001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the "License"). You may not use this file except
005: * in compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://jwsdp.dev.java.net/CDDLv1.0.html
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * HEADER in each file and include the License file at
014: * https://jwsdp.dev.java.net/CDDLv1.0.html If applicable,
015: * add the following below this CDDL HEADER, with the
016: * fields enclosed by brackets "[]" replaced with your
017: * own identifying information: Portions Copyright [yyyy]
018: * [name of copyright owner]
019: */
020: package com.sun.xml.xwss;
021:
022: import com.sun.xml.jaxws.JAXWSMessage;
023: import com.sun.xml.messaging.saaj.soap.MessageImpl;
024: import com.sun.xml.ws.spi.runtime.InternalSoapEncoder;
025: import com.sun.xml.wss.impl.misc.ReflectionUtil;
026: import com.sun.xml.wss.impl.misc.SecurityUtil;
027: import java.net.URL;
028:
029: import java.util.Locale;
030: import java.io.IOException;
031: import java.io.InputStream;
032: import java.util.Collection;
033:
034: import java.util.HashMap;
035: import java.util.Iterator;
036:
037: import java.security.AccessController;
038: import java.security.PrivilegedAction;
039: import java.util.List;
040: import java.util.Map;
041:
042: import javax.xml.namespace.QName;
043: import javax.xml.soap.AttachmentPart;
044: import javax.xml.soap.MessageFactory;
045: import javax.xml.soap.MimeHeader;
046: import javax.xml.soap.MimeHeaders;
047: import javax.xml.soap.SOAPException;
048:
049: import javax.xml.soap.SOAPFactory;
050: import javax.xml.soap.SOAPConstants;
051: import javax.xml.soap.SOAPFault;
052: import javax.xml.stream.XMLOutputFactory;
053: import javax.xml.stream.XMLStreamWriter;
054: import javax.xml.transform.dom.DOMResult;
055: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
056: import javax.xml.ws.soap.SOAPFaultException;
057: import javax.xml.ws.WebServiceException;
058: import com.sun.xml.ws.spi.runtime.MessageContext;
059: import com.sun.xml.ws.spi.runtime.SOAPMessageContext;
060: import com.sun.xml.ws.spi.runtime.SystemHandlerDelegate;
061: import com.sun.xml.wss.impl.configuration.StaticApplicationContext;
062: import com.sun.xml.wss.impl.config.ApplicationSecurityConfiguration;
063: import com.sun.xml.xwss.SecurityConfiguration;
064:
065: import org.w3c.dom.Attr;
066: import org.w3c.dom.Node;
067: import org.w3c.dom.NodeList;
068:
069: import javax.xml.soap.Name;
070: import javax.xml.soap.SOAPBody;
071: import javax.xml.soap.SOAPPart;
072: import javax.xml.soap.SOAPHeader;
073: import javax.xml.soap.SOAPMessage;
074: import javax.xml.soap.SOAPElement;
075: import javax.xml.soap.SOAPEnvelope;
076: import javax.xml.soap.SOAPMessage;
077:
078: import javax.xml.namespace.QName;
079:
080: import java.io.ByteArrayInputStream;
081: import javax.security.auth.callback.CallbackHandler;
082:
083: import com.sun.xml.wss.impl.MessageConstants;
084: import com.sun.xml.wss.ProcessingContext;
085: import com.sun.xml.wss.impl.SecurityAnnotator;
086: import com.sun.xml.wss.impl.SecurityRecipient;
087: import com.sun.xml.wss.impl.SecurableSoapMessage;
088: import com.sun.xml.wss.XWSSecurityException;
089: import com.sun.xml.wss.XWSSecurityException;
090: import com.sun.xml.wss.impl.WssSoapFaultException;
091: import com.sun.xml.wss.impl.PolicyViolationException;
092: import com.sun.xml.wss.impl.PolicyTypeUtil;
093:
