Java Code Examples for org.apache.cxf.message.MessageUtils#isRequestor()
The following examples show how to use
org.apache.cxf.message.MessageUtils#isRequestor() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractTokenPolicyValidator.java From steady with Apache License 2.0 | 6 votes |
|
/**
* Check to see if a token is required or not.
* @param token the token
* @param message The message
* @return true if the token is required
*/
protected boolean isTokenRequired(
Token token,
Message message
) {
IncludeTokenType inclusion = token.getInclusion();
if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
return false;
} else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
return true;
} else {
boolean initiator = MessageUtils.isRequestor(message);
if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
return true;
} else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
|| inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
return true;
}
return false;
}
}
Example 2
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
public void handleMessage(SoapMessage message) throws Fault {
boolean isReq = MessageUtils.isRequestor(message);
boolean isOut = MessageUtils.isOutbound(message);
if (isReq != isOut) {
//outbound on server side and inbound on client side doesn't need
//any username token stuff, assert policies and return
assertUsernameTokens(message, null);
return;
}
if (isReq) {
if (message.containsKey(PolicyBasedWSS4JOutInterceptor.SECURITY_PROCESSED)) {
//The full policy interceptors handled this
return;
}
addUsernameToken(message);
} else {
if (message.containsKey(WSS4JInInterceptor.SECURITY_PROCESSED)) {
//The full policy interceptors handled this
return;
}
processUsernameToken(message);
}
}
Example 3
| Source File: AbstractSamlPolicyValidator.java From steady with Apache License 2.0 | 6 votes |
|
/**
* Check to see if a token is required or not.
* @param token the token
* @param message The message
* @return true if the token is required
*/
protected boolean isTokenRequired(
Token token,
Message message
) {
IncludeTokenType inclusion = token.getInclusion();
if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
return false;
} else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
return true;
} else {
boolean initiator = MessageUtils.isRequestor(message);
if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
return true;
} else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
|| inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
return true;
}
return false;
}
}
Example 4
| Source File: AbstractSamlPolicyValidator.java From steady with Apache License 2.0 | 6 votes |
|
/**
* Check to see if a token is required or not.
* @param token the token
* @param message The message
* @return true if the token is required
*/
protected boolean isTokenRequired(
Token token,
Message message
) {
IncludeTokenType inclusion = token.getInclusion();
if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
return false;
} else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
return true;
} else {
boolean initiator = MessageUtils.isRequestor(message);
if (initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR)) {
return true;
} else if (!initiator && (inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE
|| inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT)) {
return true;
}
return false;
}
}
Example 5
| Source File: AbstractCommonBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
|
protected boolean isTokenRequired(IncludeTokenType includeToken) {
if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
return false;
} else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
return true;
} else {
boolean initiator = MessageUtils.isRequestor(message);
if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
|| includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
return true;
} else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
return true;
}
return false;
}
}
Example 6
| Source File: OpenTracingStopInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(Message message) throws Fault {
Map<String, List<Object>> responseHeaders = CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
if (responseHeaders == null) {
responseHeaders = new HashMap<>();
message.put(Message.PROTOCOL_HEADERS, responseHeaders);
}
boolean isRequestor = MessageUtils.isRequestor(message);
Message requestMessage = isRequestor ? message.getExchange().getOutMessage()
: message.getExchange().getInMessage();
Map<String, List<String>> requestHeaders =
CastUtils.cast((Map<?, ?>)requestMessage.get(Message.PROTOCOL_HEADERS));
@SuppressWarnings("unchecked")
final TraceScopeHolder<TraceScope> holder =
(TraceScopeHolder<TraceScope>)message.getExchange().get(TRACE_SPAN);
Integer responseCode = (Integer)message.get(Message.RESPONSE_CODE);
if (responseCode == null) {
responseCode = 200;
}
super.stopTraceSpan(requestHeaders, responseHeaders, responseCode, holder);
}
Example 7
| Source File: DefaultLogEventMapper.java From cxf with Apache License 2.0 | 6 votes |
|
/**
* Gets the event type from message.
