/**
* This method is used to validate the SOAP Message Request by the processing rules of Liberty
* SOAPBinding specifications.
*
* @param soapMessage SOAPMessage that needs to be validated.
* @param subject Subject that may be used to populate the authenticated entity/user principal and
* any other credential information.
* @param sharedData that may be used to store any data needed between the request and response.
* @param httpRequest HttpServletRequest associated with this SOAP Message request.
* @return Object Credential object after successful validation.
* @exception SOAPBindingException for any error occured during validation.
*/
public Object validateRequest(
SOAPMessage soapMessage, Subject subject, Map sharedData, HttpServletRequest httpRequest)
throws SOAPBindingException {
WSSUtils.debug.message("SOAPProvider.validateRequest : Init");
Message req = null;
try {
req = new Message(soapMessage);
sharedData.put(SOAPBindingConstants.LIBERTY_REQUEST, req);
if (req.getSecurityProfileType() != Message.ANONYMOUS && !SecurityUtils.verifyMessage(req)) {
WSSUtils.debug.error(
"MessageProcessor.validateRequest: Signature" + "Verification failed.");
throw new SOAPBindingException(WSSUtils.bundle.getString("cannotVerifySignature"));
}
Utils.enforceProcessingRules(req, null, true);
if (_config != null) {
String authMech = req.getAuthenticationMechanism();
if (authMech == null || !_config.getSecurityMechanisms().contains(authMech)) {
throw new SOAPBindingException(WSSUtils.bundle.getString("unsupportedAuthMech"));
}
} else {
throw new SOAPBindingException(WSSUtils.bundle.getString("nullConfiguration"));
}
return SOAPRequestHandler.getAuthenticator()
.authenticate(subject, null, null, _config, req, true);
} catch (SecurityException se) {
WSSUtils.debug.error(
"MessageProcessor.validateRequest: Request" + "Validation has failed.", se);
throw new SOAPBindingException(se.getMessage());
} catch (Exception sfe) {
WSSUtils.debug.error("MessageProcessor.validateRequest: SOAPFault" + "Exception.", sfe);
throw new SOAPBindingException(sfe.getMessage());
}
}
/**
* Adds the correlation header.
*
* @param msg SOAP Message that needs to be added with Correlation header.
* @param req Message Request, if present adds the correlation header reference.
* @return SOAPHeader SOAP Header with Correlation header.
*/
private SOAPHeader addCorrelationHeader(SOAPMessage msg, Message req)
throws SOAPBindingException {
try {
SOAPHeader header = msg.getSOAPPart().getEnvelope().getHeader();
if (header == null) {
header = msg.getSOAPPart().getEnvelope().addHeader();
}
CorrelationHeader cHeader = new CorrelationHeader();
correlationId = cHeader.getId();
if (req != null) {
cHeader.setRefToMessageID(req.getCorrelationHeader().getMessageID());
}
cHeader.addToParent(header);
return header;
} catch (Exception ex) {
WSSUtils.debug.error(
"MessageProcessor.addCorrealtionHeader: " + "Could not add correlation header", ex);
throw new SOAPBindingException(WSSUtils.bundle.getString("canotAddCorrelationHeader"));
}
}