094: import com.sun.xml.wss.impl.filter.DumpFilter;
095: import com.sun.xml.wss.impl.policy.SecurityPolicy;
096: import com.sun.xml.wss.impl.policy.mls.DynamicSecurityPolicy;
097: import com.sun.xml.wss.impl.configuration.StaticApplicationContext;
098: import com.sun.xml.wss.impl.config.ApplicationSecurityConfiguration;
099: import com.sun.xml.wss.impl.config.DeclarativeSecurityConfiguration;
100:
101: import com.sun.xml.wss.SecurityEnvironment;
102: import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
103: import com.sun.xml.messaging.saaj.soap.ExpressMessageFactoryImpl;
104:
105: import javax.servlet.ServletContext;
106:
107: //import src.com.sun.xml.xwss.XOPProcessor;
108:
109: public class SystemHandlerDelegateImpl implements SystemHandlerDelegate {
110:
111: private HashMap service_to_configMap = new HashMap();
112:
113: private SecurityConfiguration config = null;
114:
115: private static final String MESSAGE_SECURITY_CONFIGURATION = SecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION;
116:
117: private static final String CONTEXT_WSDL_OPERATION = "com.sun.xml.ws.wsdl.operation";
118:
119: private MessageFactory soap11MF = null;
120: private MessageFactory soap12MF = null;
121: private ExpressMessageFactoryImpl expMF = null;
122:
123: private static final String FAILURE = "com.sun.xml.ws.shd.failure";
124:
125: private static final String TRUE = "true";
126: private static final String FALSE = "false";
127: private static boolean nonOpt = false;
128: //if jaxws has to construct the soap message.
129: static {
130: try {
131: String value = System.getProperty("jaxws.soapmessage",
132: "false");
133: if (value != null && value.length() > 0) {
134: nonOpt = Boolean.parseBoolean(value);
135: }
136: } catch (Exception ex) {
137: }
138: }
139:
140: public SystemHandlerDelegateImpl() {
141:
142: try {
143: soap11MF = MessageFactory.newInstance();
144: soap12MF = MessageFactory
145: .newInstance(SOAPConstants.SOAP_1_2_PROTOCOL);
146: expMF = new ExpressMessageFactoryImpl();
147:
148: } catch (Exception ex) {
149: throw new RuntimeException(ex);
150: }
151:
152: }
153:
154: private String getServiceName(MessageContext messageContext) {
155: QName serviceQName = (QName) messageContext
156: .get(MessageContext.WSDL_SERVICE);
157: String serviceName = null;
158: if (serviceQName != null) {
159: serviceName = serviceQName.getLocalPart();
160: } else {
161: serviceName = "server";
162: }
163: return serviceName;
164: }
165:
166: private InputStream getServerConfigStream(String serviceName,
167: MessageContext messageContext) {
168: String serverConfig = "/WEB-INF/" + serviceName + "_"
169: + "security_config.xml";
170: ServletContext context = (ServletContext) messageContext
171: .get("javax.xml.ws.servlet.context");
172: if (context == null) {
173: //try to locate server_security_config.xml from classpath
174:
175: return null;
176: } else {
177: return context.getResourceAsStream(serverConfig);
178: }
179: }
180:
181: private URL getServerConfig(String serviceName,
182: MessageContext messageContext) {
183: String serverConfig = "/WEB-INF/" + serviceName + "_"
184: + "security_config.xml";
185: Object context = messageContext
186: .get("javax.xml.ws.servlet.context");
187: if (context == null) {
188: //try to locate server_security_config.xml from classpath
189: //This should work for both EJB Jar's and JDK6 Endpoints