*
* @param message the message
* @return the event type
*/
public EventType getEventType(Message message) {
boolean isRequestor = MessageUtils.isRequestor(message);
boolean isFault = MessageUtils.isFault(message);
if (!isFault) {
isFault = !isSOAPMessage(message) && isRESTFault(message);
}
boolean isOutbound = MessageUtils.isOutbound(message);
if (isOutbound) {
if (isFault) {
return EventType.FAULT_OUT;
}
return isRequestor ? EventType.REQ_OUT : EventType.RESP_OUT;
}
if (isFault) {
return EventType.FAULT_IN;
}
return isRequestor ? EventType.RESP_IN : EventType.REQ_IN;
}
Example 8
| Source File: WSS11PolicyValidator.java From steady with Apache License 2.0 | 5 votes |
|
public boolean validatePolicy(
AssertionInfoMap aim,
Message message,
Element soapBody,
List<WSSecurityEngineResult> results,
List<WSSecurityEngineResult> signedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
if (ais == null || ais.isEmpty()) {
return true;
}
List<WSSecurityEngineResult> scResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SC, scResults);
for (AssertionInfo ai : ais) {
Wss11 wss11 = (Wss11)ai.getAssertion();
ai.setAsserted(true);
if (!MessageUtils.isRequestor(message)) {
continue;
}
if (wss11.isRequireSignatureConfirmation() && scResults.isEmpty()) {
ai.setNotAsserted(
"Signature Confirmation policy validation failed"
);
continue;
}
}
return true;
}
Example 9
| Source File: JAXRSUtils.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
private static UriInfo createUriInfo(Message m) {
if (MessageUtils.isRequestor(m)) {
m = m.getExchange() != null ? m.getExchange().getOutMessage() : m;
}
MultivaluedMap<String, String> templateParams =
(MultivaluedMap<String, String>)m.get(URITemplate.TEMPLATE_PARAMETERS);
return new UriInfoImpl(m, templateParams);
}
Example 10
| Source File: FaultThrowingInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
public void handleMessage(Message message) throws Fault {
if (MessageUtils.isRequestor(message)) {
return;
}
String msg = null;
synchronized (MESSAGE_FORMAT) {
msg = MESSAGE_FORMAT.format(new Object[] {getPhase()});
}
LOG.fine(msg);
throw new Fault(new RuntimeException(msg));
}
Example 11
| Source File: WSS4JUtils.java From steady with Apache License 2.0 | 5 votes |
|
/**
* Get a ReplayCache instance. It first checks to see whether caching has been explicitly
* enabled or disabled via the booleanKey argument. If it has been set to false then no
* replay caching is done (for this booleanKey). If it has not been specified, then caching
* is enabled only if we are not the initiator of the exchange. If it has been specified, then
* caching is enabled.
*
* It tries to get an instance of ReplayCache via the instanceKey argument from a
* contextual property, and failing that the message exchange. If it can't find any, then it
* defaults to using an EH-Cache instance and stores that on the message exchange.
