Example 1 with CertConstraints
use of org.apache.cxf.transport.https.CertConstraints in project cxf by apache.
the class AbstractHTTPDestination method setupMessage.
protected void setupMessage(final Message inMessage, final ServletConfig config, final ServletContext context, final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
setupContinuation(inMessage, req, resp);
final Exchange exchange = inMessage.getExchange();
DelegatingInputStream in = new DelegatingInputStream(req.getInputStream()) {
public void cacheInput() {
if (!cached && (exchange.isOneWay() || isWSAddressingReplyToSpecified(exchange))) {
// For one-ways and WS-Addressing invocations with ReplyTo address,
// we need to cache the values of the HttpServletRequest
// so they can be queried later for things like paths and schemes
// and such like that.
// Please note, exchange used to always get the "current" message
exchange.getInMessage().put(HTTP_REQUEST, new HttpServletRequestSnapshot(req));
}
super.cacheInput();
}
private boolean isWSAddressingReplyToSpecified(Exchange ex) {
AddressingProperties map = ContextUtils.retrieveMAPs(ex.getInMessage(), false, false, false);
return map != null && !ContextUtils.isGenericAddress(map.getReplyTo());
}
};
inMessage.setContent(DelegatingInputStream.class, in);
inMessage.setContent(InputStream.class, in);
inMessage.put(HTTP_REQUEST, req);
inMessage.put(HTTP_RESPONSE, resp);
inMessage.put(HTTP_CONTEXT, context);
inMessage.put(HTTP_CONFIG, config);
inMessage.put(HTTP_CONTEXT_MATCH_STRATEGY, contextMatchStrategy);
inMessage.put(Message.HTTP_REQUEST_METHOD, req.getMethod());
String requestURI = req.getRequestURI();
inMessage.put(Message.REQUEST_URI, requestURI);
String requestURL = req.getRequestURL().toString();
inMessage.put(Message.REQUEST_URL, requestURL);
String contextPath = req.getContextPath();
if (contextPath == null) {
contextPath = "";
}
String servletPath = req.getServletPath();
if (servletPath == null) {
servletPath = "";
}
String contextServletPath = contextPath + servletPath;
String pathInfo = req.getPathInfo();
if (pathInfo != null) {
inMessage.put(Message.PATH_INFO, contextServletPath + pathInfo);
} else {
inMessage.put(Message.PATH_INFO, requestURI);
}
if (!StringUtils.isEmpty(requestURI)) {
int index = requestURL.indexOf(requestURI);
if (index > 0) {
// Can be useful for referencing resources with URIs not covered by CXFServlet.
// For example, if we a have web application name 'app' and CXFServlet listening
// on "/services/*" then having HTTP_BASE_PATH pointing to say
// http://localhost:8080/app will make it easy to refer to non CXF resources
String schemaInfo = requestURL.substring(0, index);
String basePathWithContextOnly = schemaInfo + contextPath;
inMessage.put(HTTP_BASE_PATH, basePathWithContextOnly);
}
} else if (!StringUtils.isEmpty(servletPath) && requestURL.endsWith(servletPath)) {
int index = requestURL.lastIndexOf(servletPath);
if (index > 0) {
inMessage.put(HTTP_BASE_PATH, requestURL.substring(0, index));
}
}
String contentType = req.getContentType();
inMessage.put(Message.CONTENT_TYPE, contentType);
setEncoding(inMessage, req, contentType);
inMessage.put(Message.QUERY_STRING, req.getQueryString());
inMessage.put(Message.ACCEPT_CONTENT_TYPE, req.getHeader("Accept"));
String basePath = getBasePath(contextServletPath);
if (!StringUtils.isEmpty(basePath)) {
inMessage.put(Message.BASE_PATH, basePath);
}
inMessage.put(Message.FIXED_PARAMETER_ORDER, isFixedParameterOrder());
inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
SecurityContext httpSecurityContext = new SecurityContext() {
public Principal getUserPrincipal() {
return req.getUserPrincipal();
}
public boolean isUserInRole(String role) {
return req.isUserInRole(role);
}
};
inMessage.put(SecurityContext.class, httpSecurityContext);
Headers headers = new Headers(inMessage);
headers.copyFromRequest(req);
String credentials = headers.getAuthorization();
AuthorizationPolicy authPolicy = getAuthorizationPolicyFromMessage(credentials, httpSecurityContext);
inMessage.put(AuthorizationPolicy.class, authPolicy);
propogateSecureSession(req, inMessage);
inMessage.put(CertConstraints.class.getName(), certConstraints);
inMessage.put(Message.IN_INTERCEPTORS, Arrays.asList(new Interceptor[] { CertConstraintsInterceptor.INSTANCE }));
}
Also used :
Exchange(org.apache.cxf.message.Exchange)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
DelegatingInputStream(org.apache.cxf.io.DelegatingInputStream)
SecurityContext(org.apache.cxf.security.SecurityContext)
CertConstraints(org.apache.cxf.transport.https.CertConstraints)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
CertConstraintsInterceptor(org.apache.cxf.transport.https.CertConstraintsInterceptor)
Interceptor(org.apache.cxf.interceptor.Interceptor)
Example 2 with CertConstraints
use of org.apache.cxf.transport.https.CertConstraints in project cxf by apache.
the class HTTPConduit method prepare.
