axis2/java/rampart/code-coverage/org.apache.rampart.handler/PostDispatchVerificationHandler.java.html - axis-site - Git at Google

 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>PostDispatchVerificationHandler.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> &gt; <a href="index.source.html" class="el_package">org.apache.rampart.handler</a> &gt; <span class="el_source">PostDispatchVerificationHandler.java</span></div><h1>PostDispatchVerificationHandler.java</h1><pre class="source lang-java linenums">/*
  * Copyright 2004,2005 The Apache Software Foundation.
  *
  * Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.rampart.handler;

 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.om.OMException;
 import org.apache.axiom.soap.SOAPHeader;
 import org.apache.axiom.soap.SOAPHeaderBlock;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.description.HandlerDescription;
 import org.apache.axis2.description.Parameter;
 import org.apache.axis2.engine.Handler;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyEngine;
 import org.apache.rampart.RampartMessageData;
 import org.apache.rampart.policy.RampartPolicyData;
 import org.apache.rampart.util.RampartUtil;
 import org.apache.ws.secpolicy.model.Binding;
 import org.apache.ws.secpolicy.model.SupportingToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;

 import java.util.Iterator;
 import java.util.List;

 /**
  * Handler to verify the message security after dispatch
  *
  */
 <span class="fc" id="L47">public class PostDispatchVerificationHandler implements Handler {</span>

     private HandlerDescription handlerDesc;

     public void cleanup() {
 <span class="nc" id="L52">    }</span>

     public void flowComplete(MessageContext msgContext) {
 <span class="fc" id="L55">    }</span>

     public HandlerDescription getHandlerDesc() {
 <span class="fc" id="L58">        return this.handlerDesc;</span>
     }

     public String getName() {
 <span class="nc" id="L62">        return &quot;Post dispatch security verification handler&quot;;</span>
     }

     public Parameter getParameter(String name) {
 <span class="nc" id="L66">        return this.handlerDesc.getParameter(name);</span>
     }

     public void init(HandlerDescription handlerDesc) {
 <span class="fc" id="L70">        this.handlerDesc = handlerDesc;</span>
 <span class="fc" id="L71">    }</span>

     public InvocationResponse invoke(MessageContext msgContext)
             throws AxisFault {

 <span class="fc bfc" id="L76" title="All 2 branches covered.">        if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {</span>
 <span class="fc" id="L77">          return InvocationResponse.CONTINUE;</span>
         }

 <span class="fc" id="L80">        Policy policy = msgContext.getEffectivePolicy();</span>

 <span class="fc bfc" id="L82" title="All 2 branches covered.">        if(msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY) != null) {</span>
 <span class="fc" id="L83">            policy = (Policy)msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY);</span>
         }


 <span class="pc bpc" id="L87" title="1 of 2 branches missed.">        if(policy == null) {</span>
 <span class="nc" id="L88">            policy = msgContext.getEffectivePolicy();</span>
         }

 <span class="pc bpc" id="L91" title="1 of 2 branches missed.">        if(policy == null) {</span>
 <span class="nc" id="L92">            Parameter param = msgContext.getParameter(RampartMessageData.KEY_RAMPART_POLICY);</span>
 <span class="nc bnc" id="L93" title="All 2 branches missed.">            if(param != null) {</span>
 <span class="nc" id="L94">                OMElement policyElem = param.getParameterElement().getFirstElement();</span>
 <span class="nc" id="L95">                policy = PolicyEngine.getPolicy(policyElem);</span>
             }
         }

 <span class="pc bpc" id="L99" title="1 of 2 branches missed.">        if(policy == null) {</span>
 <span class="nc" id="L100">            return InvocationResponse.CONTINUE;</span>
         }

 <span class="fc" id="L103">        Iterator&lt;List&lt;Assertion&gt;&gt; alternatives = policy.getAlternatives();</span>

 <span class="fc" id="L105">        boolean securityPolicyPresent = false;</span>
 <span class="pc bpc" id="L106" title="1 of 2 branches missed.">        if(alternatives.hasNext()) {</span>
 <span class="fc" id="L107">            List&lt;Assertion&gt; assertions = alternatives.next();</span>
 <span class="pc bpc" id="L108" title="1 of 2 branches missed.">            for (Iterator&lt;Assertion&gt; iterator = assertions.iterator(); iterator.hasNext();) {</span>
 <span class="fc" id="L109">                Assertion assertion = iterator.next();</span>
                 //Check for any *Binding assertion
 <span class="fc bfc" id="L111" title="All 2 branches covered.">                if (assertion instanceof Binding) {</span>
 <span class="fc" id="L112">                    securityPolicyPresent = true;</span>
 <span class="fc" id="L113">                    break;</span>
                 // There can be  security policies containing only supporting tokens
 <span class="pc bpc" id="L115" title="1 of 2 branches missed.">                } else if (assertion instanceof SupportingToken) {</span>
 <span class="nc" id="L116">                    securityPolicyPresent = true; </span>
 <span class="nc" id="L117">                    break;</span>
                 }
 <span class="fc" id="L119">            }</span>
         }


 <span class="pc bpc" id="L124" title="1 of 2 branches missed.">        if (securityPolicyPresent) {</span>
 <span class="fc" id="L125">            RampartPolicyData rpd = (RampartPolicyData)msgContext.</span>
                                                 getProperty(RampartMessageData.RAMPART_POLICY_DATA);
             // Security policy data has not been populated at the time of verification
 <span class="pc bpc" id="L128" title="1 of 2 branches missed.">            if (rpd == null ) {</span>
 <span class="nc" id="L129">                throw new AxisFault(&quot;InvalidSecurity&quot;);</span>
             }

