/**
   * Determines if the current message has no response content. The message has no response content
   * if either: - the request is oneway and the current message is no partial response or an empty
   * partial response. - the request is not oneway but the current message is an empty partial
   * response.
   *
   * @param message
   * @return
   */
  private boolean hasNoResponseContent(Message message) {
    final boolean ow = isOneWay(message);
    final boolean pr = MessageUtils.isPartialResponse(message);
    final boolean epr = MessageUtils.isEmptyPartialResponse(message);

    // REVISIT may need to provide an option to choose other behavior?
    // old behavior not suppressing any responses  => ow && !pr
    // suppress empty responses for oneway calls   => ow && (!pr || epr)
    // suppress additionally empty responses for decoupled twoway calls =>
    return (ow && (!pr || epr)) || (!ow && epr);
  }
Example #2
0
  public void handleMessage(Message msg) {
    Fault fault = (Fault) msg.getContent(Exception.class);

    if (fault.getDetail() != null
        && !MessageUtils.getContextualBoolean(msg, DISABLE_FAULT_MAPPING, false)) {
      processFaultDetail(fault, msg);
      setStackTrace(fault, msg);
    }

    FaultMode faultMode = FaultMode.UNCHECKED_APPLICATION_FAULT;

    // Check if the raised exception is declared in the WSDL or by the JAX-RS resource
    Method m = msg.getExchange().get(Method.class);
    if (m != null) {
      Exception e = msg.getContent(Exception.class);
      for (Class<?> cl : m.getExceptionTypes()) {
        if (cl.isInstance(e)) {
          faultMode = FaultMode.CHECKED_APPLICATION_FAULT;
          break;
        }
      }
    }

    msg.getExchange().put(FaultMode.class, faultMode);
  }
Example #3
0
  protected void handle(Message message) throws SequenceFault, RMException {
    LOG.entering(getClass().getName(), "handleMessage");
    // This message capturing mechanism will need to be changed at some point.
    // Until then, we keep this interceptor here and utilize the robust
    // option to avoid the unnecessary message capturing/caching.
    if (!MessageUtils.isTrue(message.getContextualProperty(Message.ROBUST_ONEWAY))) {
      InputStream is = message.getContent(InputStream.class);
      if (is != null) {
        CachedOutputStream saved = new CachedOutputStream();
        try {
          IOUtils.copy(is, saved);

          saved.flush();
          is.close();
          saved.lockOutputStream();

          LOG.fine("Capturing the original RM message");
          RewindableInputStream ris = RewindableInputStream.makeRewindable(saved.getInputStream());
          message.setContent(InputStream.class, ris);
          message.put(RMMessageConstants.SAVED_CONTENT, ris);
        } catch (Exception e) {
          throw new Fault(e);
        }
      }
    }
  }
 /**
  * Invoked for normal processing of inbound and outbound messages.
  *
  * @param message the current message
  */
 public void handleMessage(Message message) {
   if (!MessageUtils.getContextualBoolean(message, ADDRESSING_DISABLED, false)) {
     mediate(message, ContextUtils.isFault(message));
   } else {
     // addressing is completely disabled manually, we need to assert the
     // assertions as the user is in control of those
     AssertionInfoMap aim = message.get(AssertionInfoMap.class);
     if (null == aim) {
       return;
     }
     QName[] types =
         new QName[] {
           MetadataConstants.ADDRESSING_ASSERTION_QNAME,
           MetadataConstants.USING_ADDRESSING_2004_QNAME,
           MetadataConstants.USING_ADDRESSING_2005_QNAME,
           MetadataConstants.USING_ADDRESSING_2006_QNAME,
           MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME,
           MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME,
           MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705,
           MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705
         };
     for (QName type : types) {
       assertAssertion(aim, type);
     }
   }
 }
  @Override
  public void handleMessage(SoapMessage soapMessage) throws Fault {

    AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);
    @SuppressWarnings("unchecked")
    final List<SecurityEvent> incomingSecurityEventList =
        (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
    if (aim == null || incomingSecurityEventList == null) {
      return;
    }

    // First check for a SOAP Fault with no security header if we are the client
    // In this case don't blanket assert security policies
    if (MessageUtils.isRequestor(soapMessage)
        && incomingSecurityEventList.contains(WSSecurityEventConstants.NoSecurity)) {
      OperationSecurityEvent securityEvent =
          (OperationSecurityEvent)
              findEvent(WSSecurityEventConstants.Operation, incomingSecurityEventList);
      if (securityEvent != null
          && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) {
        LOG.warning("Request does not contain Security header, but it's a fault.");
        return;
      }
    }

    assertAllSecurityAssertions(aim);
  }
Example #6
0
  protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
      return;
    }
    boolean utWithCallbacks =
        MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);

    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
      if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())
          && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) {
        try {
          Principal principal = null;
          Subject subject = null;
          if (utWithCallbacks) {
            final WSSecurityEngineResult result = validateToken(child, message);
            principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
            subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
          } else {
            boolean bspCompliant = isWsiBSPCompliant(message);
            principal = parseTokenAndCreatePrincipal(child, bspCompliant);
            WSS4JTokenConverter.convertToken(message, principal);
          }

          SecurityContext sc = message.get(SecurityContext.class);
          if (sc == null || sc.getUserPrincipal() == null) {
            if (subject != null && principal != null) {
              message.put(SecurityContext.class, createSecurityContext(principal, subject));
            } else if (principal instanceof UsernameTokenPrincipal) {
              UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
              String nonce = null;
              if (utPrincipal.getNonce() != null) {
                nonce = Base64.encode(utPrincipal.getNonce());
              }
              subject =
                  createSubject(
                      utPrincipal.getName(),
                      utPrincipal.getPassword(),
                      utPrincipal.isPasswordDigest(),
                      nonce,
                      utPrincipal.getCreatedTime());
              message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
            }
          }

          if (principal instanceof UsernameTokenPrincipal) {
            storeResults((UsernameTokenPrincipal) principal, message);
          }
        } catch (WSSecurityException ex) {
          throw new Fault(ex);
        } catch (Base64DecodingException ex) {
          throw new Fault(ex);
        }
      }
      child = DOMUtils.getNextElement(child);
    }
  }
Example #7
0
 public UriInfoImpl(Message m, MultivaluedMap<String, String> templateParams) {
   this.message = m;
   this.templateParams = templateParams;
   if (m != null) {
     this.stack = m.get(OperationResourceInfoStack.class);
     this.caseInsensitiveQueries =
         MessageUtils.isTrue(m.getContextualProperty(CASE_INSENSITIVE_QUERIES));
   }
 }
Example #8
0
 private String getAbsolutePathAsString() {
   String address = getBaseUri().toString();
   if (MessageUtils.isRequestor(message)) {
     return address;
   }
   String path = doGetPath(false, false);
   if (path.startsWith("/") && address.endsWith("/")) {
     address = address.substring(0, address.length() - 1);
   }
   return address + path;
 }
 /**
  * Check for NONE ReplyTo value in request-response MEP
  *
  * @param message the current message
  * @param maps the incoming MAPs
  */
 private void checkReplyTo(Message message, AddressingProperties maps) {
   // if ReplyTo address is none then 202 response status is expected
   // However returning a fault is more appropriate for request-response MEP
   if (!message.getExchange().isOneWay()
       && !MessageUtils.isPartialResponse(message)
       && ContextUtils.isNoneAddress(maps.getReplyTo())) {
     String reason =
         MessageFormat.format(
             BUNDLE.getString("REPLYTO_NOT_SUPPORTED_MSG"),
             maps.getReplyTo().getAddress().getValue());
     throw new SoapFault(reason, new QName(Names.WSA_NAMESPACE_NAME, Names.WSA_NONE_ADDRESS));
   }
 }
  /** @param message */
  @Override
  public void handleMessage(SoapMessage message) throws Fault {
    long l = LOG.logStart();

    final OutputStream os = message.getContent(OutputStream.class);
    boolean isRequestor = MessageUtils.isRequestor(message);
    if (os == null) {
      LOG.logWarn("Could not log message because it not contains OutputStream!", null);
      return;
    }
    // create store file
    File fStore;
    if (isRequestor) {
      MSHOutMail rq = SoapUtils.getMSHOutMail(message);
      fStore = EBMSLogUtils.getOutboundFileName(true, rq.getId(), null);
    } else {
      // get base from input log file
      String base =
          (String) message.getExchange().get(EBMSConstants.EBMS_CP_BASE_LOG_SOAP_MESSAGE_FILE);
      fStore = EBMSLogUtils.getOutboundFileName(false, null, base);
    }

