Example 1 with InboundWSSec
use of org.apache.wss4j.stax.setup.InboundWSSec in project cxf by apache.
the class WSS4JStaxInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (soapMessage.containsKey(SECURITY_PROCESSED) || isGET(soapMessage)) {
return;
}
soapMessage.getInterceptorChain().add(new StaxStartBodyInterceptor());
XMLStreamReader originalXmlStreamReader = soapMessage.getContent(XMLStreamReader.class);
XMLStreamReader newXmlStreamReader;
soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
try {
@SuppressWarnings("unchecked") List<SecurityEvent> requestSecurityEvents = (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
WSSSecurityProperties secProps = createSecurityProperties();
translateProperties(soapMessage, secProps);
configureCallbackHandler(soapMessage, secProps);
configureProperties(soapMessage, secProps);
if (secProps.getActions() != null && secProps.getActions().size() > 0) {
soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
}
if (secProps.getAttachmentCallbackHandler() == null) {
secProps.setAttachmentCallbackHandler(new AttachmentCallbackHandler(soapMessage));
}
final TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(secProps.getCallbackHandler(), TokenStoreUtils.getTokenStore(soapMessage));
secProps.setCallbackHandler(callbackHandler);
setTokenValidators(secProps, soapMessage);
secProps.setMsgContext(soapMessage);
final List<SecurityEventListener> securityEventListeners = configureSecurityEventListeners(soapMessage, secProps);
boolean returnSecurityError = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.RETURN_SECURITY_ERROR, false);
final InboundWSSec inboundWSSec = WSSec.getInboundWSSec(secProps, MessageUtils.isRequestor(soapMessage), returnSecurityError);
newXmlStreamReader = inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents, securityEventListeners);
final Object provider = soapMessage.getExchange().get(Provider.class);
if (provider != null && ThreadLocalSecurityProvider.isInstalled()) {
newXmlStreamReader = new StreamReaderDelegate(newXmlStreamReader) {
@Override
public int next() throws XMLStreamException {
try {
ThreadLocalSecurityProvider.setProvider((Provider) provider);
return super.next();
} finally {
ThreadLocalSecurityProvider.unsetProvider();
}
}
};
}
soapMessage.setContent(XMLStreamReader.class, newXmlStreamReader);
// Warning: The exceptions which can occur here are not security relevant exceptions
// but configuration-errors. To catch security relevant exceptions you have to catch
// them e.g.in the FaultOutInterceptor. Why? Because we do streaming security. This
// interceptor doesn't handle the ws-security stuff but just setup the relevant stuff
// for it. Exceptions will be thrown as a wrapped XMLStreamException during further
// processing in the WS-Stack.
soapMessage.put(SECURITY_PROCESSED, Boolean.TRUE);
} catch (WSSecurityException e) {
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), e);
} catch (XMLSecurityException e) {
throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
} catch (WSSPolicyException e) {
throw new SoapFault(e.getMessage(), e, soapMessage.getVersion().getSender());
} catch (XMLStreamException e) {
throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
}
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
SoapFault(org.apache.cxf.binding.soap.SoapFault)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Message(org.apache.cxf.common.i18n.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
LinkedList(java.util.LinkedList)
List(java.util.List)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Provider(java.security.Provider)
ThreadLocalSecurityProvider(org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider)
XMLStreamException(javax.xml.stream.XMLStreamException)
StreamReaderDelegate(javax.xml.stream.util.StreamReaderDelegate)
WSSPolicyException(org.apache.wss4j.common.WSSPolicyException)
SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener)
InboundWSSec(org.apache.wss4j.stax.setup.InboundWSSec)
Aggregations
Provider (java.security.Provider)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
XMLStreamReader (javax.xml.stream.XMLStreamReader)1
StreamReaderDelegate (javax.xml.stream.util.StreamReaderDelegate)1
SoapFault (org.apache.cxf.binding.soap.SoapFault)1
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1
Message (org.apache.cxf.common.i18n.Message)1
WSSPolicyException (org.apache.wss4j.common.WSSPolicyException)1
ThreadLocalSecurityProvider (org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)1
InboundWSSec (org.apache.wss4j.stax.setup.InboundWSSec)1
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1
SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)1