190: String configUrl = "META-INF/" + serviceName + "_"
191: + "security_config.xml";
192: return SecurityUtil.loadFromClasspath(configUrl);
193: } else {
194: return SecurityUtil.loadFromContext(serverConfig, context);
195: }
196: }
197:
198: private void debugProperties(MessageContext messageContext) {
199: if (!MessageConstants.debug) {
200: return;
201: }
202:
203: System.out.println("MESSAGE_OUTBOUND_PROPERTY "
204: + messageContext
205: .get(messageContext.MESSAGE_OUTBOUND_PROPERTY));
206:
207: System.out.println("SERVICE="
208: + messageContext.get(MessageContext.WSDL_SERVICE));
209: System.out.println("INTERFACE="
210: + messageContext.get(MessageContext.WSDL_INTERFACE));
211: System.out.println("PORT="
212: + messageContext.get(MessageContext.WSDL_PORT));
213: System.out.println("OPERATION="
214: + messageContext.get(MessageContext.WSDL_OPERATION));
215: System.out.println("ServletContext="
216: + messageContext.get("javax.xml.ws.servlet.context"));
217:
218: }
219:
220: private void setSecurityConfiguration(MessageContext messageContext)
221: throws XWSSecurityException {
222:
223: if (config != null) {
224: if (!config.isEmpty()) {
225: messageContext.put(MESSAGE_SECURITY_CONFIGURATION,
226: config);
227: }
228: } else {
229: String serviceName = getServiceName(messageContext);
230: SecurityConfiguration scf = (SecurityConfiguration) service_to_configMap
231: .get(serviceName);
232:
233: if (scf != null) {
234: if (!scf.isEmpty()) {
235: messageContext.put(MESSAGE_SECURITY_CONFIGURATION,
236: scf);
237: return;
238: }
239: }
240:
241: // scf was null
242: synchronized (service_to_configMap) {
243: SecurityConfiguration _sc = (SecurityConfiguration) service_to_configMap
244: .get(serviceName);
245: if (_sc == null) {
246: scf = new SecurityConfiguration(getServerConfig(
247: serviceName, messageContext));
248: if (!scf.isEmpty()) {
249: service_to_configMap.put(serviceName, scf);
250: }
251: } else {
252: scf = _sc;
253: }
254: }
255: if (!scf.isEmpty()) {
256: messageContext.put(MESSAGE_SECURITY_CONFIGURATION, scf);
257: return;
258: }
259:
260: //scf is Empty
261: synchronized (service_to_configMap) {
262: if (config == null) {
263: config = new SecurityConfiguration(getServerConfig(
264: "server", messageContext));
265: }
266: }
267: if (!config.isEmpty()) {
268: messageContext.put(MESSAGE_SECURITY_CONFIGURATION,
269: config);
270: }
271: }
272: }
273:
274: public boolean processRequest(MessageContext messageContext)
275: throws RuntimeException {
276:
277: if (MessageConstants.debug) {
278: System.out
279: .println("....ProcessRequest of SystemHandlerDelegate ..."
280: + messageContext);
281: }
282: debugProperties(messageContext);
283:
284: Boolean outBound = (Boolean) messageContext
285: .get(messageContext.MESSAGE_OUTBOUND_PROPERTY);
286: // hack for the TODO above
287: boolean client = (outBound == null) ? true : outBound
288: .booleanValue();
289:
290: try {
291: if (client) {
292: return secureRequest((SOAPMessageContext) messageContext);
293: } else {
294: setSecurityConfiguration(messageContext);
295: return validateRequest((SOAPMessageContext) messageContext);
296: }
297: } catch (Exception e) {
298: throw new RuntimeException(e);
299: }
300: }
301:
302: public void processResponse(MessageContext messageContext)
303: throws RuntimeException {
304: if (MessageConstants.debug) {
305: System.out
306: .println(".....ProcessResponse of SystemHandlerDelegate ..."
