@SuppressWarnings("unchecked") public Packet secureResponse(Packet retPacket, Subject serviceSubject, Map sharedState) throws XWSSecurityException { boolean isSCIssueMessage = (sharedState.get("IS_SC_ISSUE") != null) ? true : false; boolean isSCCancelMessage = (sharedState.get("IS_SC_CANCEL") != null) ? true : false; boolean isTrustMessage = (sharedState.get("IS_TRUST_MESSAGE") != null) ? true : false; Packet packet = (Packet) sharedState.get("VALIDATE_REQ_PACKET"); Boolean thereWasAFaultSTR = (Boolean) sharedState.get("THERE_WAS_A_FAULT"); boolean thereWasAFault = (thereWasAFaultSTR != null) ? thereWasAFaultSTR.booleanValue() : false; if (thereWasAFault) { return retPacket; } /* TODO:this piece of code present since payload should be read once*/ if (!optimized) { try { SOAPMessage sm = retPacket.getMessage().readAsSOAPMessage(); Message newMsg = Messages.create(sm); retPacket.setMessage(newMsg); } catch (SOAPException ex) { throw new WebServiceException(ex); } } // ---------------OUTBOUND SECURITY PROCESSING---------- ProcessingContext ctx = initializeOutgoingProcessingContext(retPacket, isSCIssueMessage); ctx.setExtraneousProperty("SessionManager", sessionManager); Message msg = retPacket.getMessage(); try { if (ctx.getSecurityPolicy() != null && ((MessagePolicy) ctx.getSecurityPolicy()).size() > 0) { if (!optimized) { SOAPMessage soapMessage = msg.readAsSOAPMessage(); soapMessage = secureOutboundMessage(soapMessage, ctx); msg = Messages.create(soapMessage); } else { msg = secureOutboundMessage(msg, ctx); } } } catch (WssSoapFaultException ex) { sharedState.put("THERE_WAS_A_FAULT", Boolean.valueOf(true)); msg = Messages.create(getSOAPFault(ex)); } catch (SOAPException se) { // internal error log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), se); throw new WebServiceException( LogStringsMessages.WSITPVD_0029_ERROR_SECURING_OUTBOUND_MSG(), se); } finally { if (isSCCancel(retPacket)) { removeContext(packet); } } resetCachedOperation(retPacket); retPacket.setMessage(msg); return retPacket; }
/** * ns4 is declared on Body and is used in faultcode. So making sure it is picked up after copy() */ public void testCopy20() throws Exception { String soap18Msg = "<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'>" + "<S:Body xmlns:ns4='http://schemas.xmlsoap.org/soap/envelope/'>" + "<S:Fault>" + "<faultcode>ns4:Server</faultcode>" + "<faultstring>com.sun.istack.XMLStreamException2</faultstring>" + "</S:Fault>" + "</S:Body>" + "</S:Envelope>"; Message message = useStreamCodec(soap18Msg); message.copy(); SOAPFaultBuilder.create(message).createException(null); }
/** * ns4 is declared on Envelope and Body and is used in faultcode. So making sure the correct ns4 * is picked up for payload source */ public void testPayloadSource1() throws Exception { String soap18Msg = "<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/' xmlns:ns4='A'>" + "<S:Body xmlns:ns4='http://schemas.xmlsoap.org/soap/envelope/'>" + "<S:Fault>" + "<faultcode>ns4:Server</faultcode>" + "<faultstring>com.sun.istack.XMLStreamException2</faultstring>" + "</S:Fault>" + "</S:Body>" + "</S:Envelope>"; Message message = useStreamCodec(soap18Msg); Source source = message.readPayloadAsSource(); InputStream is = getInputStream(source); XMLStreamReader xsr = XMLInputFactory.newInstance().createXMLStreamReader(is); xsr.next(); xsr.next(); assertEquals("http://schemas.xmlsoap.org/soap/envelope/", xsr.getNamespaceURI("ns4")); }
protected final Message createSoapFaultMessage( RuntimeContext rc, boolean attachSequenceFaultElement) { try { // TODO P1 where to set soap fault code? SOAPFault soapFault = rc.soapVersion.saajSoapFactory.createFault(); // common SOAP1.1 and SOAP1.2 Fault settings if (faultReasonText != null) { soapFault.setFaultString(faultReasonText, java.util.Locale.ENGLISH); } soapFault.setFaultCode(getCode().asQName(rc.soapVersion)); // SOAP version-specific SOAP Fault settings switch (rc.soapVersion) { case SOAP_11: break; case SOAP_12: soapFault.appendFaultSubcode(getSubcode(rc.rmVersion)); soapFault.addDetail().setValue(getDetailValue()); break; default: throw new RxRuntimeException( "Unsupported SOAP version: '" + rc.soapVersion.toString() + "'"); } Message soapFaultMessage = Messages.create(soapFault); if (attachSequenceFaultElement && rc.soapVersion == SOAPVersion.SOAP_11) { soapFaultMessage .getHeaders() .add( rc.protocolHandler.createSequenceFaultElementHeader( getSubcode(rc.rmVersion), getDetailValue())); } return soapFaultMessage; } catch (SOAPException ex) { throw new RxRuntimeException("Error creating a SOAP fault", ex); } }
