private void removeContext(final Packet packet) {
SecurityContextToken sct =
(SecurityContextToken) packet.invocationProperties.get(MessageConstants.INCOMING_SCT);
if (sct != null) {
String strId = sct.getIdentifier().toString();
if (strId != null) {
issuedTokenContextMap.remove(strId);
sessionManager.terminateSession(strId);
}
}
}
@SuppressWarnings("unchecked")
private void updateSCSessionInfo(Packet packet) {
SecurityContextToken sct =
(SecurityContextToken) packet.invocationProperties.get(MessageConstants.INCOMING_SCT);
if (sct != null) {
// get the secure session id
String sessionId = sct.getIdentifier().toString();
// put the secure session id the the message context
packet.invocationProperties.put(Session.SESSION_ID_KEY, sessionId);
packet.invocationProperties.put(
Session.SESSION_KEY, sessionManager.getSession(sessionId).getUserData());
}
}
// The packet has the Message with RST/SCT inside it
// TODO: Need to inspect if it is really a Issue or a Cancel
private Packet invokeSecureConversationContract(
Packet packet, ProcessingContext ctx, boolean isSCTIssue) {
IssuedTokenContext ictx = new IssuedTokenContextImpl();
ictx.getOtherProperties().put("SessionManager", sessionManager);
Message msg = packet.getMessage();
Message retMsg = null;
String retAction = null;
try {
// Set the requestor authenticated Subject in the IssuedTokenContext
Subject subject = SubjectAccessor.getRequesterSubject(ctx);
ictx.setRequestorSubject(subject);
WSTrustElementFactory wsscEleFac = WSTrustElementFactory.newInstance(wsscVer);
JAXBElement rstEle =
msg.readPayloadAsJAXB(WSTrustElementFactory.getContext(wsTrustVer).createUnmarshaller());
BaseSTSRequest rst = wsscEleFac.createRSTFrom(rstEle);
URI requestType = ((RequestSecurityToken) rst).getRequestType();
BaseSTSResponse rstr = null;
WSSCContract scContract = WSSCFactory.newWSSCContract(wsscVer);
scContract.setWSSCServerConfig(
(Iterator)
packet.invocationProperties.get(
com.sun.xml.ws.security.impl.policy.Constants
.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS));
if (requestType.toString().equals(wsTrustVer.getIssueRequestTypeURI())) {
List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage());
rstr = scContract.issue(rst, ictx, (SecureConversationToken) policies.get(0));
retAction = wsscVer.getSCTResponseAction();
SecurityContextToken sct = (SecurityContextToken) ictx.getSecurityToken();
String sctId = sct.getIdentifier().toString();
Session session = sessionManager.getSession(sctId);
if (session == null) {
log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION());
throw new WSSecureConversationException(
LogStringsMessages.WSITPVD_0044_ERROR_SESSION_CREATION());
}
// Put it here for RM to pick up
packet.invocationProperties.put(Session.SESSION_ID_KEY, sctId);
packet.invocationProperties.put(Session.SESSION_KEY, session.getUserData());
IssuedTokenContext itctx = session.getSecurityInfo().getIssuedTokenContext();
// add the subject of requestor
itctx.setRequestorSubject(ictx.getRequestorSubject());
// ((ProcessingContextImpl)ctx).getIssuedTokenContextMap().put(sctId, itctx);
} else if (requestType.toString().equals(wsTrustVer.getRenewRequestTypeURI())) {
List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage());
retAction = wsscVer.getSCTRenewResponseAction();
rstr = scContract.renew(rst, ictx, (SecureConversationToken) policies.get(0));
} else if (requestType.toString().equals(wsTrustVer.getCancelRequestTypeURI())) {
retAction = wsscVer.getSCTCancelResponseAction();
rstr = scContract.cancel(rst, ictx);
} else {
log.log(
Level.SEVERE,
LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
throw new UnsupportedOperationException(
LogStringsMessages.WSITPVD_0045_UNSUPPORTED_OPERATION_EXCEPTION(requestType));
}
// construct the complete message here containing the RSTR and the
// correct Action headers if any and return the message.
retMsg =
Messages.create(
WSTrustElementFactory.getContext(wsTrustVer).createMarshaller(),
wsscEleFac.toJAXBElement(rstr),
soapVersion);
} catch (javax.xml.bind.JAXBException ex) {
log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), ex);
throw new RuntimeException(LogStringsMessages.WSITPVD_0001_PROBLEM_MAR_UNMAR(), ex);
} catch (com.sun.xml.wss.XWSSecurityException ex) {
log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex);
throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex);
} catch (WSSecureConversationException ex) {
log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex);
throw new RuntimeException(LogStringsMessages.WSITPVD_0046_ERROR_INVOKE_SC_CONTRACT(), ex);
}
// SecurityContextToken sct = (SecurityContextToken)ictx.getSecurityToken();
// String sctId = sct.getIdentifier().toString();
// ((ProcessingContextImpl)ctx).getIssuedTokenContextMap().put(sctId, ictx);
Packet retPacket = addAddressingHeaders(packet, retMsg, retAction);
if (isSCTIssue) {
List<PolicyAssertion> policies = getOutBoundSCP(packet.getMessage());
if (!policies.isEmpty()) {
retPacket.invocationProperties.put(SC_ASSERTION, (PolicyAssertion) policies.get(0));
}
}
return retPacket;
}