*/
public static ReplayCache getReplayCache(
SoapMessage message, String booleanKey, String instanceKey
) {
boolean specified = false;
Object o = message.getContextualProperty(booleanKey);
if (o != null) {
if (!MessageUtils.isTrue(o)) {
return null;
}
specified = true;
}
if (!specified && MessageUtils.isRequestor(message)) {
return null;
}
Endpoint ep = message.getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
EndpointInfo info = ep.getEndpointInfo();
synchronized (info) {
ReplayCache replayCache =
(ReplayCache)message.getContextualProperty(instanceKey);
if (replayCache == null) {
replayCache = (ReplayCache)info.getProperty(instanceKey);
}
if (replayCache == null) {
ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
String cacheKey = instanceKey;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
replayCache = replayCacheFactory.newReplayCache(cacheKey, message);
info.setProperty(instanceKey, replayCache);
}
return replayCache;
}
}
return null;
}
Example 12
| Source File: TransportBindingPolicyValidator.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
for (AssertionInfo ai : ais) {
TransportBinding binding = (TransportBinding)ai.getAssertion();
ai.setAsserted(true);
// Check that TLS is in use if we are not the requestor
boolean initiator = MessageUtils.isRequestor(parameters.getMessage());
TLSSessionInfo tlsInfo = parameters.getMessage().get(TLSSessionInfo.class);
if (!initiator && tlsInfo == null) {
ai.setNotAsserted("TLS is not enabled");
continue;
}
// HttpsToken is validated by the HttpsTokenInterceptorProvider
if (binding.getTransportToken() != null) {
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), binding.getTransportToken().getName());
}
// Check the IncludeTimestamp
if (!validateTimestamp(binding.isIncludeTimestamp(), true, parameters.getResults(),
parameters.getSignedResults(), parameters.getMessage())) {
String error = "Received Timestamp does not match the requirements";
ai.setNotAsserted(error);
continue;
}
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(),
new QName(binding.getName().getNamespaceURI(), SPConstants.INCLUDE_TIMESTAMP));
}
// We don't need to check these policies for the Transport binding
if (!ais.isEmpty()) {
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), SP12Constants.ENCRYPTED_PARTS);
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), SP11Constants.ENCRYPTED_PARTS);
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), SP12Constants.SIGNED_PARTS);
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), SP11Constants.SIGNED_PARTS);
}
}
Example 13
| Source File: ProviderFactory.java From cxf with Apache License 2.0 | 5 votes |
|
public static ProviderFactory getInstance(Message m) {
Endpoint e = m.getExchange().getEndpoint();
Message outM = m.getExchange().getOutMessage();
boolean isClient = outM != null && MessageUtils.isRequestor(outM);
String name = isClient ? CLIENT_FACTORY_NAME : SERVER_FACTORY_NAME;
return (ProviderFactory)e.get(name);
}
Example 14
| Source File: WSS4JUtils.java From steady with Apache License 2.0 | 5 votes |
|
/**
* Get a ReplayCache instance. It first checks to see whether caching has been explicitly
* enabled or disabled via the booleanKey argument. If it has been set to false then no
* replay caching is done (for this booleanKey). If it has not been specified, then caching
* is enabled only if we are not the initiator of the exchange. If it has been specified, then
* caching is enabled.
*
* It tries to get an instance of ReplayCache via the instanceKey argument from a
* contextual property, and failing that the message exchange. If it can't find any, then it
* defaults to using an EH-Cache instance and stores that on the message exchange.
*/
public static ReplayCache getReplayCache(
SoapMessage message, String booleanKey, String instanceKey
) {
boolean specified = false;
Object o = message.getContextualProperty(booleanKey);
if (o != null) {
if (!MessageUtils.isTrue(o)) {
return null;
}
specified = true;
}
if (!specified && MessageUtils.isRequestor(message)) {
return null;
}
Endpoint ep = message.getExchange().get(Endpoint.class);
if (ep != null && ep.getEndpointInfo() != null) {
EndpointInfo info = ep.getEndpointInfo();
synchronized (info) {
ReplayCache replayCache =
(ReplayCache)message.getContextualProperty(instanceKey);
if (replayCache == null) {
replayCache = (ReplayCache)info.getProperty(instanceKey);
}
if (replayCache == null) {
ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
String cacheKey = instanceKey;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
replayCache = replayCacheFactory.newReplayCache(cacheKey, message);
info.setProperty(instanceKey, replayCache);
}
return replayCache;
}
}
return null;
}
Example 15
| Source File: WSS11PolicyValidator.java From steady with Apache License 2.0 | 5 votes |
|
public boolean validatePolicy(
AssertionInfoMap aim,
Message message,
Element soapBody,
List<WSSecurityEngineResult> results,