    LOG.log("Out " + (isRequestor ? "request" : "response") + " stored to:" + fStore.getName());
    message
        .getExchange()
        .put(
            EBMSConstants.EBMS_CP_BASE_LOG_SOAP_MESSAGE_FILE, EBMSLogUtils.getBaseFileName(fStore));
    message.getExchange().put(EBMSConstants.EBMS_CP_OUT_LOG_SOAP_MESSAGE_FILE, fStore);

    //  create FileOutputStream to log request
    FileOutputStream fos;
    try {
      fos = new FileOutputStream(fStore);
    } catch (FileNotFoundException ex) {
      String errmsg =
          "Could not log outbound message to file: '" + fStore.getAbsolutePath() + "'! ";
      LOG.logError(l, errmsg, ex);
      return;
    }

    // create  CacheAndWriteOutputStream
    final CacheAndWriteOutputStream newOut = new CacheAndWriteOutputStream(os);

    message.setContent(OutputStream.class, newOut);
    newOut.registerCallback(new LoggingCallback(fos, message, os, fStore));

    LOG.logEnd(l);
  }
Example #11
0
 public static final void disableMTOMResponse(WebServiceContext wsContext) {
   MessageContext msgCtx = wsContext.getMessageContext();
   WrappedMessageContext wmc = (WrappedMessageContext) msgCtx;
   Exchange ex = wmc.getWrappedMessage().getExchange();
   Message out = ex.getOutMessage();
   if (out != null) {
     int i = 0;
     for (; MessageUtils.isTrue(out.getContextualProperty(Message.MTOM_ENABLED)) && i < 10; i++) {
       out.setContextualProperty(Message.MTOM_ENABLED, false);
       log.debug(
           "###### disableMTOM! enabled:{}", out.getContextualProperty(Message.MTOM_ENABLED));
     }
     if (i > 1)
       log.warn(
           "###### disable MTOM needs " + i + " tries! enabled:{}",
           out.getContextualProperty(Message.MTOM_ENABLED));
   }
   log.debug("###### MTOM enabled? {}:", out.getContextualProperty(Message.MTOM_ENABLED));
 }
Example #12
0
 private boolean checkBufferingMode(Message m, List<WriterInterceptor> writers, boolean firstTry) {
   if (!firstTry) {
     return false;
   }
   WriterInterceptor last = writers.get(writers.size() - 1);
   MessageBodyWriter<Object> w = ((WriterInterceptorMBW) last).getMBW();
   Object outBuf = m.getContextualProperty(OUT_BUFFERING);
   boolean enabled = MessageUtils.isTrue(outBuf);
   boolean configurableProvider = w instanceof AbstractConfigurableProvider;
   if (!enabled && outBuf == null && configurableProvider) {
     enabled = ((AbstractConfigurableProvider) w).getEnableBuffering();
   }
   if (enabled) {
     boolean streamingOn =
         configurableProvider ? ((AbstractConfigurableProvider) w).getEnableStreaming() : false;
     if (streamingOn) {
       m.setContent(XMLStreamWriter.class, new CachingXmlEventWriter());
     } else {
       m.setContent(OutputStream.class, new CachedOutputStream());
     }
   }
   return enabled;
 }
Example #13
0
  private void serializeMessage(
      ServerProviderFactory providerFactory,
      Message message,
      Response theResponse,
      OperationResourceInfo ori,
      boolean firstTry) {

    ResponseImpl response = (ResponseImpl) JAXRSUtils.copyResponseIfNeeded(theResponse);

    final Exchange exchange = message.getExchange();

    boolean headResponse =
        response.getStatus() == 200
            && firstTry
            && ori != null
            && HttpMethod.HEAD.equals(ori.getHttpMethod());
    Object entity = response.getActualEntity();
    if (headResponse && entity != null) {
      LOG.info(new org.apache.cxf.common.i18n.Message("HEAD_WITHOUT_ENTITY", BUNDLE).toString());
      entity = null;
    }

    Method invoked =
        ori == null
            ? null
            : ori.getAnnotatedMethod() != null ? ori.getAnnotatedMethod() : ori.getMethodToInvoke();

    Annotation[] annotations = null;
    Annotation[] staticAnns = ori != null ? ori.getOutAnnotations() : new Annotation[] {};
    Annotation[] responseAnns = response.getEntityAnnotations();
    if (responseAnns != null) {
      annotations = new Annotation[staticAnns.length + responseAnns.length];
      System.arraycopy(staticAnns, 0, annotations, 0, staticAnns.length);
      System.arraycopy(responseAnns, 0, annotations, staticAnns.length, responseAnns.length);
    } else {
      annotations = staticAnns;
    }

    response.setStatus(getActualStatus(response.getStatus(), entity));
    response.setEntity(entity, annotations);

    // Prepare the headers
    MultivaluedMap<String, Object> responseHeaders =
        prepareResponseHeaders(message, response, entity, firstTry);

    // Run the filters
    try {
      JAXRSUtils.runContainerResponseFilters(providerFactory, response, message, ori, invoked);
    } catch (Throwable ex) {
      handleWriteException(providerFactory, message, ex, firstTry);
      return;
    }

    // Write the entity
    entity = InjectionUtils.getEntity(response.getActualEntity());
    setResponseStatus(message, getActualStatus(response.getStatus(), entity));
    if (entity == null) {
      if (!headResponse) {
        responseHeaders.putSingle(HttpHeaders.CONTENT_LENGTH, "0");
        if (MessageUtils.getContextualBoolean(
            message, "remove.content.type.for.empty.response", false)) {
          responseHeaders.remove(HttpHeaders.CONTENT_TYPE);
          message.remove(Message.CONTENT_TYPE);
        }
      }
      HttpUtils.convertHeaderValuesToString(responseHeaders, true);
      return;
    }

    Object ignoreWritersProp = exchange.get(JAXRSUtils.IGNORE_MESSAGE_WRITERS);
    boolean ignoreWriters =
        ignoreWritersProp == null ? false : Boolean.valueOf(ignoreWritersProp.toString());
    if (ignoreWriters) {
      writeResponseToStream(message.getContent(OutputStream.class), entity);
      return;
    }

    MediaType responseMediaType =
        getResponseMediaType(responseHeaders.getFirst(HttpHeaders.CONTENT_TYPE));

    Class<?> serviceCls = invoked != null ? ori.getClassResourceInfo().getServiceClass() : null;
    Class<?> targetType = InjectionUtils.getRawResponseClass(entity);
    Type genericType =
        InjectionUtils.getGenericResponseType(
            invoked, serviceCls, response.getActualEntity(), targetType, exchange);
    targetType = InjectionUtils.updateParamClassToTypeIfNeeded(targetType, genericType);
    annotations = response.getEntityAnnotations();

    List<WriterInterceptor> writers =
        providerFactory.createMessageBodyWriterInterceptor(
            targetType,
            genericType,
            annotations,
            responseMediaType,
            message,
            ori == null ? null : ori.getNameBindings());

    OutputStream outOriginal = message.getContent(OutputStream.class);
    if (writers == null || writers.isEmpty()) {
      writeResponseErrorMessage(
          message, outOriginal, "NO_MSG_WRITER", targetType, responseMediaType);
      return;
    }
    try {
      boolean checkWriters = false;
      if (responseMediaType.isWildcardSubtype()) {
        Produces pM =
            AnnotationUtils.getMethodAnnotation(
                ori == null ? null : ori.getAnnotatedMethod(), Produces.class);
        Produces pC = AnnotationUtils.getClassAnnotation(serviceCls, Produces.class);
        checkWriters = pM == null && pC == null;
      }
      responseMediaType = checkFinalContentType(responseMediaType, writers, checkWriters);
    } catch (Throwable ex) {
      handleWriteException(providerFactory, message, ex, firstTry);
      return;
    }
    String finalResponseContentType = JAXRSUtils.mediaTypeToString(responseMediaType);
    if (LOG.isLoggable(Level.FINE)) {
      LOG.fine("Response content type is: " + finalResponseContentType);
    }
    responseHeaders.putSingle(HttpHeaders.CONTENT_TYPE, finalResponseContentType);
    message.put(Message.CONTENT_TYPE, finalResponseContentType);

    boolean enabled = checkBufferingMode(message, writers, firstTry);
    try {

      try {
        JAXRSUtils.writeMessageBody(
            writers,
            entity,
            targetType,
            genericType,
            annotations,
            responseMediaType,
            responseHeaders,
            message);

        if (isResponseRedirected(message)) {
          return;
        }
        checkCachedStream(message, outOriginal, enabled);
      } finally {
        if (enabled) {
          OutputStream os = message.getContent(OutputStream.class);
          if (os != outOriginal && os instanceof CachedOutputStream) {
            os.close();
          }
          message.setContent(OutputStream.class, outOriginal);
          message.put(XMLStreamWriter.class.getName(), null);
        }
      }

