Examples with XMLSecurityProperties - org.apache.xml.security.stax.ext.XMLSecurityProperties

Example 1 with XMLSecurityProperties

use of org.apache.xml.security.stax.ext.XMLSecurityProperties in project cxf by apache.

the class XmlSecInInterceptor method prepareMessage.

private void prepareMessage(Message inMsg) throws Fault {
    XMLStreamReader originalXmlStreamReader = inMsg.getContent(XMLStreamReader.class);
    if (originalXmlStreamReader == null) {
        InputStream is = inMsg.getContent(InputStream.class);
        if (is != null) {
            originalXmlStreamReader = StaxUtils.createXMLStreamReader(is);
        }
    }
    try {
        XMLSecurityProperties properties = new XMLSecurityProperties();
        configureDecryptionKeys(inMsg, properties);
        Crypto signatureCrypto = getSignatureCrypto(inMsg);
        configureSignatureKeys(signatureCrypto, inMsg, properties);
        SecurityEventListener securityEventListener = configureSecurityEventListener(signatureCrypto, inMsg, properties);
        InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
        XMLStreamReader newXmlStreamReader = inboundXMLSec.processInMessage(originalXmlStreamReader, null, securityEventListener);
        inMsg.setContent(XMLStreamReader.class, newXmlStreamReader);
    } catch (XMLStreamException e) {
        throwFault(e.getMessage(), e);
    } catch (XMLSecurityException e) {
        throwFault(e.getMessage(), e);
    } catch (IOException e) {
        throwFault(e.getMessage(), e);
    } catch (UnsupportedCallbackException e) {
        throwFault(e.getMessage(), e);
    }
}

Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) XMLStreamReader(javax.xml.stream.XMLStreamReader) XMLStreamException(javax.xml.stream.XMLStreamException) InputStream(java.io.InputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) InboundXMLSec(org.apache.xml.security.stax.ext.InboundXMLSec) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 2 with XMLSecurityProperties

use of org.apache.xml.security.stax.ext.XMLSecurityProperties in project cxf by apache.

the class XmlSecOutInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    if (message.getExchange().get(Throwable.class) != null) {
        return;
    }
    OutputStream os = message.getContent(OutputStream.class);
    String encoding = getEncoding(message);
    if (!(encryptRequest || signRequest)) {
        Exception ex = new Exception("Either encryption and/or signature must be enabled");
        throwFault(ex.getMessage(), ex);
    }
    XMLStreamWriter newXMLStreamWriter = null;
    try {
        XMLSecurityProperties properties = new XMLSecurityProperties();
        if (signRequest) {
            configureSignature(message, properties);
        }
        if (encryptRequest) {
            configureEncryption(message, properties);
        }
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(properties);
        newXMLStreamWriter = outboundXMLSec.processOutMessage(os, encoding);
        message.setContent(XMLStreamWriter.class, newXMLStreamWriter);
    } catch (XMLSecurityException e) {
        throwFault(e.getMessage(), e);
    } catch (Exception e) {
        throwFault(e.getMessage(), e);
    }
    message.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
    message.put(StaxOutInterceptor.FORCE_START_DOCUMENT, Boolean.TRUE);
    if (MessageUtils.getContextualBoolean(message, StaxOutInterceptor.FORCE_START_DOCUMENT, false)) {
        try {
            newXMLStreamWriter.writeStartDocument(encoding, "1.0");
        } catch (XMLStreamException e) {
            throw new Fault(e);
        }
        message.removeContent(OutputStream.class);
        message.put(OUTPUT_STREAM_HOLDER, os);
    }
    // Add a final interceptor to write end elements
    message.getInterceptorChain().add(ending);
}

Also used : OutboundXMLSec(org.apache.xml.security.stax.ext.OutboundXMLSec) XMLStreamException(javax.xml.stream.XMLStreamException) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) OutputStream(java.io.OutputStream) XMLSecurityProperties(org.apache.xml.security.stax.ext.XMLSecurityProperties) Fault(org.apache.cxf.interceptor.Fault) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Aggregations

XMLStreamException (javax.xml.stream.XMLStreamException)2 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2 XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 XMLStreamReader (javax.xml.stream.XMLStreamReader)1 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)1 Fault (org.apache.cxf.interceptor.Fault)1 Crypto (org.apache.wss4j.common.crypto.Crypto)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 InboundXMLSec (org.apache.xml.security.stax.ext.InboundXMLSec)1 OutboundXMLSec (org.apache.xml.security.stax.ext.OutboundXMLSec)1 SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)1