org.apache.cxf.binding.soap.SoapMessage Java Examples

The following examples show how to use org.apache.cxf.binding.soap.SoapMessage. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WSS4JStaxOutInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected SecurityEventListener configureSecurityEventListener(
    final SoapMessage msg, WSSSecurityProperties securityProperties
) throws WSSPolicyException {
    final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<>();
    msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
    msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);

    return new SecurityEventListener() {
        @Override
        public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
            if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN) {
                // Store SAML keys in case we need them on the inbound side
                TokenSecurityEvent<?> tokenSecurityEvent = (TokenSecurityEvent<?>)securityEvent;
                try {
                    WSS4JUtils.parseAndStoreStreamingSecurityToken(tokenSecurityEvent.getSecurityToken(), msg);
                } catch (TokenStoreException e) {
                    throw new XMLSecurityException(e);
                }
            } else if (securityEvent.getSecurityEventType() == WSSecurityEventConstants.SignatureValue) {
                // Required for Signature Confirmation
                outgoingSecurityEventList.add(securityEvent);
            }
        }
    };
}
 
Example #2
Source File: WSS4JInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Do whatever is necessary to determine the action for the incoming message and 
 * do whatever other setup work is necessary.
 * 
 * @param msg
 * @param reqData
 */
protected void computeAction(SoapMessage msg, RequestData reqData) throws WSSecurityException {
    //
    // Try to get Crypto Provider from message context properties. 
    // It gives a possibility to use external Crypto Provider 
    //
    Crypto encCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
    if (encCrypto != null) {
        reqData.setEncCrypto(encCrypto);
        reqData.setDecCrypto(encCrypto);
    }
    Crypto sigCrypto = (Crypto)msg.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
    if (sigCrypto != null) {
        reqData.setSigCrypto(sigCrypto);
    }
}
 
Example #3
Source File: PolicyBasedWSS4JInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
    String action = getString(WSHandlerConstants.ACTION, message);
    if (action == null) {
        action = "";
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    if (aim != null) {
        //things that DO impact setup
        handleWSS11(aim, message);
        action = checkAsymmetricBinding(aim, action, message);
        action = checkSymmetricBinding(aim, action, message);
        action = checkTransportBinding(aim, action, message);
        
        // stuff we can default to asserted and un-assert if a condition isn't met
        assertPolicy(aim, SP12Constants.KEYVALUE_TOKEN);

        message.put(WSHandlerConstants.ACTION, action.trim());
    }
}
 
Example #4
Source File: SecureConversationInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {
    boolean foundSCT = NegotiationUtils.parseSCTResult(message);

    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
        if (ais == null || ais.isEmpty()) {
            return;
        }
        for (AssertionInfo inf : ais) {
            if (foundSCT) {
                inf.setAsserted(true);
            } else {
                inf.setNotAsserted("No SecureConversation token found in message.");
            }
        }
    }
}
 
Example #5
Source File: SecureConversationInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {
    boolean foundSCT = NegotiationUtils.parseSCTResult(message);

    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
        if (ais == null || ais.isEmpty()) {
            return;
        }
        for (AssertionInfo inf : ais) {
            if (foundSCT) {
                inf.setAsserted(true);
            } else {
                inf.setNotAsserted("No SecureConversation token found in message.");
            }
        }
    }
}
 
Example #6
Source File: SoapPreProtocolOutInterceptorTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private SoapMessage setUpMessage() throws Exception {