    } catch (Throwable ex) {
      logWriteError(firstTry, targetType, responseMediaType);
      handleWriteException(providerFactory, message, ex, firstTry);
    }
  }
Example #14
0
  /**
   * This method is called by {@link CxfConsumer} to populate a CXF response exchange from a Camel
   * exchange.
   */
  public void populateCxfResponseFromExchange(
      Exchange camelExchange, org.apache.cxf.message.Exchange cxfExchange) {

    if (cxfExchange.isOneWay()) {
      return;
    }

    // create response context
    Map<String, Object> responseContext = new HashMap<String, Object>();

    org.apache.camel.Message response;
    if (camelExchange.getPattern().isOutCapable()) {
      if (camelExchange.hasOut()) {
        response = camelExchange.getOut();
        LOG.trace("Get the response from the out message");
      } else { // Take the in message as a fall back
        response = camelExchange.getIn();
        LOG.trace("Get the response from the in message as a fallback");
      }
    } else {
      response = camelExchange.getIn();
      LOG.trace("Get the response from the in message");
    }

    // propagate response context
    Map<String, Object> camelHeaders = response.getHeaders();
    extractInvocationContextFromCamel(
        camelExchange, camelHeaders, responseContext, Client.RESPONSE_CONTEXT);

    propagateHeadersFromCamelToCxf(camelExchange, camelHeaders, cxfExchange, responseContext);
    // create out message
    Endpoint ep = cxfExchange.get(Endpoint.class);
    Message outMessage = ep.getBinding().createMessage();
    cxfExchange.setOutMessage(outMessage);

    DataFormat dataFormat =
        camelExchange.getProperty(CxfConstants.DATA_FORMAT_PROPERTY, DataFormat.class);

    // make sure the "requestor role" property does not get propagated as we do switch role
    responseContext.remove(Message.REQUESTOR_ROLE);

    outMessage.putAll(responseContext);

    // Do we still need to put the response context back like this
    outMessage.put(Client.RESPONSE_CONTEXT, responseContext);

    LOG.trace("Set out response context = {}", responseContext);

    // set body
    Object outBody = DefaultCxfBinding.getBodyFromCamel(response, dataFormat);

    if (outBody != null) {
      if (dataFormat == DataFormat.PAYLOAD) {
        CxfPayload<?> payload = (CxfPayload<?>) outBody;
        outMessage.setContent(
            List.class, getResponsePayloadList(cxfExchange, payload.getBodySources()));
        outMessage.put(Header.HEADER_LIST, payload.getHeaders());
      } else {
        if (responseContext.get(Header.HEADER_LIST) != null) {
          outMessage.put(Header.HEADER_LIST, responseContext.get(Header.HEADER_LIST));
        }

        MessageContentsList resList = null;
        // Create a new MessageContentsList to avoid OOM from the HolderOutInterceptor
        if (outBody instanceof List) {
          resList = new MessageContentsList((List<?>) outBody);
        } else if (outBody.getClass().isArray()) {
          resList = new MessageContentsList((Object[]) outBody);
        } else {
          resList = new MessageContentsList(outBody);
        }

        if (resList != null) {
          outMessage.setContent(List.class, resList);
          LOG.trace("Set Out CXF message content = {}", resList);
        }
      }
    } else if (!cxfExchange.isOneWay()
        && cxfExchange.getInMessage() != null
        && MessageUtils.isTrue(
            cxfExchange
                .getInMessage()
                .getContextualProperty("jaxws.provider.interpretNullAsOneway"))) {
      // treat this non-oneway call as oneway when the provider returns a null
      changeToOneway(cxfExchange);
      return;
    }

    // propagate attachments

    Set<Attachment> attachments = null;
    boolean isXop = Boolean.valueOf(camelExchange.getProperty(Message.MTOM_ENABLED, String.class));
    for (Map.Entry<String, DataHandler> entry :
        camelExchange.getOut().getAttachments().entrySet()) {
      if (attachments == null) {
        attachments = new HashSet<Attachment>();
      }
      AttachmentImpl attachment = new AttachmentImpl(entry.getKey(), entry.getValue());
      attachment.setXOP(isXop);
      attachments.add(attachment);
    }

    if (attachments != null) {
      outMessage.setAttachments(attachments);
    }

    BindingOperationInfo boi = cxfExchange.get(BindingOperationInfo.class);
    if (boi != null) {
      cxfExchange.put(BindingMessageInfo.class, boi.getOutput());
    }
  }
Example #15
0
  protected ResponseBuilder setResponseBuilder(Message outMessage, Exchange exchange)
      throws Exception {
    Response response = exchange.get(Response.class);
    if (response != null) {
      outMessage
          .getExchange()
          .getInMessage()
          .put(Message.PROTOCOL_HEADERS, response.getStringHeaders());
      return JAXRSUtils.fromResponse(JAXRSUtils.copyResponseIfNeeded(response));
    }

    Integer status = getResponseCode(exchange);
    ResponseBuilder currentResponseBuilder = JAXRSUtils.toResponseBuilder(status);

    Message responseMessage =
        exchange.getInMessage() != null ? exchange.getInMessage() : exchange.getInFaultMessage();
    // if there is no response message, we just send the response back directly
    if (responseMessage == null) {
      return currentResponseBuilder;
    }

    Map<String, List<Object>> protocolHeaders =
        CastUtils.cast((Map<?, ?>) responseMessage.get(Message.PROTOCOL_HEADERS));

    boolean splitHeaders =
        MessageUtils.isTrue(outMessage.getContextualProperty(HEADER_SPLIT_PROPERTY));
    for (Map.Entry<String, List<Object>> entry : protocolHeaders.entrySet()) {
      if (null == entry.getKey()) {
        continue;
      }
      if (entry.getValue().size() > 0) {
        if (HttpUtils.isDateRelatedHeader(entry.getKey())) {
          currentResponseBuilder.header(entry.getKey(), entry.getValue().get(0));
          continue;
        }
        for (Object valObject : entry.getValue()) {
          if (splitHeaders && valObject instanceof String) {
            String val = (String) valObject;
            String[] values;
            if (val == null || val.length() == 0) {
              values = new String[] {""};
            } else if (val.charAt(0) == '"' && val.charAt(val.length() - 1) == '"') {
              // if the value starts with a quote and ends with a quote, we do a best
              // effort attempt to determine what the individual values are.
              values = parseQuotedHeaderValue(val);
            } else {
              boolean splitPossible =
                  !(HttpHeaders.SET_COOKIE.equalsIgnoreCase(entry.getKey())
                      && val.toUpperCase().contains(HttpHeaders.EXPIRES.toUpperCase()));
              values = splitPossible ? val.split(",") : new String[] {val};
            }
            for (String s : values) {
              String theValue = s.trim();
              if (theValue.length() > 0) {
                currentResponseBuilder.header(entry.getKey(), theValue);
              }
            }
          } else {
            currentResponseBuilder.header(entry.getKey(), valObject);
          }
        }
      }
    }
    String ct = (String) responseMessage.get(Message.CONTENT_TYPE);
    if (ct != null) {
      currentResponseBuilder.type(ct);
    }
    InputStream mStream = responseMessage.getContent(InputStream.class);
    currentResponseBuilder.entity(mStream);

    return currentResponseBuilder;
  }
Example #16
0
 protected boolean responseStreamCanBeClosed(Message outMessage, Class<?> cls) {
   return cls != InputStream.class
       && MessageUtils.isTrue(outMessage.getContextualProperty("response.stream.auto.close"));
 }
  @Override
  protected void writeParts(
      Message message,
      Exchange exchange,
      BindingOperationInfo operation,
      MessageContentsList objs,
      List<MessagePartInfo> parts) {
    // TODO Auto-generated method stub
    OutputStream out = message.getContent(OutputStream.class);
    XMLStreamWriter origXmlWriter = message.getContent(XMLStreamWriter.class);
    Service service = exchange.getService();
    XMLStreamWriter xmlWriter = origXmlWriter;
    CachingXmlEventWriter cache = null;