307: + messageContext);
308: }
309: debugProperties(messageContext);
310:
311: Boolean outBound = (Boolean) messageContext
312: .get(messageContext.MESSAGE_OUTBOUND_PROPERTY);
313: // hack for the TODO above
314: boolean server = (outBound == null) ? true : outBound
315: .booleanValue();
316: boolean client = !server;
317:
318: try {
319: if (client) {
320: validateResponse((SOAPMessageContext) messageContext);
321: } else {
322: setSecurityConfiguration(messageContext);
323: secureResponse((SOAPMessageContext) messageContext);
324: }
325: } catch (Exception e) {
326: throw new RuntimeException(e);
327: }
328: }
329:
330: private StaticApplicationContext getPolicyContext(
331: SOAPMessageContext messageContext) {
332: // assumed to contain single nested container
333: SecurityConfiguration sConfig = (SecurityConfiguration) messageContext
334: .get(MESSAGE_SECURITY_CONFIGURATION);
335:
336: ApplicationSecurityConfiguration config = ((SecurityConfiguration) sConfig)
337: .getSecurityConfiguration();
338:
339: StaticApplicationContext iContext = (StaticApplicationContext) config
340: .getAllContexts().next();
341: StaticApplicationContext sContext = new StaticApplicationContext(
342: iContext);
343:
344: String port = null;
345: QName portQname = (QName) messageContext
346: .get(messageContext.WSDL_PORT);
347:
348: if (portQname == null) {
349: port = "";
350: } else {
351: port = portQname.toString();
352: }
353:
354: sContext.setPortIdentifier(port);
355:
356: return sContext;
357: }
358:
359: private void copyToMessageContext(
360: SOAPMessageContext messageContext, ProcessingContext context)
361: throws Exception {
362: if (MessageConstants.debug) {
363: System.out.println("Setting into messageContext ....");
364: }
365: messageContext.setMessage(context.getSOAPMessage());
366:
367: Iterator i = context.getExtraneousProperties().keySet()
368: .iterator();
369: while (i.hasNext()) {
370: String name = (String) i.next();
371: Object value = context.getExtraneousProperties().get(name);
372: messageContext.put(name, value);
373: }
374: }
375:
376: private void copyToProcessingContext(ProcessingContext context,
377: SOAPMessageContext messageContext) throws Exception {
378:
379: Iterator<Map.Entry<String, Object>> i = messageContext
380: .entrySet().iterator();
381: while (i.hasNext()) {
382: Map.Entry<String, Object> entry = i.next();
383: String name = entry.getKey();
384: Object value = entry.getValue();
385: context.setExtraneousProperty(name, value);
386: }
387:
388: }
389:
390: // client side incoming request handling code
391: public void validateResponse(SOAPMessageContext messageContext)
392: throws Exception {
393: boolean isSOAP12 = false;
394: try {
395: SecurityConfiguration sConfig = (SecurityConfiguration) messageContext
396: .get(MESSAGE_SECURITY_CONFIGURATION);
397:
398: if (sConfig == null) {
399: return;
400: }
401:
402: SOAPMessage message = messageContext.getMessage();
403:
404: // hack to get the SOAP version
405: if (message
406: .getClass()
407: .getName()
408: .equals(
409: "com.sun.xml.messaging.saaj.soap.ver1_2.Message1_2Impl")) {
410: isSOAP12 = true;
411: }
412:
413: //QName operation = (QName)messageContext.get(CONTEXT_WSDL_OPERATION);
414: String operation = (String) messageContext
415: .get(CONTEXT_WSDL_OPERATION);
416:
417: StaticApplicationContext sContext = getPolicyContext(messageContext);
418: sContext.setOperationIdentifier(operation);
419:
420: ApplicationSecurityConfiguration config = sConfig
421: .getSecurityConfiguration();
422:
423: SecurityPolicy policy = config
424: .getSecurityConfiguration(sContext);
425:
426: ProcessingContext context = new ProcessingContext();
427: copyToProcessingContext(context, messageContext);
428: context.setPolicyContext(sContext);
429: context.setSOAPMessage(messageContext.getMessage());
430: if (PolicyTypeUtil.declarativeSecurityConfiguration(policy)) {
431: context
432: .setSecurityPolicy(((DeclarativeSecurityConfiguration) policy)