        SoapMessage message = new SoapMessage(new MessageImpl());
        Exchange exchange = new ExchangeImpl();
        BindingOperationInfo bop = setUpBindingOperationInfo("http://foo/bar",
                                                             "opReq",
                                                             "opResp",
                                                             SEI.class.getMethod("op", new Class[0]));
        SoapOperationInfo sop = new SoapOperationInfo();
        sop.setAction("http://foo/bar/SEI/opReq");
        bop.addExtensor(sop);
        exchange.put(BindingOperationInfo.class, bop);
        message.setExchange(exchange);
        message.put(Message.REQUESTOR_ROLE, Boolean.TRUE);

        control.replay();
        return message;
    }
 
Example #7
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private Header findSecurityHeader(SoapMessage message, boolean create) {
    for (Header h : message.getHeaders()) {
        QName n = h.getName();
        if (n.getLocalPart().equals("Security")
            && (n.getNamespaceURI().equals(WSConstants.WSSE_NS) 
                || n.getNamespaceURI().equals(WSConstants.WSSE11_NS))) {
            return h;
        }
    }
    if (!create) {
        return null;
    }
    Document doc = DOMUtils.createDocument();
    Element el = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Security");
    el.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsse", WSConstants.WSSE_NS);
    SoapHeader sh = new SoapHeader(new QName(WSConstants.WSSE_NS, "Security"), el);
    sh.setMustUnderstand(true);
    message.getHeaders().add(sh);
    return sh;
}
 
Example #8
Source File: UsernameTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public String getPassword(String userName, UsernameToken info, int type, SoapMessage message) {
    //Then try to get the password from the given callback handler

    CallbackHandler handler = getCallback(message);
    if (handler == null) {
        policyNotAsserted(info, "No callback handler and no password available", message);
        return null;
    }
    
    WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
                                                      type)};
    try {
        handler.handle(cb);
    } catch (Exception e) {
        policyNotAsserted(info, e, message);
    }
    
    //get the password
    return cb[0].getPassword();
}
 
Example #9
Source File: AbstractWSS4JInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void translateProperties(SoapMessage msg) {
    String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
    if (bspCompliant != null) {
        msg.setContextualProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
    }
    String futureTTL = 
        (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
    if (futureTTL != null) {
        msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
    }
    String ttl = 
            (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
    if (ttl != null) {
        msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
    }
    String certConstraints = 
        (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
    if (certConstraints != null) {
        msg.setContextualProperty(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
    }
}
 
Example #10
Source File: AbstractSoapInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
static String getFaultMessage(SoapMessage message, SoapFault fault) {
    if (message.get("forced.faultstring") != null) {
        return (String) message.get("forced.faultstring");
    }
    boolean config = MessageUtils.getContextualBoolean(message, Message.EXCEPTION_MESSAGE_CAUSE_ENABLED, false);
    if (fault.getMessage() != null) {
        if (config && fault.getCause() != null
            && fault.getCause().getMessage() != null && !fault.getMessage().equals(fault.getCause().getMessage())) {
            return fault.getMessage() + " Caused by: " + fault.getCause().getMessage();
        }
        return fault.getMessage();
    } else if (config && fault.getCause() != null) {
        if (fault.getCause().getMessage() != null) {
            return fault.getCause().getMessage();
        }
        return fault.getCause().toString();
    } else {
        return "Fault occurred while processing.";
    }
}
 
Example #11
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 6 votes vote down vote up
@Test
public void testTimestamp() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);
    
    ohandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP);
    ohandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "myalias");
    msg.put("password", "myAliasPassword");

    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsu:Timestamp", doc);
}
 
Example #12
Source File: WSS4JOutInterceptorTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Test
public void testUsernameTokenDigest() throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");
    SoapMessage msg = getSoapMessageForDom(doc);

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    msg.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN);
    msg.put(ConfigurationConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(ConfigurationConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(ConfigurationConstants.PASSWORD_TYPE, WSS4JConstants.PW_DIGEST);
    handler.handleMessage(msg);

    doc = msg.getContent(SOAPMessage.class).getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the password digest is used in the header
    assertInvalid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
}
 
Example #13
Source File: AbstractWSS4JInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void translateProperties(SoapMessage msg) {
    String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
    if (bspCompliant != null) {
        msg.setContextualProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
    }
    String futureTTL = 
        (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
    if (futureTTL != null) {
        msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
    }
    String ttl = 
            (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
    if (ttl != null) {
        msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
    }
    String certConstraints = 
        (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
    if (certConstraints != null) {
        msg.setContextualProperty(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
    }
}
 