List<WSSecurityEngineResult> signedResults
) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
if (ais == null || ais.isEmpty()) {
return true;
}
List<WSSecurityEngineResult> scResults = new ArrayList<WSSecurityEngineResult>();
WSSecurityUtil.fetchAllActionResults(results, WSConstants.SC, scResults);
for (AssertionInfo ai : ais) {
Wss11 wss11 = (Wss11)ai.getAssertion();
ai.setAsserted(true);
if (!MessageUtils.isRequestor(message)) {
continue;
}
if (wss11.isRequireSignatureConfirmation() && scResults.isEmpty()) {
ai.setNotAsserted(
"Signature Confirmation policy validation failed"
);
continue;
}
}
return true;
}
Example 16
| Source File: RSSecurityUtils.java From cxf with Apache License 2.0 | 5 votes |
|
public static boolean isSignedAndEncryptedTwoWay(Message m) {
Message outMessage = m.getExchange().getOutMessage();
Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
? outMessage : m;
Object encryptionProperties =
SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, m);
Object signatureProperties =
SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, m);
return "POST".equals(requestMessage.get(Message.HTTP_REQUEST_METHOD))
&& encryptionProperties != null && signatureProperties != null;
}
Example 17
| Source File: TraceeRequestInInterceptor.java From tracee with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
@Override
protected boolean shouldHandleMessage(Message message) {
return !MessageUtils.isRequestor(message);
}
Example 18
| Source File: StaxSymmetricBindingHandler.java From cxf with Apache License 2.0 | 4 votes |
|
private void doSignature(AbstractTokenWrapper wrapper, AbstractToken policyToken, List<SecurePart> sigParts)
throws WSSecurityException, SOAPException {
// Action
WSSSecurityProperties properties = getProperties();
WSSConstants.Action actionToPerform = XMLSecurityConstants.SIGNATURE;
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
if (MessageUtils.isRequestor(message) && policyToken instanceof X509Token) {
properties.setDerivedKeyTokenReference(
WSSConstants.DerivedKeyTokenReference.EncryptedKey);
} else {
properties.setDerivedKeyTokenReference(
WSSConstants.DerivedKeyTokenReference.DirectReference);
}
AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setDerivedSignatureKeyLength(
algSuiteType.getSignatureDerivedKeyLength() / 8);
}
if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
properties.setUse200512Namespace(true);
}
List<WSSConstants.Action> actionList = properties.getActions();
// Add a Signature directly before Kerberos, otherwise just append it
boolean actionAdded = false;
for (int i = 0; i < actionList.size(); i++) {
WSSConstants.Action action = actionList.get(i);
if (action.equals(WSSConstants.KERBEROS_TOKEN)) {
actionList.add(i, actionToPerform);
actionAdded = true;
break;
}
}
if (!actionAdded) {
actionList.add(actionToPerform);
}
properties.getSignatureSecureParts().addAll(sigParts);
AbstractToken sigToken = wrapper.getToken();
if (sbinding.isProtectTokens() && sigToken instanceof X509Token && isRequestor()) {
SecurePart securePart =
new SecurePart(new QName(XMLSecurityConstants.NS_XMLENC, "EncryptedKey"), Modifier.Element);
properties.addSignaturePart(securePart);
}
configureSignature(sigToken, false);
if (policyToken instanceof X509Token) {
properties.setIncludeSignatureToken(false);
if (isRequestor()) {
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KeyIdentifier_EncryptedKey);
} else {
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setDerivedKeyKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
}
}
} else if (policyToken instanceof KerberosToken) {
if (isRequestor()) {
properties.setDerivedKeyKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
} else {
if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
} else {
properties.setSignatureKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
}
properties.setDerivedKeyKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
}
} else if (policyToken instanceof IssuedToken || policyToken instanceof SecurityContextToken
|| policyToken instanceof SpnegoContextToken) {
if (!isRequestor()) {
properties.setIncludeSignatureToken(false);
} else {
properties.setIncludeSignatureToken(true);
}
properties.setDerivedKeyKeyIdentifier(
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
}
if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
properties.setSignatureAlgorithm(
sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSymmetricSignature());
}
}
Example 19
| Source File: AbstractXmlSecInHandler.java From cxf with Apache License 2.0 | 4 votes |
|
protected boolean isServerGet(Message message) {
String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
return "GET".equals(method) && !MessageUtils.isRequestor(message);
}
Example 20
| Source File: TraceeRequestOutInterceptor.java From tracee with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
@Override
protected boolean shouldHandleMessage(Message message) {
return MessageUtils.isRequestor(message);
}