433: .receiverSettings());
434: } else {
435: context.setSecurityPolicy(policy);
436: }
437:
438: context.setSecurityEnvironment(sConfig
439: .getSecurityEnvironment());
440: context.isInboundMessage(true);
441:
442: if (config.retainSecurityHeader()) {
443: context.retainSecurityHeader(true);
444: }
445:
446: SecurityRecipient.validateMessage(context);
447:
448: copyToMessageContext(messageContext, context);
449: if (messageContext.get("javax.security.auth.Subject") != null) {
450: messageContext.setScope("javax.security.auth.Subject",
451: MessageContext.Scope.APPLICATION);
452: }
453:
454: } catch (com.sun.xml.wss.impl.WssSoapFaultException soapFaultException) {
455: throw getSOAPFaultException(soapFaultException, isSOAP12);
456: } catch (com.sun.xml.wss.XWSSecurityException xwse) {
457: QName qname = null;
458:
459: if (xwse.getCause() instanceof PolicyViolationException)
460: qname = MessageConstants.WSSE_RECEIVER_POLICY_VIOLATION;
461: else
462: qname = MessageConstants.WSSE_FAILED_AUTHENTICATION;
463:
464: com.sun.xml.wss.impl.WssSoapFaultException wsfe = SecurableSoapMessage
465: .newSOAPFaultException(qname, xwse.getMessage(),
466: xwse);
467: throw getSOAPFaultException(wsfe, isSOAP12);
468: }
469: }
470:
471: // client side request sending hook
472: public boolean secureRequest(SOAPMessageContext messageContext)
473: throws Exception {
474: boolean isSOAP12 = false;
475: ProcessingContext context = null;
476: try {
477: SecurityConfiguration sConfig = (SecurityConfiguration) messageContext
478: .get(MESSAGE_SECURITY_CONFIGURATION);
479:
480: if (sConfig == null) {
481: return true;
482: }
483:
484: QName operationQName = (QName) messageContext
485: .get(messageContext.WSDL_OPERATION);
486: String operation = null;
487:
488: if (operationQName == null) {
489:
490: SOAPMessage message = messageContext.getMessage();
491: operation = getOperationName(message);
492: } else {
493: operation = operationQName.toString();
494: }
495:
496: messageContext.put(CONTEXT_WSDL_OPERATION, operation);
497:
498: StaticApplicationContext sContext = getPolicyContext(messageContext);
499: sContext.setOperationIdentifier(operation);
500:
501: ApplicationSecurityConfiguration config = sConfig
502: .getSecurityConfiguration();
503:
504: SecurityPolicy policy = config
505: .getSecurityConfiguration(sContext);
506:
507: context = new ProcessingContext();
508: //setting optimized flag
509:
510: copyToProcessingContext(context, messageContext);
511:
512: context.setPolicyContext(sContext);
513:
514: if (PolicyTypeUtil.declarativeSecurityConfiguration(policy)) {
515: context
516: .setSecurityPolicy(((DeclarativeSecurityConfiguration) policy)
517: .senderSettings());
518: } else {
519: context.setSecurityPolicy(policy);
520: }
521:
522: context.setSecurityEnvironment(sConfig
523: .getSecurityEnvironment());
524: context.isInboundMessage(false);
525: setSOAPMessage(messageContext, context, config
526: .isOptimized());
527: SecurityAnnotator.secureMessage(context);
528:
529: copyToMessageContext(messageContext, context);
530: } catch (com.sun.xml.wss.impl.WssSoapFaultException soapFaultException) {
531: addFault(soapFaultException, messageContext.getMessage(),
532: isSOAP12);
533: } catch (com.sun.xml.wss.XWSSecurityException xwse) {
534: // log the exception here
535: throw new WebServiceException(xwse);
536: }
537:
538: return true;
539: }
540:
541: private static final String ENCRYPTED_BODY_QNAME = "{"
542: + MessageConstants.XENC_NS + "}"
543: + MessageConstants.ENCRYPTED_DATA_LNAME;
544:
545: // server side incoming request handling hook
546: public boolean validateRequest(SOAPMessageContext messageContext)
547: throws Exception {
548: boolean isSOAP12 = false;
549: ProcessingContext context = null;
550: try {
551: SecurityConfiguration sConfig = (SecurityConfiguration) messageContext
552: .get(MESSAGE_SECURITY_CONFIGURATION);
553:
554: if (sConfig == null) {