Example #14
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void policyNotAsserted(SamlToken assertion, Exception reason, SoapMessage message) {
    if (assertion == null) {
        return;
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais;
    ais = aim.get(assertion.getName());
    if (ais != null) {
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == assertion) {
                ai.setNotAsserted(reason.getMessage());
            }
        }
    }
    throw new PolicyException(reason);
}
 
Example #15
Source File: AbstractUsernameTokenAuthenticatingInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
@Override
public void handleMessage(SoapMessage msg) throws Fault {
    SecurityToken token = msg.get(SecurityToken.class);
    SecurityContext context = msg.get(SecurityContext.class);
    if (token == null || context == null || context.getUserPrincipal() == null) {
        super.handleMessage(msg);
        return;
    }
    UsernameToken ut = (UsernameToken)token;
    
    Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
                                    ut.getNonce(), ut.getCreatedTime());
    
    SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
    msg.put(SecurityContext.class, sc);
}
 
Example #16
Source File: SecureConversationInInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim == null) {
        return;
    }
    AssertionInfo ai =
        PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
    if (ai == null) {
        return;
    }

    SecureConversationToken tok = (SecureConversationToken)ai.getAssertion();
    try {
        doCancel(message, aim, tok);
    } catch (TokenStoreException ex) {
        throw new Fault(ex);
    }
}
 
Example #17
Source File: UsernameTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public String getPassword(String userName, UsernameToken info, int type, SoapMessage message) {
    //Then try to get the password from the given callback handler

    CallbackHandler handler = getCallback(message);
    if (handler == null) {
        policyNotAsserted(info, "No callback handler and no password available", message);
        return null;
    }
    
    WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
                                                      type)};
    try {
        handler.handle(cb);
    } catch (Exception e) {
        policyNotAsserted(info, e, message);
    }
    
    //get the password
    return cb[0].getPassword();
}
 
Example #18
Source File: PolicyBasedWSS4JInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
    Crypto signCrypto = null;
    if (s instanceof Crypto) {
        signCrypto = (Crypto)s;
    } else if (s != null) {
        URL propsURL = getPropertiesFileURL(s, message);
        String propsKey = s.toString();
        if (propsURL != null) {
            propsKey = propsURL.getPath();
        }
        Properties props = getProps(s, propsKey, propsURL, message);
        signCrypto = CryptoFactory.getInstance(props);
        
        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
        synchronized (info) {
            info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
        }
    }
    return signCrypto;
}
 
Example #19
Source File: UsernameTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private void addUsernameToken(SoapMessage message) {
    UsernameToken tok = assertUsernameTokens(message, null);

    Header h = findSecurityHeader(message, true);
    WSSecUsernameToken utBuilder = 
        addUsernameToken(message, tok);
    if (utBuilder == null) {
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
        for (AssertionInfo ai : ais) {
            if (ai.isAsserted()) {
                ai.setAsserted(false);
            }
        }
        return;
    }
    Element el = (Element)h.getObject();
    utBuilder.prepare(el.getOwnerDocument());
    el.appendChild(utBuilder.getUsernameTokenElement());
}
 
Example #20
Source File: SamlTokenInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
private void addSamlToken(SoapMessage message) {
    WSSConfig.init();
    SamlToken tok = assertSamlTokens(message);

    Header h = findSecurityHeader(message, true);
    try {
        AssertionWrapper wrapper = addSamlToken(tok, message);
        if (wrapper == null) {
            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
            Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.SAML_TOKEN);
            for (AssertionInfo ai : ais) {
                if (ai.isAsserted()) {
                    ai.setAsserted(false);
                }
            }
            return;
        }
        Element el = (Element)h.getObject();
        el.appendChild(wrapper.toDOM(el.getOwnerDocument()));
    } catch (WSSecurityException ex) {
        policyNotAsserted(tok, ex.getMessage(), message);
    }
}
 
