Search in sources :

Example 16 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SpnegoContextTokenOutInterceptor method handleMessage.

public void handleMessage(SoapMessage message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
        if (ais.isEmpty()) {
            return;
        }
        if (isRequestor(message)) {
            String tokId = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
            SecurityToken tok = null;
            try {
                if (tokId != null) {
                    tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                    if (tok != null && tok.isExpired()) {
                        message.getExchange().getEndpoint().remove(SecurityConstants.TOKEN_ID);
                        message.getExchange().remove(SecurityConstants.TOKEN_ID);
                        TokenStoreUtils.getTokenStore(message).remove(tokId);
                        tok = null;
                    }
                }
                if (tok == null) {
                    tok = issueToken(message, aim);
                }
                for (AssertionInfo ai : ais) {
                    ai.setAsserted(true);
                }
                message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId());
                message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
                TokenStoreUtils.getTokenStore(message).add(tok);
            } catch (TokenStoreException ex) {
                throw new Fault(ex);
            }
        } else {
            // server side should be checked on the way in
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
        }
    }
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) Fault(org.apache.cxf.interceptor.Fault) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 17 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyUtils method getFirstAssertionByLocalname.

public static AssertionInfo getFirstAssertionByLocalname(AssertionInfoMap aim, String localname) {
    Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
    if (sp11Ais != null && !sp11Ais.isEmpty()) {
        return sp11Ais.iterator().next();
    }
    Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
    if (sp12Ais != null && !sp12Ais.isEmpty()) {
        return sp12Ais.iterator().next();
    }
    return null;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName)

Example 18 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class RMPolicyUtilities method getRMConfiguration.

/**
 * Returns an RMAssertion that is compatible with the default value and all RMAssertions pertaining to the
 * message (can never be null).
 *
 * @param defaultValue the default value (non-<code>null</code>)
 * @param message the message
 * @return the compatible RMAssertion
 */
public static RMConfiguration getRMConfiguration(RMConfiguration defaultValue, Message message) {
    RMConfiguration compatible = defaultValue;
    Collection<AssertionInfo> ais = collectRMAssertions(message.get(AssertionInfoMap.class));
    for (AssertionInfo ai : ais) {
        if (ai.getAssertion() instanceof JaxbAssertion<?>) {
            RMAssertion rma = (RMAssertion) ((JaxbAssertion<?>) ai.getAssertion()).getData();
            compatible = intersect(rma, compatible);
        } else if (ai.getAssertion() instanceof PrimitiveAssertion) {
            PrimitiveAssertion assertion = (PrimitiveAssertion) ai.getAssertion();
            if (RM11Constants.WSRMP_NAMESPACE_URI.equals(assertion.getName().getNamespaceURI())) {
                compatible = intersect(assertion, compatible);
            }
        }
    }
    return compatible;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) RMAssertion(org.apache.cxf.ws.rmp.v200502.RMAssertion) PrimitiveAssertion(org.apache.neethi.builders.PrimitiveAssertion) RMConfiguration(org.apache.cxf.ws.rm.RMConfiguration) JaxbAssertion(org.apache.cxf.ws.policy.builder.jaxb.JaxbAssertion) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 19 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class MAPAggregatorImpl method setupNamespace.

private void setupNamespace(AddressingProperties maps, Message message) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    if (null == aim) {
        String ns = (String) message.getContextualProperty(MAPAggregator.ADDRESSING_NAMESPACE);
        if (ns != null) {
            maps.exposeAs(ns);
        }
        return;
    }
    Collection<AssertionInfo> aic = aim.getAssertionInfo(MetadataConstants.USING_ADDRESSING_2004_QNAME);
    if (aic != null && !aic.isEmpty()) {
        maps.exposeAs(Names200408.WSA_NAMESPACE_NAME);
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 20 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractPolicySecurityTest method runOutInterceptorAndValidate.

protected Document runOutInterceptorAndValidate(SoapMessage msg, Policy policy, AssertionInfoMap aim, List<QName> assertedOutAssertions, List<QName> notAssertedOutAssertions) throws Exception {
    if (msg.getExchange().getEndpoint() != null && msg.getExchange().getEndpoint().getEndpointInfo().getProperty(TokenStore.class.getName()) == null) {
        msg.put(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, new MemoryTokenStore());
    }
    this.getOutInterceptor().handleMessage(msg);
    try {
        aim.checkEffectivePolicy(policy);
    } catch (PolicyException e) {
    // Expected but not relevant
    } finally {
        if (assertedOutAssertions != null) {
            for (QName assertionType : assertedOutAssertions) {
                Collection<AssertionInfo> ais = aim.get(assertionType);
                assertNotNull(ais);
                for (AssertionInfo ai : ais) {
                    checkAssertion(aim, assertionType, ai, true);
                }
            }
        }
        if (notAssertedOutAssertions != null) {
            for (QName assertionType : notAssertedOutAssertions) {
                Collection<AssertionInfo> ais = aim.get(assertionType);
                assertNotNull(ais);
                for (AssertionInfo ai : ais) {
                    checkAssertion(aim, assertionType, ai, false);
                }
            }
        }
    }
    return msg.getContent(SOAPMessage.class).getSOAPPart();
}
Also used : MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) PolicyException(org.apache.cxf.ws.policy.PolicyException) QName(javax.xml.namespace.QName) TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore) MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore) SOAPMessage(javax.xml.soap.SOAPMessage)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5