    Object en = message.getContextualProperty(OUT_BUFFERING);
    boolean allowBuffer = true;
    boolean buffer = false;
    if (en != null) {
      buffer = Boolean.TRUE.equals(en) || "true".equals(en);
      allowBuffer = !(Boolean.FALSE.equals(en) || "false".equals(en));
    }
    // need to cache the events in case validation fails or buffering is enabled
    if (buffer || (allowBuffer && shouldValidate(message) && !isRequestor(message))) {
      cache = new CachingXmlEventWriter();
      try {
        cache.setNamespaceContext(origXmlWriter.getNamespaceContext());
      } catch (XMLStreamException e) {
        // ignorable, will just get extra namespace decls
      }
      xmlWriter = cache;
      out = null;
    }

    if (out != null
        && writeToOutputStream(message, operation.getBinding(), service)
        && !MessageUtils.isTrue(message.getContextualProperty(DISABLE_OUTPUTSTREAM_OPTIMIZATION))) {
      if (xmlWriter != null) {
        try {
          xmlWriter.writeCharacters("");
          xmlWriter.flush();
        } catch (XMLStreamException e) {
          throw new Fault(e);
        }
      }

      DataWriter<OutputStream> osWriter = getDataWriter(message, service, OutputStream.class);

      for (MessagePartInfo part : parts) {
        if (objs.hasValue(part)) {
          Object o = objs.get(part);
          osWriter.write(o, part, out);
        }
      }
    } else {
      DataWriter<XMLStreamWriter> dataWriter = new CustomDataWriter(prismContext);

      for (MessagePartInfo part : parts) {
        if (objs.hasValue(part)) {
          Object o = objs.get(part);
          dataWriter.write(o, part, xmlWriter);
        }
      }
    }
    if (cache != null) {
      try {
        for (XMLEvent event : cache.getEvents()) {
          StaxUtils.writeEvent(event, origXmlWriter);
        }
      } catch (XMLStreamException e) {
        throw new Fault(e);
      }
    }
  }
Example #18
0
  private void doSignature(
      AbstractTokenWrapper wrapper,
      AbstractToken policyToken,
      SecurityToken tok,
      List<SecurePart> sigParts)
      throws WSSecurityException, SOAPException {

    // Action
    WSSSecurityProperties properties = getProperties();
    WSSConstants.Action actionToPerform = WSSConstants.SIGNATURE;
    if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
      actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
      if (MessageUtils.isRequestor(message) && policyToken instanceof X509Token) {
        properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
      } else {
        properties.setDerivedKeyTokenReference(
            WSSConstants.DerivedKeyTokenReference.DirectReference);
      }
      AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
      properties.setDerivedSignatureKeyLength(algSuiteType.getSignatureDerivedKeyLength() / 8);
    }

    if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
      properties.setUse200512Namespace(true);
    }

    List<WSSConstants.Action> actionList = properties.getActions();
    // Add a Signature directly before Kerberos, otherwise just append it
    boolean actionAdded = false;
    for (int i = 0; i < actionList.size(); i++) {
      WSSConstants.Action action = actionList.get(i);
      if (action.equals(WSSConstants.KERBEROS_TOKEN)) {
        actionList.add(i, actionToPerform);
        actionAdded = true;
        break;
      }
    }
    if (!actionAdded) {
      actionList.add(actionToPerform);
    }

    properties.getSignatureSecureParts().addAll(sigParts);

    AbstractToken sigToken = wrapper.getToken();
    if (sbinding.isProtectTokens() && sigToken instanceof X509Token && isRequestor()) {
      SecurePart securePart =
          new SecurePart(new QName(WSSConstants.NS_XMLENC, "EncryptedKey"), Modifier.Element);
      properties.addSignaturePart(securePart);
    }

    configureSignature(sigToken, false);

    if (policyToken instanceof X509Token) {
      properties.setIncludeSignatureToken(false);
      if (isRequestor()) {
        properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_EncryptedKey);
      } else {
        properties.setSignatureKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
        if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
          properties.setDerivedKeyKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
          properties.setSignatureKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        }
      }
    } else if (policyToken instanceof KerberosToken) {
      if (isRequestor()) {
        properties.setDerivedKeyKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
      } else {
        if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
          properties.setSignatureKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else {
          properties.setSignatureKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
        }
        properties.setDerivedKeyKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
      }
    } else if (policyToken instanceof IssuedToken
        || policyToken instanceof SecurityContextToken
        || policyToken instanceof SecureConversationToken
        || policyToken instanceof SpnegoContextToken) {
      if (!isRequestor()) {
        properties.setIncludeSignatureToken(false);
      } else {
        properties.setIncludeSignatureToken(true);
      }
      properties.setDerivedKeyKeyIdentifier(
          WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
    }

    if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
      properties.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
    }
  }
Example #19
0
  /**
   * Asserts all Addressing assertions for the current message, regardless their nested Policies.
   *
   * @param message the current message
   */
  private void assertAddressing(
      Message message, EndpointReferenceType replyTo, EndpointReferenceType faultTo) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    if (null == aim) {
      return;
    }
    if (faultTo == null) {
      faultTo = replyTo;
    }
    boolean anonReply = ContextUtils.isGenericAddress(replyTo);
    boolean anonFault = ContextUtils.isGenericAddress(faultTo);
    boolean onlyAnonymous = anonReply && anonFault;
    boolean hasAnonymous = anonReply || anonFault;

    QName[] types =
        new QName[] {
          MetadataConstants.ADDRESSING_ASSERTION_QNAME,
          MetadataConstants.USING_ADDRESSING_2004_QNAME,
          MetadataConstants.USING_ADDRESSING_2005_QNAME,
          MetadataConstants.USING_ADDRESSING_2006_QNAME
        };

    for (QName type : types) {
      assertAssertion(aim, type);
      if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME)) {
        if (onlyAnonymous) {
          assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME);
        } else if (!hasAnonymous) {
          assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME);
        }
      } else if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705)) {
        if (onlyAnonymous) {
          assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705);
        } else if (!hasAnonymous) {
          assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705);
        }
      }
    }
    if (!MessageUtils.isRequestor(message) && !MessageUtils.isOutbound(message)) {
      // need to throw an appropriate fault for these
      Collection<AssertionInfo> aicNonAnon =
          aim.getAssertionInfo(MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME);
      Collection<AssertionInfo> aicNonAnon2 =
          aim.getAssertionInfo(MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705);
      Collection<AssertionInfo> aicAnon =
          aim.getAssertionInfo(MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME);
      Collection<AssertionInfo> aicAnon2 =
          aim.getAssertionInfo(MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705);
      boolean hasAnon =
          (aicAnon != null && !aicAnon.isEmpty()) || (aicAnon2 != null && !aicAnon2.isEmpty());
      boolean hasNonAnon =
          (aicNonAnon != null && !aicNonAnon.isEmpty())
              || (aicNonAnon2 != null && !aicNonAnon2.isEmpty());

      if (hasAnonymous && hasNonAnon && !hasAnon) {
        message.put(FaultMode.class, FaultMode.UNCHECKED_APPLICATION_FAULT);
        if (isSOAP12(message)) {
          SoapFault soap12Fault =
              new SoapFault(
                  "Found anonymous address but non-anonymous required",
                  Soap12.getInstance().getSender());
          soap12Fault.addSubCode(
              new QName(Names.WSA_NAMESPACE_NAME, "OnlyNonAnonymousAddressSupported"));
          throw soap12Fault;
        }

        throw new SoapFault(
            "Found anonymous address but non-anonymous required",
            new QName(Names.WSA_NAMESPACE_NAME, "OnlyNonAnonymousAddressSupported"));
      } else if (!onlyAnonymous && !hasNonAnon && hasAnon) {
        message.put(FaultMode.class, FaultMode.UNCHECKED_APPLICATION_FAULT);
        if (isSOAP12(message)) {
          SoapFault soap12Fault =
              new SoapFault(
                  "Found non-anonymous address but only anonymous supported",
                  Soap12.getInstance().getSender());
          soap12Fault.addSubCode(
              new QName(Names.WSA_NAMESPACE_NAME, "OnlyAnonymousAddressSupported"));
          throw soap12Fault;
        }

        throw new SoapFault(
            "Found non-anonymous address but only anonymous supported",
            new QName(Names.WSA_NAMESPACE_NAME, "OnlyAnonymousAddressSupported"));
      }
    }
  }
Example #20
0
  // CHECKSTYLE:OFF - spec requires a bunch of params
  public W3CEndpointReference createW3CEndpointReference(
      String address,
      QName interfaceName,
      QName serviceName,
      QName portName,
      List<Element> metadata,
      String wsdlDocumentLocation,
      List<Element> referenceParameters,
      List<Element> elements,
      Map<QName, String> attributes) {
    // CHECKSTYLE:ON
    if (serviceName != null
        && portName != null
        && wsdlDocumentLocation != null
        && interfaceName == null) {
      Bus bus = BusFactory.getThreadDefaultBus();
      WSDLManager wsdlManager = bus.getExtension(WSDLManager.class);
      try {
        Definition def = wsdlManager.getDefinition(wsdlDocumentLocation);
        interfaceName =
            def.getService(serviceName)
                .getPort(portName.getLocalPart())
                .getBinding()
                .getPortType()
                .getQName();
      } catch (Exception e) {
        // do nothing
      }
    }
    if (serviceName == null && portName == null && address == null) {
      throw new IllegalStateException(
          "Address in an EPR cannot be null, " + " when serviceName or portName is null");
    }
    try {
      W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
      writer.setPrefix(JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.NS_WSA);
      writer.writeStartElement(
          JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.WSA_ERF_NAME, JAXWSAConstants.NS_WSA);
      writer.writeNamespace(JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.NS_WSA);