555: return true;
556: }
557:
558: SOAPMessage message = messageContext.getMessage();
559:
560: // hack to get the SOAP version
561: if (message
562: .getClass()
563: .getName()
564: .equals(
565: "com.sun.xml.messaging.saaj.soap.ver1_2.Message1_2Impl")) {
566: isSOAP12 = true;
567: }
568:
569: StaticApplicationContext sContext = new StaticApplicationContext(
570: getPolicyContext(messageContext));
571:
572: context = new ProcessingContext();
573: copyToProcessingContext(context, messageContext);
574: context.setSOAPMessage(messageContext.getMessage());
575: String operation = getOperationName(message);
576:
577: ApplicationSecurityConfiguration _sConfig = sConfig
578: .getSecurityConfiguration();
579:
580: if (operation.equals(ENCRYPTED_BODY_QNAME)
581: && _sConfig.hasOperationPolicies()) {
582: // get enclosing port level configuration
583: if (MessageConstants.debug) {
584: System.out.println("context in plugin= "
585: + sContext.toString());
586: }
587: ApplicationSecurityConfiguration config = (ApplicationSecurityConfiguration) _sConfig
588: .getSecurityPolicies(sContext).next();
589:
590: if (config != null) {
591: context.setPolicyContext(sContext);
592: context.setSecurityPolicy(config);
593: } else {
594: ApplicationSecurityConfiguration config0 = (ApplicationSecurityConfiguration) _sConfig
595: .getAllTopLevelApplicationSecurityConfigurations()
596: .iterator().next();
597:
598: //sContext.setPortIdentifier ("");
599: context.setPolicyContext(sContext);
600: context.setSecurityPolicy(config0);
601: }
602: } else {
603: sContext.setOperationIdentifier(operation);
604: messageContext.put(CONTEXT_WSDL_OPERATION, operation);
605: SecurityPolicy policy = _sConfig
606: .getSecurityConfiguration(sContext);
607:
608: context.setPolicyContext(sContext);
609:
610: if (PolicyTypeUtil
611: .declarativeSecurityConfiguration(policy)) {
612: context
613: .setSecurityPolicy(((DeclarativeSecurityConfiguration) policy)
614: .receiverSettings());
615: } else {
616: context.setSecurityPolicy(policy);
617: }
618: }
619:
620: context.setSecurityEnvironment(sConfig
621: .getSecurityEnvironment());
622: context.isInboundMessage(true);
623:
624: if (_sConfig.retainSecurityHeader()) {
625: context.retainSecurityHeader(true);
626: }
627: SecurityRecipient.validateMessage(context);
628: String operationName = getOperationName(message);
629:
630: messageContext.put(CONTEXT_WSDL_OPERATION, operationName);
631:
632: copyToMessageContext(messageContext, context);
633: if (messageContext.get("javax.security.auth.Subject") != null) {
634: messageContext.setScope("javax.security.auth.Subject",
635: MessageContext.Scope.APPLICATION);
636: }
637:
638: } catch (com.sun.xml.wss.impl.WssSoapFaultException soapFaultException) {
639:
640: messageContext.put(FAILURE, TRUE);
641: addFault(soapFaultException, messageContext.getMessage(),
642: isSOAP12);
643: return false;
644:
645: } catch (com.sun.xml.wss.XWSSecurityException xwse) {
646: QName qname = null;
647:
648: if (xwse.getCause() instanceof PolicyViolationException)
649: qname = MessageConstants.WSSE_RECEIVER_POLICY_VIOLATION;
650: else
651: qname = MessageConstants.WSSE_FAILED_AUTHENTICATION;
652:
653: com.sun.xml.wss.impl.WssSoapFaultException wsfe = SecurableSoapMessage
654: .newSOAPFaultException(qname, xwse.getMessage(),
655: xwse);
656:
657: messageContext.put(FAILURE, TRUE);
658: addFault(wsfe, messageContext.getMessage(), isSOAP12);
659:
660: return false;
661: }
662:
663: return true;
664: }
665:
666: // server side response writing hook
667: public void secureResponse(SOAPMessageContext messageContext)
668: throws Exception {
669: boolean isSOAP12 = false;
670: try {
671:
672: SecurityConfiguration sConfig = (SecurityConfiguration) messageContext
673: .get(MESSAGE_SECURITY_CONFIGURATION);
674:
675: if (sConfig == null) {
676: return;
677: }
678: ProcessingContext context = new ProcessingContext();
679: copyToProcessingContext(context, messageContext);
