Example 1 with OperationSecurityEvent
use of org.apache.wss4j.stax.securityEvent.OperationSecurityEvent in project cxf by apache.
the class StaxActionInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (inActions == null || inActions.isEmpty()) {
return;
}
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
if (incomingSecurityEventList == null) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
// First check for a SOAP Fault with no security header if we are the client
if (MessageUtils.isRequestor(soapMessage) && isEventInResults(WSSecurityEventConstants.NO_SECURITY, incomingSecurityEventList)) {
OperationSecurityEvent securityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.OPERATION, incomingSecurityEventList);
if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) {
LOG.warning("Request does not contain Security header, but it's a fault.");
return;
}
}
for (XMLSecurityConstants.Action action : inActions) {
Event requiredEvent = null;
if (WSSConstants.TIMESTAMP.equals(action)) {
requiredEvent = WSSecurityEventConstants.TIMESTAMP;
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN;
} else if (XMLSecurityConstants.SIGNATURE.equals(action)) {
requiredEvent = WSSecurityEventConstants.SignatureValue;
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
requiredEvent = WSSecurityEventConstants.SAML_TOKEN;
}
if (requiredEvent != null && !isEventInResults(requiredEvent, incomingSecurityEventList)) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
if (XMLSecurityConstants.ENCRYPT.equals(action)) {
boolean foundEncryptionPart = isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList);
if (!foundEncryptionPart) {
foundEncryptionPart = isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList);
}
if (!foundEncryptionPart) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
}
}
}
Also used :
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
List(java.util.List)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Aggregations
List (java.util.List)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
OperationSecurityEvent (org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)1
XMLSecurityConstants (org.apache.xml.security.stax.ext.XMLSecurityConstants)1
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1
Event (org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)1