      writer.writeStartElement(
          JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.WSA_ADDRESS_NAME, JAXWSAConstants.NS_WSA);
      address = address == null ? "" : address;
      writer.writeCharacters(address);
      writer.writeEndElement();

      if (referenceParameters != null) {
        writer.writeStartElement(
            JAXWSAConstants.WSA_PREFIX,
            JAXWSAConstants.WSA_REFERENCEPARAMETERS_NAME,
            JAXWSAConstants.NS_WSA);
        for (Element ele : referenceParameters) {
          StaxUtils.writeElement(ele, writer, true);
        }
        writer.writeEndElement();
      }

      if (wsdlDocumentLocation != null
          || interfaceName != null
          || serviceName != null
          || (metadata != null && metadata.size() > 0)) {

        writer.writeStartElement(
            JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.WSA_METADATA_NAME, JAXWSAConstants.NS_WSA);
        writer.writeNamespace(JAXWSAConstants.WSAW_PREFIX, JAXWSAConstants.NS_WSAW);
        writer.writeNamespace(JAXWSAConstants.WSAM_PREFIX, JAXWSAConstants.NS_WSAM);

        if (wsdlDocumentLocation != null) {
          boolean includeLocationOnly = false;
          org.apache.cxf.message.Message message = PhaseInterceptorChain.getCurrentMessage();
          if (message != null) {
            includeLocationOnly =
                MessageUtils.isTrue(
                    message.getContextualProperty("org.apache.cxf.wsa.metadata.wsdlLocationOnly"));
          }
          String attrubuteValue =
              serviceName != null && !includeLocationOnly
                  ? serviceName.getNamespaceURI() + " " + wsdlDocumentLocation
                  : wsdlDocumentLocation;
          writer.writeNamespace(JAXWSAConstants.WSDLI_PFX, JAXWSAConstants.NS_WSDLI);
          writer.writeAttribute(
              JAXWSAConstants.WSDLI_PFX,
              JAXWSAConstants.NS_WSDLI,
              JAXWSAConstants.WSDLI_WSDLLOCATION,
              attrubuteValue);
        }
        if (interfaceName != null) {
          writer.writeStartElement(
              JAXWSAConstants.WSAM_PREFIX,
              JAXWSAConstants.WSAM_INTERFACE_NAME,
              JAXWSAConstants.NS_WSAM);
          String portTypePrefix = interfaceName.getPrefix();
          if (portTypePrefix == null || portTypePrefix.equals("")) {
            portTypePrefix = "ns1";
          }
          writer.writeNamespace(portTypePrefix, interfaceName.getNamespaceURI());
          writer.writeCharacters(portTypePrefix + ":" + interfaceName.getLocalPart());
          writer.writeEndElement();
        }

        String serviceNamePrefix = null;

        if (serviceName != null) {
          serviceNamePrefix =
              (serviceName.getPrefix() == null || serviceName.getPrefix().length() == 0)
                  ? "ns2"
                  : serviceName.getPrefix();

          writer.writeStartElement(
              JAXWSAConstants.WSAM_PREFIX,
              JAXWSAConstants.WSAM_SERVICENAME_NAME,
              JAXWSAConstants.NS_WSAM);

          if (portName != null) {
            writer.writeAttribute(JAXWSAConstants.WSAM_ENDPOINT_NAME, portName.getLocalPart());
          }
          writer.writeNamespace(serviceNamePrefix, serviceName.getNamespaceURI());
          writer.writeCharacters(serviceNamePrefix + ":" + serviceName.getLocalPart());

          writer.writeEndElement();
        }

        if (wsdlDocumentLocation != null) {

          writer.writeStartElement(
              WSDLConstants.WSDL_PREFIX,
              WSDLConstants.QNAME_DEFINITIONS.getLocalPart(),
              WSDLConstants.NS_WSDL11);
          writer.writeNamespace(WSDLConstants.WSDL_PREFIX, WSDLConstants.NS_WSDL11);
          writer.writeStartElement(
              WSDLConstants.WSDL_PREFIX,
              WSDLConstants.QNAME_IMPORT.getLocalPart(),
              WSDLConstants.QNAME_IMPORT.getNamespaceURI());
          if (serviceName != null) {
            writer.writeAttribute(WSDLConstants.ATTR_NAMESPACE, serviceName.getNamespaceURI());
          }
          writer.writeAttribute(WSDLConstants.ATTR_LOCATION, wsdlDocumentLocation);
          writer.writeEndElement();
          writer.writeEndElement();
        }

        if (metadata != null) {
          for (Element e : metadata) {
            StaxUtils.writeElement(e, writer, true);
          }
        }

        writer.writeEndElement();
      }

      if (elements != null) {
        for (Element e : elements) {
          StaxUtils.writeElement(e, writer, true);
        }
      }
      writer.writeEndElement();
      writer.flush();

      Unmarshaller unmarshaller = getJAXBContext().createUnmarshaller();
      return (W3CEndpointReference) unmarshaller.unmarshal(writer.getDocument());
    } catch (Exception e) {
      throw new WebServiceException(
          new Message("ERROR_UNMARSHAL_ENDPOINTREFERENCE", LOG).toString(), e);
    }
  }
Example #21
0
 // Some CXF interceptors such as FIStaxOutInterceptor will indirectly initiate
 // an early copying of response code and headers into the HttpServletResponse
 // TODO : Pushing the filter processing and copying response headers into say
 // PRE-LOGICAl and PREPARE_SEND interceptors will most likely be a good thing
 // however JAX-RS MessageBodyWriters are also allowed to add response headers
 // which is reason why a MultipartMap parameter in MessageBodyWriter.writeTo
 // method is modifiable. Thus we do need to know if the initial copy has already
 // occurred: for now we will just use to ensure the correct status is set
 private boolean isResponseHeadersCopied(Message message) {
   return MessageUtils.isTrue(message.get(AbstractHTTPDestination.RESPONSE_HEADERS_COPIED));
 }
  protected void handle(Message msg) {
    if (MessageUtils.isRequestor(msg)) {
      LOG.fine("Is a requestor.");
      return;
    }

    Exchange exchange = msg.getExchange();
    assert null != exchange;

    BindingOperationInfo boi = exchange.get(BindingOperationInfo.class);
    if (null == boi) {
      LOG.fine("No binding operation info.");
      return;
    }

    Endpoint e = exchange.get(Endpoint.class);
    if (null == e) {
      LOG.fine("No endpoint.");
      return;
    }
    EndpointInfo ei = e.getEndpointInfo();

    Bus bus = exchange.get(Bus.class);
    PolicyEngine pe = bus.getExtension(PolicyEngine.class);
    if (null == pe) {
      return;
    }

    Destination destination = exchange.getDestination();

    Exception ex = exchange.get(Exception.class);

    List<Interceptor<? extends Message>> faultInterceptors =
        new ArrayList<Interceptor<? extends Message>>();
    Collection<Assertion> assertions = new ArrayList<Assertion>();

    // 1. Check overridden policy
    Policy p = (Policy) msg.getContextualProperty(PolicyConstants.POLICY_OVERRIDE);
    if (p != null) {
      EndpointPolicyImpl endpi = new EndpointPolicyImpl(p);
      EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
      effectivePolicy.initialise(endpi, (PolicyEngineImpl) pe, false, true);
      PolicyUtils.logPolicy(
          LOG, Level.FINEST, "Using effective policy: ", effectivePolicy.getPolicy());

      faultInterceptors.addAll(effectivePolicy.getInterceptors());
      assertions.addAll(effectivePolicy.getChosenAlternative());
    } else {
      // 2. Process effective server policy
      BindingFaultInfo bfi = getBindingFaultInfo(msg, ex, boi);

      if (bfi == null
          && msg.get(FaultMode.class) != FaultMode.UNCHECKED_APPLICATION_FAULT
          && msg.get(FaultMode.class) != FaultMode.CHECKED_APPLICATION_FAULT) {
        return;
      }