Example #21
Source File: AbstractPolicySecurityTest.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Gets a SoapMessage, but with the needed SecurityConstants in the context properties
 * so that it can be passed to PolicyBasedWSS4JOutInterceptor.
 *
 * @see #getSoapMessageForDom(Document, AssertionInfoMap)
 */
protected SoapMessage getOutSoapMessageForDom(Document doc, AssertionInfoMap aim)
    throws SOAPException {
    SoapMessage msg = this.getSoapMessageForDom(doc, aim);
    msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "outsecurity.properties");
    msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "outsecurity.properties");
    msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName());
    msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias");
    msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias");
    
    msg.getExchange().put(Endpoint.class, new MockEndpoint());
    msg.getExchange().put(Bus.class, this.bus);
    msg.put(Message.REQUESTOR_ROLE, true);
    
    return msg;
}
 
Example #22
Source File: MAPCodec.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Invoked when unwinding normal interceptor chain when a fault occurred.
 *
 * @param message the messsage message
 */
public void handleFault(SoapMessage message) {
    if (!message.getExchange().isOneWay()) {
        AddressingProperties maps = ContextUtils.retrieveMAPs(message, false, true, false);
        if (ContextUtils.isRequestor(message)
            && maps != null) {
            //fault occurred trying to send the message, remove it
            uncorrelatedExchanges.remove(maps.getMessageID().getValue());
        } else if (!ContextUtils.isRequestor(message)
            && maps == null
            && !message.containsKey(MAPAggregator.class.getName())) {
            //fault occurred while processing the incoming message, but possibly
            //before the MAPAggregator was called.   We need to see if we can
            //try and map this if at all possible so a FaultTo/ReplyTo can
            //be properly determined to get the fault back to the rightful
            //place.
            for (Interceptor<? extends Message> i : message.getInterceptorChain()) {
                if (i instanceof MAPAggregator) {
                    try {
                        MAPAggregator agg = (MAPAggregator)i;
                        agg.handleMessage(message);
                    } catch (Throwable t) {
                        //ignore
                    }
                    return;
                }
            }
        }
    }
    if (MessageUtils.getContextualBoolean(message, DECOUPLED_FAULT_SUPPORT, false)) {
        new DecoupledFaultHandler().handleFault(message);
    }
}
 
Example #23
Source File: PolicyBasedWSS4JInInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Is a Nonce Cache required, i.e. are we expecting a UsernameToken
 */
@Override
protected boolean isNonceCacheRequired(List<Integer> actions, SoapMessage msg) {
    AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
    if (aim != null) {
        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.USERNAME_TOKEN);
        if (ai != null) {
            return true;
        }
    }

    return false;
}
 
Example #24
Source File: ReceivedTokenCallbackHandler.java    From steady with Apache License 2.0 5 votes vote down vote up
private Element getTokenFromMessage(SoapMessage soapMessage) {
    if (soapMessage != null) {
        List<WSHandlerResult> results = 
            CastUtils.cast((List<?>)soapMessage.get(WSHandlerConstants.RECV_RESULTS));
        if (results != null) {
            for (WSHandlerResult rResult : results) {
                Element token = findToken(rResult.getResults());
                if (token != null) {
                    return token;
                }
            }
        }
    }
    return null;
}
 
Example #25
Source File: AbstractPolicySecurityTest.java    From steady with Apache License 2.0 5 votes vote down vote up
protected Document runOutInterceptorAndValidate(Document document, Policy policy,
        List<QName> assertedOutAssertions, 
        List<QName> notAssertedOutAssertions) throws Exception {
    
    AssertionInfoMap aim = new AssertionInfoMap(policy);
    
    final SoapMessage msg = 
        this.getOutSoapMessageForDom(document, aim);
    
    return this.runOutInterceptorAndValidate(msg, policy, aim,
            assertedOutAssertions, notAssertedOutAssertions);       
}
 
