", ex);
}
message.setContent(XMLStreamReader.class, new W3CDOMStreamReader(payloadDoc));
message.setContent(InputStream.class, null);
}
Also used :
Message(org.apache.cxf.message.Message)
InputStreamReader(java.io.InputStreamReader)
ByteArrayInputStream(java.io.ByteArrayInputStream)
W3CDOMStreamReader(org.apache.cxf.staxutils.W3CDOMStreamReader)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLEncryptionException(org.apache.xml.security.encryption.XMLEncryptionException)
Base64Exception(org.apache.cxf.common.util.Base64Exception)
Example 13 with W3CDOMStreamReader
use of org.apache.cxf.staxutils.W3CDOMStreamReader in project cxf by apache.
the class AbstractXmlSecInHandler method getDocument.
protected Document getDocument(Message message) {
if (isServerGet(message)) {
return null;
}
Integer responseCode = (Integer) message.get(Message.RESPONSE_CODE);
if (responseCode != null && responseCode != 200) {
return null;
}
Document doc = null;
InputStream is = message.getContent(InputStream.class);
if (is != null) {
try {
doc = StaxUtils.read(new InputStreamReader(is, StandardCharsets.UTF_8));
} catch (Exception ex) {
throwFault("Invalid XML payload", ex);
}
} else {
XMLStreamReader reader = message.getContent(XMLStreamReader.class);
if (reader instanceof W3CDOMStreamReader) {
doc = ((W3CDOMStreamReader) reader).getDocument();
}
}
if (doc == null && !allowEmptyBody) {
throwFault("No payload is available", null);
}
return doc;
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
InputStreamReader(java.io.InputStreamReader)
W3CDOMStreamReader(org.apache.cxf.staxutils.W3CDOMStreamReader)
InputStream(java.io.InputStream)
Document(org.w3c.dom.Document)
Aggregations
W3CDOMStreamReader (org.apache.cxf.staxutils.W3CDOMStreamReader)13
Element (org.w3c.dom.Element)6
XMLStreamException (javax.xml.stream.XMLStreamException)5
XMLStreamReader (javax.xml.stream.XMLStreamReader)5
Document (org.w3c.dom.Document)5
Fault (org.apache.cxf.interceptor.Fault)4
InputStreamReader (java.io.InputStreamReader)3
DOMSource (javax.xml.transform.dom.DOMSource)3
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)3
Message (org.apache.cxf.message.Message)3
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
JAXBException (javax.xml.bind.JAXBException)2
QName (javax.xml.namespace.QName)2
SOAPMessage (javax.xml.soap.SOAPMessage)2
MessageContentsList (org.apache.cxf.message.MessageContentsList)2
Service (org.apache.cxf.service.Service)2
BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)2
MessagePartInfo (org.apache.cxf.service.model.MessagePartInfo)2
Node (org.w3c.dom.Node)2