      EffectivePolicy effectivePolicy = pe.getEffectiveServerFaultPolicy(ei, boi, bfi, destination);
      if (effectivePolicy != null) {
        faultInterceptors.addAll(effectivePolicy.getInterceptors());
        assertions.addAll(effectivePolicy.getChosenAlternative());
      }
    }

    // add interceptors into message chain
    for (Interceptor<? extends Message> oi : faultInterceptors) {
      msg.getInterceptorChain().add(oi);
      LOG.log(Level.FINE, "Added interceptor of type {0}", oi.getClass().getSimpleName());
    }

    // insert assertions of the chosen alternative into the message
    if (null != assertions && !assertions.isEmpty()) {
      msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
    }
  }
Example #23
0
  private void doResend(SoapMessage message) {
    try {

      // initialize copied interceptor chain for message
      PhaseInterceptorChain retransmitChain = manager.getRetransmitChain(message);
      ProtocolVariation protocol = RMContextUtils.getProtocolVariation(message);
      Endpoint endpoint = manager.getReliableEndpoint(message).getEndpoint(protocol);
      PhaseChainCache cache = new PhaseChainCache();
      boolean after = true;
      if (retransmitChain == null) {

        // no saved retransmit chain, so construct one from scratch (won't work for WS-Security on
        // server, so
        //  need to fix)
        retransmitChain = buildRetransmitChain(endpoint, cache);
        after = false;
      }
      message.setInterceptorChain(retransmitChain);

      // clear flag for SOAP out interceptor so envelope will be written
      message.remove(SoapOutInterceptor.WROTE_ENVELOPE_START);

      // discard all saved content
      Set<Class<?>> formats = message.getContentFormats();
      List<CachedOutputStreamCallback> callbacks = null;
      for (Class<?> clas : formats) {
        Object content = message.getContent(clas);
        if (content != null) {
          LOG.info(
              "Removing "
                  + clas.getName()
                  + " content of actual type "
                  + content.getClass().getName());
          message.removeContent(clas);
          if (clas == OutputStream.class && content instanceof WriteOnCloseOutputStream) {
            callbacks = ((WriteOnCloseOutputStream) content).getCallbacks();
          }
        }
      }

      // read SOAP headers from saved input stream
      RewindableInputStream is =
          (RewindableInputStream) message.get(RMMessageConstants.SAVED_CONTENT);
      is.rewind();
      XMLStreamReader reader = StaxUtils.createXMLStreamReader(is, "UTF-8");
      message.getHeaders().clear();
      if (reader.getEventType() != XMLStreamConstants.START_ELEMENT
          && reader.nextTag() != XMLStreamConstants.START_ELEMENT) {
        throw new IllegalStateException("No document found");
      }
      readHeaders(reader, message);
      int event;
      while ((event = reader.nextTag()) != XMLStreamConstants.START_ELEMENT) {
        if (event == XMLStreamConstants.END_ELEMENT) {
          throw new IllegalStateException("No body content present");
        }
      }

      // set message addressing properties
      AddressingProperties maps = new MAPCodec().unmarshalMAPs(message);
      RMContextUtils.storeMAPs(maps, message, true, MessageUtils.isRequestor(message));
      AttributedURIType to = null;
      if (null != maps) {
        to = maps.getTo();
      }
      if (null == to) {
        LOG.log(Level.SEVERE, "NO_ADDRESS_FOR_RESEND_MSG");
        return;
      }
      if (RMUtils.getAddressingConstants().getAnonymousURI().equals(to.getValue())) {
        LOG.log(Level.FINE, "Cannot resend to anonymous target");
        return;
      }

      // initialize conduit for new message
      Conduit c = message.getExchange().getConduit(message);
      if (c == null) {
        c = buildConduit(message, endpoint, to);
      }
      c.prepare(message);

      // replace standard message marshaling with copy from saved stream
      ListIterator<Interceptor<? extends Message>> iterator = retransmitChain.getIterator();
      while (iterator.hasNext()) {
        Interceptor<? extends Message> incept = iterator.next();

        // remove JAX-WS interceptors which handle message modes and such
        if (incept.getClass().getName().startsWith("org.apache.cxf.jaxws.interceptors")) {
          retransmitChain.remove(incept);
        } else if (incept instanceof PhaseInterceptor
            && (((PhaseInterceptor<?>) incept).getPhase() == Phase.MARSHAL)) {

          // remove any interceptors from the marshal phase
          retransmitChain.remove(incept);
        }
      }
      retransmitChain.add(new CopyOutInterceptor(reader));

      // restore callbacks on output stream
      if (callbacks != null) {
        OutputStream os = message.getContent(OutputStream.class);
        if (os != null) {
          WriteOnCloseOutputStream woc;
          if (os instanceof WriteOnCloseOutputStream) {
            woc = (WriteOnCloseOutputStream) os;
          } else {
            woc = new WriteOnCloseOutputStream(os);
            message.setContent(OutputStream.class, woc);
          }
          for (CachedOutputStreamCallback cb : callbacks) {
            woc.registerCallback(cb);
          }
        }
      }

      // send the message
      message.put(RMMessageConstants.RM_RETRANSMISSION, Boolean.TRUE);
      if (after) {
        retransmitChain.doInterceptStartingAfter(message, RMCaptureOutInterceptor.class.getName());
      } else {
        retransmitChain.doIntercept(message);
      }
      if (LOG.isLoggable(Level.INFO)) {
        RMProperties rmps = RMContextUtils.retrieveRMProperties(message, true);
        SequenceType seq = rmps.getSequence();
        LOG.log(
            Level.INFO,
            "Retransmitted message "
                + seq.getMessageNumber()
                + " in sequence "
                + seq.getIdentifier().getValue());
        rmps = new RMProperties();
      }

    } catch (Exception ex) {
      LOG.log(Level.SEVERE, "RESEND_FAILED_MSG", ex);
    }
  }
Example #24
0
  /**
   * Validate incoming MAPs
   *
   * @param maps the incoming MAPs
   * @param message the current message
   * @return true if incoming MAPs are valid
   * @pre inbound message, not requestor
   */
  private boolean validateIncomingMAPs(AddressingProperties maps, Message message) {
    boolean valid = true;

    if (maps != null) {
      // WSAB spec, section 4.2 validation (SOAPAction must match action
      String sa = SoapActionInInterceptor.getSoapAction(message);
      String s1 = this.getActionUri(message, false);

      if (maps.getAction() == null || maps.getAction().getValue() == null) {
        String reason = BUNDLE.getString("MISSING_ACTION_MESSAGE");

        ContextUtils.storeMAPFaultName(Names.HEADER_REQUIRED_NAME, message);
        ContextUtils.storeMAPFaultReason(reason, message);
        valid = false;
      }

      if (!StringUtils.isEmpty(sa)
          && valid
          && !MessageUtils.isTrue(message.get(MAPAggregator.ACTION_VERIFIED))) {
        if (sa.startsWith("\"")) {
          sa = sa.substring(1, sa.lastIndexOf('"'));
        }
        String action = maps.getAction() == null ? "" : maps.getAction().getValue();
        if (!StringUtils.isEmpty(sa) && !sa.equals(action)) {
          // don't match, must send fault back....
          String reason = BUNDLE.getString("INVALID_ADDRESSING_PROPERTY_MESSAGE");

          ContextUtils.storeMAPFaultName(Names.ACTION_MISMATCH_NAME, message);
          ContextUtils.storeMAPFaultReason(reason, message);
          valid = false;
        } else if (!StringUtils.isEmpty(s1)
            && !action.equals(s1)
            && !action.equals(s1 + "Request")
            && !s1.equals(action + "Request")) {
          // if java first, it's likely to have "Request", if wsdl first,
          // it will depend if the wsdl:input has a name or not. Thus, we'll
          // check both plain and with the "Request" trailer

          // doesn't match what's in the wsdl/annotations
          String reason =
              BundleUtils.getFormattedString(BUNDLE, "ACTION_NOT_SUPPORTED_MSG", action);

          ContextUtils.storeMAPFaultName(Names.ACTION_NOT_SUPPORTED_NAME, message);
          ContextUtils.storeMAPFaultReason(reason, message);
          valid = false;
        }
      }

      AttributedURIType messageID = maps.getMessageID();

      if (!message.getExchange().isOneWay()
          && (messageID == null || messageID.getValue() == null)
          && valid) {
        String reason = BUNDLE.getString("MISSING_ACTION_MESSAGE");

        ContextUtils.storeMAPFaultName(Names.HEADER_REQUIRED_NAME, message);
        ContextUtils.storeMAPFaultReason(reason, message);

        valid = false;
      }

      // Always cache message IDs, even when the message is not valid for some
      // other reason.
      if (!allowDuplicates
          && messageID != null
          && messageID.getValue() != null
          && !messageIdCache.checkUniquenessAndCacheId(messageID.getValue())) {