public void testCopy16() throws IOException { String soap16Msg = "<S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'> <S:Body> <a> </a><b> </b> <c/> </S:Body> </S:Envelope>"; Message message = useStreamCodec(soap16Msg); message.copy(); }
public void testCopyWithSpaces() throws IOException { String soap12Msg = "<?xml version='1.0'?><S:Envelope xmlns:S='http://schemas.xmlsoap.org/soap/envelope/'> <S:Header> <m:ut xmlns:m='a'> <u xmlns='' id='a'>user</u> </m:ut> <b> hello </b> </S:Header> <S:Body> <ns2:c xmlns:ns2='local'> <clientName>Test</clientName> <ns2:year>2007</ns2:year> </ns2:c> </S:Body> </S:Envelope>"; Message message = useStreamCodec(soap12Msg); message.copy(); }
public void testCopyStreamMessage1() throws IOException { String soap11Msg = "<soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema'><Header xmlns='http://schemas.xmlsoap.org/soap/envelope/'> <SubscriptionInfo xmlns='http://ws.strikeiron.com'> <LicenseStatusCode>0</LicenseStatusCode> </SubscriptionInfo> </Header> <soap:Body> <GetCountryCodesResponse xmlns='http://www.strikeiron.com'> <GetCountryCodesResult/></GetCountryCodesResponse></soap:Body></soap:Envelope>"; Message message = useStreamCodec(soap11Msg); message.copy(); }
// The packet has the Message with RST/SCT inside it // TODO: Need to inspect if it is really a Issue or a Cancel private Packet invokeSecureConversationContract( Packet packet, ProcessingContext ctx, boolean isSCTIssue) { IssuedTokenContext ictx = new IssuedTokenContextImpl(); ictx.getOtherProperties().put("SessionManager", sessionManager); Message msg = packet.getMessage(); Message retMsg = null; String retAction = null; try { // Set the requestor authenticated Subject in the IssuedTokenContext Subject subject = SubjectAccessor.getRequesterSubject(ctx); ictx.setRequestorSubject(subject); WSTrustElementFactory wsscEleFac = WSTrustElementFactory.newInstance(wsscVer); JAXBElement rstEle = msg.readPayloadAsJAXB(WSTrustElementFactory.getContext(wsTrustVer).createUnmarshaller()); BaseSTSRequest rst = wsscEleFac.createRSTFrom(rstEle); URI requestType = ((RequestSecurityToken) rst).getRequestType(); BaseSTSResponse rstr = null; WSSCContract scContract = WSSCFactory.newWSSCContract(wsscVer); scContract.setWSSCServerConfig( (Iterator) packet.invocationProperties.get( com.sun.xml.ws.security.impl.policy.Constants .SUN_SECURE_SERVER_CONVERSATION_POLICY_NS)); if (requestType.toString().equals(wsTrustVer.getIssueRequestTypeURI())) { List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage()); rstr = scContract.issue(rst, ictx, (SecureConversationToken) policies.get(0)); retAction = wsscVer.getSCTResponseAction(); SecurityContextToken sct = (SecurityContextToken) ictx.getSecurityToken(); String sctId = sct.getIdentifier().toString(); Session session = sessionManager.getSession(sctId); if (session == null) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION()); throw new WSSecureConversationException( LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION()); } // Put it here for RM to pick up packet.invocationProperties.put(Session.SESSION_ID_KEY, sctId); packet.invocationProperties.put(Session.SESSION_KEY, session.getUserData()); IssuedTokenContext itctx = session.getSecurityInfo().getIssuedTokenContext(); // add the subject of requestor itctx.setRequestorSubject(ictx.getRequestorSubject()); // ((ProcessingContextImpl)ctx).getIssuedTokenContextMap().put(sctId, itctx); } else if (requestType.toString().equals(wsTrustVer.getRenewRequestTypeURI())) { List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage()); retAction = wsscVer.getSCTRenewResponseAction(); rstr = scContract.renew(rst, ictx, (SecureConversationToken) policies.get(0)); } else if (requestType.toString().equals(wsTrustVer.getCancelRequestTypeURI())) { retAction = wsscVer.getSCTCancelResponseAction(); rstr = scContract.cancel(rst, ictx); } else { log.log( Level.SEVERE, LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType)); throw new UnsupportedOperationException( LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType)); } // construct the complete message here containing the RSTR and the // correct Action headers if any and return the message. retMsg = Messages.create( WSTrustElementFactory.getContext(wsTrustVer).createMarshaller(), wsscEleFac.toJAXBElement(rstr), soapVersion); } catch (javax.xml.bind.JAXBException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), ex); throw new RuntimeException(LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), ex); } catch (com.sun.xml.wss.XWSSecurityException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex); throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex); } catch (WSSecureConversationException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex); throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex); } // SecurityContextToken sct = (SecurityContextToken)ictx.getSecurityToken(); // String sctId = sct.getIdentifier().toString(); // ((ProcessingContextImpl)ctx).getIssuedTokenContextMap().put(sctId, ictx); Packet retPacket = addAddressingHeaders(packet, retMsg, retAction); if (isSCTIssue) { List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage()); if (!policies.isEmpty()) { retPacket.invocationProperties.put(SC_ASSERTION, (PolicyAssertion) policies.get(0)); } } return retPacket; }
public Packet validateRequest( Packet packet, Subject clientSubject, Subject serviceSubject, Map<Object, Object> sharedState) throws XWSSecurityException { Message msg = packet.getMessage(); boolean isSCIssueMessage = false; boolean isSCCancelMessage = false; boolean isTrustMessage = false; String msgId = null; String action = null; boolean thereWasAFault = false; // Do Security Processing for Incoming Message // ---------------INBOUND SECURITY VERIFICATION---------- ProcessingContext ctx = initializeInboundProcessingContext(packet); // update the client subject passed to the AuthModule itself. ctx.setExtraneousProperty(MessageConstants.AUTH_SUBJECT, clientSubject); ctx.setExtraneousProperty( ProcessingContext.OPERATION_RESOLVER, new PolicyResolverImpl( inMessagePolicyMap, inProtocolPM, cachedOperation(packet), pipeConfig, addVer, false, rmVer)); ctx.setExtraneousProperty("SessionManager", sessionManager); try { if (!optimized) { SOAPMessage soapMessage = msg.readAsSOAPMessage(); soapMessage = verifyInboundMessage(soapMessage, ctx); msg = Messages.create(soapMessage); } else { msg = verifyInboundMessage(msg, ctx); } } catch (WssSoapFaultException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), ex); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(ex, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (XWSSecurityException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (XWSSecurityRuntimeException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (WebServiceException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (SOAPException se) { // internal error log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), se); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(se, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (Exception ex) { // NPE's from server need to be handled as well log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), ex); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(ex, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } if (thereWasAFault) { sharedState.put("THERE_WAS_A_FAULT", Boolean.valueOf(thereWasAFault)); if (this.isAddressingEnabled()) { if (optimized) { packet.setMessage(((JAXBFilterProcessingContext) ctx).getPVMessage()); } Packet ret = packet.createServerResponse( msg, this.addVer, this.soapVersion, this.addVer.getDefaultFaultAction()); return ret; } else { packet.setMessage(msg); return packet; } } packet.setMessage(msg); if (isAddressingEnabled()) { action = getAction(packet); if (wsscVer.getSCTRequestAction().equals(action) || wsscVer.getSCTRenewRequestAction().equals(action)) { isSCIssueMessage = true; sharedState.put("IS_SC_ISSUE", TRUE); if (wsscConfig != null) { packet.invocationProperties.put( com.sun.xml.ws.security.impl.policy.Constants .SUN_SECURE_SERVER_CONVERSATION_POLICY_NS, wsscConfig.iterator()); } } else if (wsscVer.getSCTCancelRequestAction().equals(action)) { isSCCancelMessage = true; sharedState.put("IS_SC_CANCEL", TRUE); } else if (wsTrustVer.getIssueRequestAction().equals(action) || wsTrustVer.getValidateRequestAction().equals(action)) { isTrustMessage = true; sharedState.put("IS_TRUST_MESSAGE", TRUE); sharedState.put("TRUST_REQUEST_ACTION", action); // packet.getMessage().getHeaders().getTo(addVer, pipeConfig.getBinding().getSOAPVersion()); if (trustConfig != null) { packet.invocationProperties.put( com.sun.xml.ws.security.impl.policy.Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS, trustConfig.iterator()); } // set the SecurityEnvironment packet.invocationProperties.put(WSTrustConstants.SECURITY_ENVIRONMENT, secEnv); packet.invocationProperties.put(WSTrustConstants.WST_VERSION, this.wsTrustVer); IssuedTokenContext ictx = ((ProcessingContextImpl) ctx).getTrustContext(); if (ictx != null && ictx.getAuthnContextClass() != null) { packet.invocationProperties.put( WSTrustConstants.AUTHN_CONTEXT_CLASS, ictx.getAuthnContextClass()); } } if (isSCIssueMessage) { List<PolicyAssertion> policies = getInBoundSCP(packet.getMessage()); if (!policies.isEmpty()) { packet.invocationProperties.put(SC_ASSERTION, (PolicyAssertion) policies.get(0)); } } } if (!isSCIssueMessage) { WSDLBoundOperation cachedOperation = cacheOperation(msg, packet); if (cachedOperation == null) { if (addVer != null) { cachedOperation = getWSDLOpFromAction(packet, true); packet.invocationProperties.put("WSDL_BOUND_OPERATION", cachedOperation); } } } sharedState.put("VALIDATE_REQ_PACKET", packet); Packet retPacket = null; if (isSCIssueMessage || isSCCancelMessage) { // -------put application message on hold and invoke SC contract-------- retPacket = invokeSecureConversationContract(packet, ctx, isSCIssueMessage); // if this is SC message we need to secure it in ValidateRequest Itself retPacket = secureResponse(retPacket, serviceSubject, sharedState); } else { updateSCSessionInfo(packet); retPacket = packet; } return retPacket; }
private NextAction handleMakeConnectionRequest(Packet request, String clientUID) { try { LOGGER.entering(); String selectionUID; try { MakeConnectionElement mcElement = request .getMessage() .readPayloadAsJAXB( configuration .getMcVersion() .getUnmarshaller(configuration.getAddressingVersion())); selectionUID = configuration.getMcVersion().getClientId(mcElement.getAddress().getValue()); } catch (JAXBException ex) { throw LOGGER.logSevereException( new RxRuntimeException( LocalizationMessages.WSMC_0107_ERROR_UNMARSHALLING_PROTOCOL_MESSAGE(), ex)); } if (selectionUID == null) { // TODO return a MissingSelection SOAP fault throw LOGGER.logSevereException( new RxRuntimeException(LocalizationMessages.WSMC_0108_NULL_SELECTION_ADDRESS())); } if (!selectionUID.equals(clientUID)) { // TODO return a SOAP fault? throw LOGGER.logSevereException( new RxRuntimeException( LocalizationMessages.WSMC_0109_SELECTION_ADDRESS_NOT_MATCHING_WSA_REPLYTO())); } Packet response = null; if (selectionUID != null && responseStorage.hasPendingResponse(selectionUID)) { LOGGER.finer( LocalizationMessages.WSMC_0110_PENDING_MESSAGE_FOUND_FOR_SELECTION_UUID(selectionUID)); response = responseStorage.getPendingResponsePacket(selectionUID); } if (response == null) { LOGGER.finer( LocalizationMessages.WSMC_0111_NO_PENDING_MESSAGE_FOUND_FOR_SELECTION_UUID( selectionUID)); response = createEmptyResponse(request); } else { Message message = response.getMessage(); if (message != null) { HeaderList headers = message.getHeaders(); headers.add( Headers.create( configuration.getMcVersion().getJaxbContext(configuration.getAddressingVersion()), new MessagePendingElement( Boolean.valueOf( selectionUID != null && responseStorage.hasPendingResponse(selectionUID))))); } } return super.doReturnWith(response); } finally { LOGGER.exiting(); } }