Beispiel #1
0
  /**
   * This method is used to validate the SOAP Message Request by the processing rules of Liberty
   * SOAPBinding specifications.
   *
   * @param soapMessage SOAPMessage that needs to be validated.
   * @param subject Subject that may be used to populate the authenticated entity/user principal and
   *     any other credential information.
   * @param sharedData that may be used to store any data needed between the request and response.
   * @param httpRequest HttpServletRequest associated with this SOAP Message request.
   * @return Object Credential object after successful validation.
   * @exception SOAPBindingException for any error occured during validation.
   */
  public Object validateRequest(
      SOAPMessage soapMessage, Subject subject, Map sharedData, HttpServletRequest httpRequest)
      throws SOAPBindingException {

    WSSUtils.debug.message("SOAPProvider.validateRequest : Init");
    Message req = null;
    try {
      req = new Message(soapMessage);
      sharedData.put(SOAPBindingConstants.LIBERTY_REQUEST, req);

      if (req.getSecurityProfileType() != Message.ANONYMOUS && !SecurityUtils.verifyMessage(req)) {
        WSSUtils.debug.error(
            "MessageProcessor.validateRequest: Signature" + "Verification failed.");
        throw new SOAPBindingException(WSSUtils.bundle.getString("cannotVerifySignature"));
      }

      Utils.enforceProcessingRules(req, null, true);

      if (_config != null) {
        String authMech = req.getAuthenticationMechanism();
        if (authMech == null || !_config.getSecurityMechanisms().contains(authMech)) {

          throw new SOAPBindingException(WSSUtils.bundle.getString("unsupportedAuthMech"));
        }
      } else {
        throw new SOAPBindingException(WSSUtils.bundle.getString("nullConfiguration"));
      }

      return SOAPRequestHandler.getAuthenticator()
          .authenticate(subject, null, null, _config, req, true);

    } catch (SecurityException se) {

      WSSUtils.debug.error(
          "MessageProcessor.validateRequest: Request" + "Validation has failed.", se);
      throw new SOAPBindingException(se.getMessage());

    } catch (Exception sfe) {

      WSSUtils.debug.error("MessageProcessor.validateRequest: SOAPFault" + "Exception.", sfe);
      throw new SOAPBindingException(sfe.getMessage());
    }
  }
Beispiel #2
0
  /**
   * Adds the correlation header.
   *
   * @param msg SOAP Message that needs to be added with Correlation header.
   * @param req Message Request, if present adds the correlation header reference.
   * @return SOAPHeader SOAP Header with Correlation header.
   */
  private SOAPHeader addCorrelationHeader(SOAPMessage msg, Message req)
      throws SOAPBindingException {
    try {
      SOAPHeader header = msg.getSOAPPart().getEnvelope().getHeader();

      if (header == null) {
        header = msg.getSOAPPart().getEnvelope().addHeader();
      }

      CorrelationHeader cHeader = new CorrelationHeader();
      correlationId = cHeader.getId();
      if (req != null) {
        cHeader.setRefToMessageID(req.getCorrelationHeader().getMessageID());
      }
      cHeader.addToParent(header);
      return header;
    } catch (Exception ex) {
      WSSUtils.debug.error(
          "MessageProcessor.addCorrealtionHeader: " + "Could not add correlation header", ex);
      throw new SOAPBindingException(WSSUtils.bundle.getString("canotAddCorrelationHeader"));
    }
  }