        LOG.log(Level.WARNING, "DUPLICATE_MESSAGE_ID_MSG", messageID.getValue());

        // Only throw the fault if something else has not already marked the
        // message as invalid.
        if (valid) {
          String reason = BUNDLE.getString("DUPLICATE_MESSAGE_ID_MSG");
          String l7dReason = MessageFormat.format(reason, messageID.getValue());
          ContextUtils.storeMAPFaultName(Names.DUPLICATE_MESSAGE_ID_NAME, message);
          ContextUtils.storeMAPFaultReason(l7dReason, message);
        }

        valid = false;
      }
    } else if (usingAddressingAdvisory) {
      String reason = BUNDLE.getString("MISSING_ACTION_MESSAGE");

      ContextUtils.storeMAPFaultName(Names.HEADER_REQUIRED_NAME, message);
      ContextUtils.storeMAPFaultReason(reason, message);
      valid = false;
    }

    if (Names.INVALID_CARDINALITY_NAME.equals(ContextUtils.retrieveMAPFaultName(message))) {
      valid = false;
    }

    return valid;
  }
Example #25
0
  private void doEncryptBeforeSign() {
    try {
      AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
      assertTokenWrapper(encryptionWrapper);
      AbstractToken encryptionToken = encryptionWrapper.getToken();

      String tokenId = null;
      SecurityToken tok = null;
      if (encryptionToken instanceof KerberosToken) {
        tok = getSecurityToken();
        if (MessageUtils.isRequestor(message)) {
          addKerberosToken((KerberosToken) encryptionToken, false, true, true);
        }
      } else if (encryptionToken instanceof IssuedToken) {
        tok = getSecurityToken();
        addIssuedToken((IssuedToken) encryptionToken, tok, false, true);

        if (tok == null && !isRequestor()) {
          org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
              findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN);
          tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
        }
      } else if (encryptionToken instanceof SecureConversationToken
          || encryptionToken instanceof SecurityContextToken
          || encryptionToken instanceof SpnegoContextToken) {
        tok = getSecurityToken();
        if (tok != null && isRequestor()) {
          WSSSecurityProperties properties = getProperties();
          WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
          properties.addAction(actionToPerform);
        } else if (tok == null && !isRequestor()) {
          org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
              findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN);
          tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
        }
      } else if (encryptionToken instanceof X509Token) {
        if (isRequestor()) {
          tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
        } else {
          org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
              findEncryptedKeyToken();
          tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
        }
      } else if (encryptionToken instanceof UsernameToken) {
        unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
        return;
      }
      assertToken(encryptionToken);
      if (tok == null) {
        tokenId = XMLUtils.getIDFromReference(tokenId);

        // Get hold of the token from the token storage
        tok = TokenStoreUtils.getTokenStore(message).getToken(tokenId);
      }

      // Store key
      if (!(MessageUtils.isRequestor(message) && encryptionToken instanceof KerberosToken)) {
        storeSecurityToken(encryptionToken, tok);
      }

      List<SecurePart> encrParts = null;
      List<SecurePart> sigParts = null;
      try {
        encrParts = getEncryptedParts();
        // Signed parts are determined before encryption because encrypted signed headers
        // will not be included otherwise
        sigParts = getSignedParts();
      } catch (SOAPException ex) {
        throw new Fault(ex);
      }

      addSupportingTokens();

      if (encryptionToken != null && encrParts.size() > 0) {
        if (isRequestor()) {
          encrParts.addAll(encryptedTokensList);
        }

        // Check for signature protection
        if (sbinding.isEncryptSignature()) {
          SecurePart part =
              new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
          encrParts.add(part);
          if (signatureConfirmationAdded) {
            part = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
            encrParts.add(part);
          }
          assertPolicy(
              new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
        }

        doEncryption(encryptionWrapper, encrParts, true);
      }

      if (timestampAdded) {
        SecurePart part =
            new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
        sigParts.add(part);
      }
      sigParts.addAll(this.getSignedParts());

      if (sigParts.size() > 0) {
        AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
        if (sigAbstractTokenWrapper != null) {
          AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
          if (isRequestor()) {
            doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
          } else {
            addSignatureConfirmation(sigParts);
            doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
          }
        }
      }

      removeSignatureIfSignedSAML();
      enforceEncryptBeforeSigningWithSignedSAML();
      prependSignatureToSC();
      putCustomTokenAfterSignature();
    } catch (RuntimeException ex) {
      throw ex;
    } catch (Exception ex) {
      throw new Fault(ex);
    }
  }
Example #26
0
  private void doSignBeforeEncrypt() {
    AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
    assertTokenWrapper(sigAbstractTokenWrapper);
    AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
    String sigTokId = null;

    try {
      SecurityToken sigTok = null;
      if (sigToken != null) {
        if (sigToken instanceof KerberosToken) {
          sigTok = getSecurityToken();
          if (isRequestor()) {
            addKerberosToken((KerberosToken) sigToken, false, true, true);
          }
        } else if (sigToken instanceof IssuedToken) {
          sigTok = getSecurityToken();
          addIssuedToken((IssuedToken) sigToken, sigTok, false, true);

          if (sigTok == null && !isRequestor()) {
            org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
                findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN);
            sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
          }
        } else if (sigToken instanceof SecureConversationToken
            || sigToken instanceof SecurityContextToken
            || sigToken instanceof SpnegoContextToken) {
          sigTok = getSecurityToken();
          if (sigTok != null && isRequestor()) {
            WSSSecurityProperties properties = getProperties();
            WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
            properties.addAction(actionToPerform);
          } else if (sigTok == null && !isRequestor()) {
            org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
                findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN);
            sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
          }
        } else if (sigToken instanceof X509Token) {
          if (isRequestor()) {
            sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
          } else {
            org.apache.xml.security.stax.securityToken.SecurityToken securityToken =
                findEncryptedKeyToken();
            sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
          }
        } else if (sigToken instanceof UsernameToken) {
          unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
          return;
        }
        assertToken(sigToken);
      } else {
        unassertPolicy(sbinding, "No signature token");
        return;
      }

      if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
        unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
        return;
      }
      if (sigTok == null) {
        sigTok = TokenStoreUtils.getTokenStore(message).getToken(sigTokId);
      }

      // Store key
      if (!(MessageUtils.isRequestor(message) && sigToken instanceof KerberosToken)) {
        storeSecurityToken(sigToken, sigTok);
      }

      // Add timestamp
      List<SecurePart> sigs = new ArrayList<>();
      if (timestampAdded) {
        SecurePart part =
            new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
        sigs.add(part);
      }
      sigs.addAll(this.getSignedParts());

      if (!isRequestor()) {
        addSignatureConfirmation(sigs);
      }

      if (!sigs.isEmpty()) {
        doSignature(sigAbstractTokenWrapper, sigToken, sigTok, sigs);
      }

      addSupportingTokens();
      removeSignatureIfSignedSAML();
      prependSignatureToSC();

      // Encryption
      List<SecurePart> enc = getEncryptedParts();

      // Check for signature protection
      if (sbinding.isEncryptSignature()) {
        SecurePart part =
            new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
        enc.add(part);
        if (signatureConfirmationAdded) {
          part = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
          enc.add(part);
        }
        assertPolicy(
            new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
      }

      // Do encryption
      if (isRequestor()) {
        enc.addAll(encryptedTokensList);
      }
      AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
      doEncryption(encrAbstractTokenWrapper, enc, false);

      putCustomTokenAfterSignature();
    } catch (Exception e) {
      throw new Fault(e);
    }
  }
Example #27
0
  private void doEncryption(
      AbstractTokenWrapper recToken, List<SecurePart> encrParts, boolean externalRef)
      throws SOAPException {
    // Do encryption
    if (recToken != null && recToken.getToken() != null) {
      AbstractToken encrToken = recToken.getToken();
      AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();