/**
* Prepare to send an outbound HTTP message over this http conduit to a
* particular endpoint.
* <P>
* If the Message.PATH_INFO property is set it gets appended
* to the Conduit's endpoint URL. If the Message.QUERY_STRING
* property is set, it gets appended to the resultant URL following
* a "?".
* <P>
* If the Message.HTTP_REQUEST_METHOD property is NOT set, the
* Http request method defaults to "POST".
* <P>
* If the Message.PROTOCOL_HEADERS is not set on the message, it is
* initialized to an empty map.
* <P>
* This call creates the OutputStream for the content of the message.
* It also assigns the created Http(s)URLConnection to the Message
* Map.
*
* @param message The message to be sent.
*/
public void prepare(Message message) throws IOException {
// This call can possibly change the conduit endpoint address and
// protocol from the default set in EndpointInfo that is associated
// with the Conduit.
Address currentAddress;
try {
currentAddress = setupAddress(message);
} catch (URISyntaxException e) {
throw new IOException(e);
}
// The need to cache the request is off by default
boolean needToCacheRequest = false;
HTTPClientPolicy csPolicy = getClient(message);
setupConnection(message, currentAddress, csPolicy);
// If the HTTP_REQUEST_METHOD is not set, the default is "POST".
String httpRequestMethod = (String) message.get(Message.HTTP_REQUEST_METHOD);
if (httpRequestMethod == null) {
httpRequestMethod = "POST";
message.put(Message.HTTP_REQUEST_METHOD, "POST");
}
boolean isChunking = false;
int chunkThreshold = 0;
final AuthorizationPolicy effectiveAuthPolicy = getEffectiveAuthPolicy(message);
if (this.authSupplier == null) {
this.authSupplier = createAuthSupplier(effectiveAuthPolicy);
}
if (this.proxyAuthSupplier == null) {
this.proxyAuthSupplier = createAuthSupplier(proxyAuthorizationPolicy);
}
if (this.authSupplier.requiresRequestCaching()) {
needToCacheRequest = true;
isChunking = false;
LOG.log(Level.FINE, "Auth Supplier, but no Preemptive User Pass or Digest auth (nonce may be stale)" + " We must cache request.");
}
if (csPolicy.isAutoRedirect()) {
needToCacheRequest = true;
LOG.log(Level.FINE, "AutoRedirect is turned on.");
}
if (csPolicy.getMaxRetransmits() > 0) {
needToCacheRequest = true;
LOG.log(Level.FINE, "MaxRetransmits is set > 0.");
}
// TODO : ensure chunking can be enabled for non-empty PUTs - if requested
if (csPolicy.isAllowChunking() && isChunkingSupported(message, httpRequestMethod)) {
// TODO: The chunking mode be configured or at least some
// documented client constant.
// use -1 and allow the URL connection to pick a default value
isChunking = true;
chunkThreshold = csPolicy.getChunkingThreshold();
}
cookies.writeToMessageHeaders(message);
if (certConstraints != null) {
message.put(CertConstraints.class.getName(), certConstraints);
message.getInterceptorChain().add(CertConstraintsInterceptor.INSTANCE);
}
setHeadersByAuthorizationPolicy(message, currentAddress.getURI());
new Headers(message).setFromClientPolicy(getClient(message));
// set the OutputStream on the ProxyOutputStream
ProxyOutputStream pos = message.getContent(ProxyOutputStream.class);
if (pos != null && message.getContent(OutputStream.class) != null) {
pos.setWrappedOutputStream(createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
} else {
message.setContent(OutputStream.class, createOutputStream(message, needToCacheRequest, isChunking, chunkThreshold));
}
// We are now "ready" to "send" the message.
}
Also used :
ProxyAuthorizationPolicy(org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
CertConstraints(org.apache.cxf.transport.https.CertConstraints)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
Endpoint(org.apache.cxf.endpoint.Endpoint)
Aggregations
AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)2
CertConstraints (org.apache.cxf.transport.https.CertConstraints)2
IOException (java.io.IOException)1
URISyntaxException (java.net.URISyntaxException)1
ProxyAuthorizationPolicy (org.apache.cxf.configuration.security.ProxyAuthorizationPolicy)1
Endpoint (org.apache.cxf.endpoint.Endpoint)1
Interceptor (org.apache.cxf.interceptor.Interceptor)1
DelegatingInputStream (org.apache.cxf.io.DelegatingInputStream)1
Exchange (org.apache.cxf.message.Exchange)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
CertConstraintsInterceptor (org.apache.cxf.transport.https.CertConstraintsInterceptor)1
HTTPClientPolicy (org.apache.cxf.transports.http.configuration.HTTPClientPolicy)1
AddressingProperties (org.apache.cxf.ws.addressing.AddressingProperties)1