Example #26
Source File: SecurityVerificationOutTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testSignedPartsOK() throws Exception {
    SoapMessage message = coachMessage("signed_parts_policy_body.xml");
    control.replay();
    SecurityVerificationOutInterceptor.INSTANCE.handleMessage(message);
    control.verify();    
}
 
Example #27
Source File: SecureConversationInInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void handleMessage(SoapMessage message) throws Fault {
    try {
        boolean foundSCT = NegotiationUtils.parseSCTResult(message);

        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        // extract Assertion information
        if (aim != null) {
            Collection<AssertionInfo> ais =
                    PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
            if (ais.isEmpty()) {
                return;
            }
            for (AssertionInfo inf : ais) {
                SecureConversationToken token = (SecureConversationToken) inf.getAssertion();
                IncludeTokenType inclusion = token.getIncludeTokenType();
                if (foundSCT || token.isOptional()
                        || (!foundSCT && inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER)) {
                    inf.setAsserted(true);
                } else {
                    inf.setNotAsserted("No SecureConversation token found in message.");
                }
            }
        }
    } catch (TokenStoreException ex) {
        throw new Fault(ex);
    }
}
 
Example #28
Source File: WSS4JInInterceptor.java    From steady with Apache License 2.0 5 votes vote down vote up
@Override
public Object getProperty(Object msgContext, String key) {
    // use the superclass first
    Object result = super.getProperty(msgContext, key);
    
    // handle the special case of the SEND_SIGV
    if (result == null 
        && WSHandlerConstants.SEND_SIGV.equals(key)
        && this.isRequestor((SoapMessage)msgContext)) {
        result = ((SoapMessage)msgContext).getExchange().getOutMessage().get(key);
    }               
    return result;
}
 
Example #29
Source File: SonosFaultInterceptor.java    From airsonic-advanced with GNU General Public License v3.0 5 votes vote down vote up
@Override
public void handleMessage(SoapMessage message) throws Fault {
    Fault fault = (Fault) message.getContent(Exception.class);
    LOG.warn("Error with Soap message", fault);

    if (fault.getCause() instanceof SonosSoapFault) {
        SonosSoapFault cause = (SonosSoapFault) fault.getCause();
        fault.setFaultCode(new QName(cause.getFaultCode()));
        fault.setMessage(cause.getFaultCode());

        Document document = DOMUtils.createDocument();
        Element details = document.createElement("detail");
        fault.setDetail(details);

        if (cause instanceof TokenRefreshRequired) {
            try {
                marshaller.marshal(((TokenRefreshRequired) cause).getRefreshTokens(), details);
            } catch (JAXBException e) {
                LOG.warn("Could not marshal Sonos refresh tokens", e);
            }
        } else {
            details.appendChild(document.createElement("ExceptionInfo"));

            Element sonosError = document.createElement("SonosError");
            sonosError.setTextContent(String.valueOf(cause.getSonosError()));
            details.appendChild(sonosError);
        }
    }
}
 
Example #30
Source File: WSS4JOutInterceptorTest.java    From steady with Apache License 2.0 5 votes vote down vote up
@Test
public void testUsernameTokenText() throws Exception {
    SOAPMessage saaj = readSAAJDocument("wsse-request-clean.xml");

    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();

    SoapMessage msg = new SoapMessage(new MessageImpl());
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(msg);

    msg.setContent(SOAPMessage.class, saaj);

    msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
    msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
    msg.put(WSHandlerConstants.USER, "username");
    msg.put("password", "myAliasPassword");
    msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    handler.handleMessage(msg);

    SOAPPart doc = saaj.getSOAPPart();
    assertValid("//wsse:Security", doc);
    assertValid("//wsse:Security/wsse:UsernameToken", doc);
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Username[text()='username']", doc);
    // Test to see that the plaintext password is used in the header
    assertValid("//wsse:Security/wsse:UsernameToken/wsse:Password[text()='myAliasPassword']", doc);
}