      // Action
      WSSSecurityProperties properties = getProperties();
      WSSConstants.Action actionToPerform = WSSConstants.ENCRYPT;
      if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
        if (MessageUtils.isRequestor(message) && recToken.getToken() instanceof X509Token) {
          properties.setDerivedKeyTokenReference(
              WSSConstants.DerivedKeyTokenReference.EncryptedKey);
        } else {
          properties.setDerivedKeyTokenReference(
              WSSConstants.DerivedKeyTokenReference.DirectReference);
        }
        AlgorithmSuiteType algSuiteType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
        properties.setDerivedEncryptionKeyLength(algSuiteType.getEncryptionDerivedKeyLength() / 8);
      }

      if (recToken.getVersion() == SPConstants.SPVersion.SP12) {
        properties.setUse200512Namespace(true);
      }

      properties.getEncryptionSecureParts().addAll(encrParts);
      properties.addAction(actionToPerform);

      if (isRequestor()) {
        properties.setEncryptionKeyIdentifier(getKeyIdentifierType(encrToken));
        properties.setDerivedKeyKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
      } else if (recToken.getToken() instanceof KerberosToken && !isRequestor()) {
        properties.setEncryptionKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
        properties.setDerivedKeyKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
        if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
          properties.setEncryptionKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        }
      } else if ((recToken.getToken() instanceof IssuedToken
              || recToken.getToken() instanceof SecureConversationToken
              || recToken.getToken() instanceof SpnegoContextToken)
          && !isRequestor()) {
        properties.setEncryptionKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
      } else {
        properties.setEncryptionKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
        if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
          properties.setDerivedKeyKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
          properties.setEncryptionKeyIdentifier(
              WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
          properties.setEncryptSymmetricEncryptionKey(false);
        }
      }

      // Find out do we also need to include the token as per the Inclusion requirement
      WSSecurityTokenConstants.KeyIdentifier keyIdentifier =
          properties.getEncryptionKeyIdentifier();
      if (encrToken instanceof X509Token
          && isTokenRequired(encrToken.getIncludeTokenType())
          && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)
              || WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER.equals(keyIdentifier)
              || WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(
                  keyIdentifier))) {
        properties.setIncludeEncryptionToken(true);
      } else {
        properties.setIncludeEncryptionToken(false);
      }

      properties.setEncryptionKeyTransportAlgorithm(
          algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
      properties.setEncryptionSymAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());

      String encUser =
          (String)
              SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
      if (encUser == null) {
        encUser =
            (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
      }
      if (encUser != null && properties.getEncryptionUser() == null) {
        properties.setEncryptionUser(encUser);
      }
      if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encUser)) {
        properties.setUseReqSigCertForEncryption(true);
      }

      if (encrToken instanceof KerberosToken
          || encrToken instanceof IssuedToken
          || encrToken instanceof SpnegoContextToken
          || encrToken instanceof SecurityContextToken
          || encrToken instanceof SecureConversationToken) {
        properties.setEncryptSymmetricEncryptionKey(false);
      }
    }
  }
Example #28
0
  /**
   * Mediate message flow.
   *
   * @param message the current message
   * @param isFault true if a fault is being mediated
   * @return true if processing should continue on dispatch path
   */
  protected boolean mediate(Message message, boolean isFault) {
    boolean continueProcessing = true;
    if (ContextUtils.isOutbound(message)) {
      if (usingAddressing(message)) {
        // request/response MAPs must be aggregated
        aggregate(message, isFault);
      }
      AddressingProperties theMaps =
          ContextUtils.retrieveMAPs(message, false, ContextUtils.isOutbound(message));
      if (null != theMaps) {
        if (ContextUtils.isRequestor(message)) {
          assertAddressing(message, theMaps.getReplyTo(), theMaps.getFaultTo());
        } else {
          checkReplyTo(message, theMaps);
        }
      }
    } else if (!ContextUtils.isRequestor(message)) {
      // responder validates incoming MAPs
      AddressingProperties maps = getMAPs(message, false, false);
      // check responses
      if (maps != null) {
        checkAddressingResponses(maps.getReplyTo(), maps.getFaultTo());
        assertAddressing(message, maps.getReplyTo(), maps.getFaultTo());
      }
      boolean isOneway = message.getExchange().isOneWay();
      if (null == maps && !addressingRequired) {
        return false;
      }
      continueProcessing = validateIncomingMAPs(maps, message);
      if (maps != null) {
        AddressingProperties theMaps =
            ContextUtils.retrieveMAPs(message, false, ContextUtils.isOutbound(message));
        if (null != theMaps) {
          assertAddressing(message, theMaps.getReplyTo(), theMaps.getFaultTo());
        }

        if (isOneway || !ContextUtils.isGenericAddress(maps.getReplyTo())) {
          InternalContextUtils.rebaseResponse(maps.getReplyTo(), maps, message);
        }
        if (!isOneway) {
          if (ContextUtils.isNoneAddress(maps.getReplyTo())) {
            LOG.warning("Detected NONE value in ReplyTo WSA header for request-respone MEP");
          } else {
            // ensure the inbound MAPs are available in both the full & fault
            // response messages (used to determine relatesTo etc.)
            ContextUtils.propogateReceivedMAPs(maps, message.getExchange());
          }
        }
      }
      if (continueProcessing) {
        // any faults thrown from here on can be correlated with this message
        message.put(FaultMode.class, FaultMode.LOGICAL_RUNTIME_FAULT);
      } else {
        // validation failure => dispatch is aborted, response MAPs
        // must be aggregated
        // isFault = true;
        // aggregate(message, isFault);
        if (isSOAP12(message)) {
          SoapFault soap12Fault =
              new SoapFault(
                  ContextUtils.retrieveMAPFaultReason(message), Soap12.getInstance().getSender());
          soap12Fault.setSubCode(
              new QName(Names.WSA_NAMESPACE_NAME, ContextUtils.retrieveMAPFaultName(message)));
          throw soap12Fault;
        }
        throw new SoapFault(
            ContextUtils.retrieveMAPFaultReason(message),
            new QName(Names.WSA_NAMESPACE_NAME, ContextUtils.retrieveMAPFaultName(message)));
      }
    } else {
      AddressingProperties theMaps =
          ContextUtils.retrieveMAPs(message, false, ContextUtils.isOutbound(message));
      if (null != theMaps) {
        assertAddressing(message, theMaps.getReplyTo(), theMaps.getFaultTo());
      }
      // If the wsa policy is enabled , but the client sets the
      // WSAddressingFeature.isAddressingRequired to false , we need to assert all WSA assertion to
      // true
      if (!ContextUtils.isOutbound(message)
          && ContextUtils.isRequestor(message)
          && getWSAddressingFeature(message) != null
          && !getWSAddressingFeature(message).isAddressingRequired()) {
        assertAddressing(message);
      }
      // CXF-3060 :If wsa policy is not enforced, AddressingProperties map is null and
      // AddressingFeature.isRequired, requestor checks inbound message and throw exception
      if (null == theMaps
          && !ContextUtils.isOutbound(message)
          && ContextUtils.isRequestor(message)
          && getWSAddressingFeature(message) != null
          && getWSAddressingFeature(message).isAddressingRequired()) {
        boolean missingWsaHeader = false;
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        if (aim == null || aim.size() == 0) {
          missingWsaHeader = true;
        }
        if (aim != null && aim.size() > 0) {
          missingWsaHeader = true;
          QName[] types =
              new QName[] {
                MetadataConstants.ADDRESSING_ASSERTION_QNAME,
                MetadataConstants.USING_ADDRESSING_2004_QNAME,
                MetadataConstants.USING_ADDRESSING_2005_QNAME,
                MetadataConstants.USING_ADDRESSING_2006_QNAME
              };
          for (QName type : types) {
            for (AssertionInfo assertInfo : aim.getAssertionInfo(type)) {
              if (assertInfo.isAsserted()) {
                missingWsaHeader = false;
              }
            }
          }
        }
        if (missingWsaHeader) {
          throw new SoapFault(
              "MISSING_ACTION_MESSAGE",
              BUNDLE,
              new QName(Names.WSA_NAMESPACE_NAME, Names.HEADER_REQUIRED_NAME));
        }
      }
      if (MessageUtils.isPartialResponse(message)
          && message.getExchange().getOutMessage() != null) {
        // marked as a partial response, let's see if it really is
        MessageInfo min = message.get(MessageInfo.class);
        MessageInfo mout = message.getExchange().getOutMessage().get(MessageInfo.class);
        if (min != null
            && mout != null
            && min.getOperation() == mout.getOperation()
            && message.getContent(List.class) != null) {
          // the in and out messages are on the same operation
          // and we were able to get a response for it.
          message.remove(Message.PARTIAL_RESPONSE_MESSAGE);
        }
      }
    }
    return continueProcessing;
  }
Example #29
0
 protected URI calculateNewRequestURI(Map<String, Object> reqContext) {
   URI newBaseURI = URI.create(reqContext.get(Message.ENDPOINT_ADDRESS).toString());
   URI requestURI = URI.create(reqContext.get(Message.REQUEST_URI).toString());
   return calculateNewRequestURI(
       newBaseURI, requestURI, MessageUtils.isTrue(reqContext.get(PROXY_PROPERTY)));
 }