680:
681: if (messageContext.get(FAILURE) == TRUE) {
682: DumpFilter.process(context);
683: // reset the FAILURE flag
684: messageContext.put(FAILURE, FALSE);
685: return;
686: }
687:
688: String operation = (String) messageContext
689: .get(CONTEXT_WSDL_OPERATION);
690: StaticApplicationContext sContext = new StaticApplicationContext(
691: getPolicyContext(messageContext));
692: sContext.setOperationIdentifier(operation);
693:
694: ApplicationSecurityConfiguration _sConfig = sConfig
695: .getSecurityConfiguration();
696:
697: SecurityPolicy policy = _sConfig
698: .getSecurityConfiguration(sContext);
699: context.setPolicyContext(sContext);
700:
701: if (PolicyTypeUtil.declarativeSecurityConfiguration(policy)) {
702: context
703: .setSecurityPolicy(((DeclarativeSecurityConfiguration) policy)
704: .senderSettings());
705: } else {
706: context.setSecurityPolicy(policy);
707: }
708:
709: context.setSecurityEnvironment(sConfig
710: .getSecurityEnvironment());
711: context.isInboundMessage(false);
712: setSOAPMessage(messageContext, context, _sConfig
713: .isOptimized());
714: SecurityAnnotator.secureMessage(context);
715: copyToMessageContext(messageContext, context);
716: } catch (com.sun.xml.wss.impl.WssSoapFaultException soapFaultException) {
717: throw getSOAPFaultException(soapFaultException, isSOAP12);
718: } catch (com.sun.xml.wss.XWSSecurityException xwse) {
719: com.sun.xml.wss.impl.WssSoapFaultException wsfe = SecurableSoapMessage
720: .newSOAPFaultException(
721: MessageConstants.WSSE_INTERNAL_SERVER_ERROR,
722: xwse.getMessage(), xwse);
723: throw getSOAPFaultException(wsfe, isSOAP12);
724: }
725: }
726:
727: private static SOAPFactory sf11 = null;
728: private static SOAPFactory sf12 = null;
729: static {
730: try {
731: sf11 = SOAPFactory.newInstance();
732: sf12 = SOAPFactory
733: .newInstance(SOAPConstants.SOAP_1_2_PROTOCOL);
734: } catch (Exception e) {
735: throw new RuntimeException(e);
736: }
737: }
738:
739: public SOAPFaultException getSOAPFaultException(
740: WssSoapFaultException sfe, boolean isSOAP12) {
741:
742: SOAPFault fault = null;
743: try {
744: if (isSOAP12) {
745: fault = sf12.createFault(sfe.getFaultString(),
746: SOAPConstants.SOAP_SENDER_FAULT);
747:
748: fault.appendFaultSubcode(sfe.getFaultCode());
749: } else {
750: fault = sf11.createFault(sfe.getFaultString(), sfe
751: .getFaultCode());
752: }
753: } catch (Exception e) {
754: throw new RuntimeException(
755: "com.sun.xml.rpc.security.SystemHandlerDelegateImpl: Internal Error while trying to create a SOAPFault");
756: }
757: return new SOAPFaultException(fault);
758: }
759:
760: /**
761: * Handles rpc-lit, rpc-encoded, doc-lit wrap/non-wrap, doc-encoded modes as follows:
762: *
763: * (1) rpc-lit, rpc-enc, doc-lit (wrap), doc-enc: First child of SOAPBody to contain
764: * Operation Identifier
765: * (2) doc-lit (non-wrap): Operation Identifier constructed as concatenated string
766: * of tag names of childs of SOAPBody
767: */
768: private String getOperationName(SOAPMessage message)
769: throws Exception {
770: Node node = null;
771: String key = null;
772: SOAPBody body = null;
773:
774: if (message != null)
775: body = message.getSOAPBody();
776: else
777: throw new XWSSecurityException(
778: "SOAPMessage in message context is null");
779:
780: if (body != null)
781: node = body.getFirstChild();
782: else
783: throw new XWSSecurityException(
784: "No body element identifying an operation is found");
785:
786: StringBuffer tmp = new StringBuffer("");
787: String operation = "";
788:
789: for (; node != null; node = node.getNextSibling())
790: tmp.append("{" + node.getNamespaceURI() + "}"
791: + node.getLocalName() + ":");
792: operation = tmp.toString();
793: if (operation.length() > 0) {
794: return operation.substring(0, operation.length() - 1);
795: } else {
796: return operation;
797: }
798: }
799:
800: /**
801: * Called before the method invocation.
802: * @param messageContext contains property bag with the scope of the
803: * properties
804: */
805: public void preInvokeEndpointHook(MessageContext messageContext) {
806:
807: }
808:
809: private void setSOAPMessage(
810: com.sun.xml.ws.spi.runtime.SOAPMessageContext msgContext,
811: ProcessingContext pc, boolean optimized) throws Exception {
812:
813: if (msgContext.isAlreadySoap()) {
814: if (MessageConstants.debug) {
815: System.out.println("ALREADY SOAP");
816: }
817: pc.setSOAPMessage(msgContext.getMessage());
818: return;
819: }
820: if (nonOpt) {
821: pc.setSOAPMessage(msgContext.getMessage());
822: return;
823: }
824:
825: String fiValue = (String) msgContext
826: .get("com.sun.xml.ws.client.ContentNegotiation");
827:
828: if (fiValue != null && fiValue.length() > 0) {
829: if ("optimistic".equals(fiValue)) {
830: SOAPMessage msg = expMF
831: .createMessage(msgContext, false);
832: if (MessageConstants.debug) {
833: System.out.println("CONSTRUCT SOAP");
834: }
835: pc.setSOAPMessage(msg);
836: return;
837: }
838: }
839:
840: MessagePolicy mpolicy = (MessagePolicy) pc.getSecurityPolicy();
841: if (MessageConstants.debug) {
842: System.out.println("SOAP Message is " + optimized);
843: System.out.println("SOAP Message is "
844: + mpolicy.getOptimizedType());
845: }
846: if (!optimized
847: || mpolicy.getOptimizedType() == MessageConstants.NOT_OPTIMIZED) {
848: SOAPMessage msg = expMF.createMessage(msgContext, false);
849:
850: if (MessageConstants.debug) {
851: System.out.println("CONSTRUCT SOAP");
852: }
853: pc.setSOAPMessage(msg);
854: } else {
855: if (MessageConstants.debug) {
856: System.out.println("CONSTRUCT SOAP EXPRESS");
857: }
858: SOAPMessage msg = expMF.createMessage(msgContext);
859: pc.setSOAPMessage(msg);
860: pc.setConfigType(mpolicy.getOptimizedType());
861: }
862: return;
863: }
864:
865: public void addFault(
866: com.sun.xml.wss.impl.WssSoapFaultException sfe,
867: SOAPMessage soapMessage, boolean isSOAP12)
868: throws SOAPException {
869: SOAPBody body = soapMessage.getSOAPBody();
870: body.removeContents();
871: soapMessage.removeAllAttachments();
872: QName faultCode = sfe.getFaultCode();
873: Name faultCodeName = null;
874:
875: if (faultCode == null) {
876: faultCode = new QName(SOAPConstants.URI_NS_SOAP_ENVELOPE,
877: "Client");
878: }
879: if (isSOAP12) {
880: SOAPFault fault = body.addFault(
881: SOAPConstants.SOAP_SENDER_FAULT, sfe.getMessage());
882: fault.appendFaultSubcode(faultCode);
883: } else {
884: body.addFault(faultCode, sfe.getMessage());
885: }
886: NodeList list = soapMessage.getSOAPPart().getEnvelope()
887: .getElementsByTagNameNS(MessageConstants.WSSE_NS,
888: MessageConstants.WSSE_SECURITY_LNAME);
889: if (list.getLength() > 0) {
890: Node node = list.item(0);
891: node.getParentNode().removeChild(node);
892: }
893: }
894: }
|