 <span class="fc" id="L132">            boolean isInitiator = false;</span>
 <span class="fc" id="L133">            Parameter clientSideParam = msgContext.getAxisService().</span>
                                                 getParameter(RampartMessageData.PARAM_CLIENT_SIDE);
 <span class="fc bfc" id="L135" title="All 2 branches covered.">            if(clientSideParam != null) {</span>
 <span class="fc" id="L136">                isInitiator = true;</span>
             }

             //Now check for security processing results if security policy is available
 <span class="pc bpc" id="L140" title="2 of 4 branches missed.">            if(RampartUtil.isSecHeaderRequired(rpd,isInitiator,true) &amp;&amp; </span>
                                   msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
 <span class="nc" id="L142">                throw new AxisFault(&quot;InvalidSecurity&quot;);</span>
             }

         }

         //Check for an empty security processing results when parameter based
         //configuration is used
 <span class="pc bpc" id="L149" title="2 of 4 branches missed.">        if(msgContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null ||</span>
                 msgContext.getProperty(WSSHandlerConstants.INFLOW_SECURITY) != null) {
 <span class="nc bnc" id="L151" title="All 2 branches missed.">            if(msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {</span>
 <span class="nc" id="L152">                    throw new AxisFault(&quot;InvalidSecurity&quot;);</span>
             } else {
 <span class="nc bnc" id="L154" title="All 2 branches missed.">                if(((List&lt;WSHandlerResult&gt;)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {</span>
 <span class="nc" id="L155">                    throw new AxisFault(&quot;InvalidSecurity&quot;);</span>
                 }
             }
         }

         // If a security header is there and Rampart is engaged, it has to be processed.
         // If it is not processed, there must have been a problem in picking the policy

 <span class="fc" id="L163">        SOAPHeaderBlock secHeader = getSecurityHeader(msgContext);</span>

 <span class="pc bpc" id="L165" title="2 of 4 branches missed.">        if (secHeader != null &amp;&amp; (secHeader.isProcessed() == false)) {</span>
 <span class="nc" id="L166">            throw new AxisFault(&quot;InvalidSecurity - Security policy not found&quot;);</span>
         }

 <span class="fc" id="L169">        return InvocationResponse.CONTINUE;</span>

     }

     private SOAPHeaderBlock getSecurityHeader(MessageContext msgContext) throws AxisFault {

 <span class="fc" id="L175">        SOAPHeader header = null;</span>
         try {
 <span class="fc" id="L177">            header = msgContext.getEnvelope().getHeader();</span>
 <span class="nc" id="L178">        } catch (OMException ex) {</span>
 <span class="nc" id="L179">            throw new AxisFault(</span>
                 &quot;PostDispatchVerificationHandler: cannot get SOAP header after security processing&quot;,
                     ex);
 <span class="fc" id="L182">        }</span>

 <span class="pc bpc" id="L184" title="1 of 2 branches missed.">        if(header == null) {</span>
 <span class="nc" id="L185">            return null;</span>
         }

 <span class="fc" id="L188">        Iterator headers = header.getChildElements();</span>

 <span class="fc" id="L190">        SOAPHeaderBlock headerBlock = null;</span>

 <span class="pc bpc" id="L192" title="1 of 2 branches missed.">        while (headers.hasNext()) { </span>
             // Find the wsse header
 <span class="fc" id="L194">            SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();</span>
 <span class="pc bpc" id="L195" title="2 of 4 branches missed.">            if (hb.getLocalName().equals(WSConstants.WSSE_LN)</span>
                     &amp;&amp; hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
 <span class="fc" id="L197">                headerBlock = hb;</span>
 <span class="fc" id="L198">                break;</span>
             }
 <span class="nc" id="L200">        }</span>

 <span class="fc" id="L202">        return headerBlock;</span>


     }

 }
 </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html>
	<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>PostDispatchVerificationHandler.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> > <a href="index.source.html" class="el_package">org.apache.rampart.handler</a> > <span class="el_source">PostDispatchVerificationHandler.java</span></div><h1>PostDispatchVerificationHandler.java</h1><pre class="source lang-java linenums">/*
	* Copyright 2004,2005 The Apache Software Foundation.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.rampart.handler;

	import org.apache.axiom.om.OMElement;
	import org.apache.axiom.om.OMException;
	import org.apache.axiom.soap.SOAPHeader;
	import org.apache.axiom.soap.SOAPHeaderBlock;
	import org.apache.axis2.AxisFault;
	import org.apache.axis2.context.MessageContext;
	import org.apache.axis2.description.HandlerDescription;
	import org.apache.axis2.description.Parameter;
	import org.apache.axis2.engine.Handler;
	import org.apache.neethi.Assertion;
	import org.apache.neethi.Policy;
	import org.apache.neethi.PolicyEngine;
	import org.apache.rampart.RampartMessageData;
	import org.apache.rampart.policy.RampartPolicyData;
	import org.apache.rampart.util.RampartUtil;
	import org.apache.ws.secpolicy.model.Binding;
	import org.apache.ws.secpolicy.model.SupportingToken;
	import org.apache.ws.security.WSConstants;
	import org.apache.ws.security.handler.WSHandlerConstants;
	import org.apache.ws.security.handler.WSHandlerResult;

	import java.util.Iterator;
	import java.util.List;

	/**
	* Handler to verify the message security after dispatch
	*
	*/
	<span class="fc" id="L47">public class PostDispatchVerificationHandler implements Handler {</span>

	private HandlerDescription handlerDesc;

	public void cleanup() {
	<span class="nc" id="L52"> }</span>

	public void flowComplete(MessageContext msgContext) {
	<span class="fc" id="L55"> }</span>

	public HandlerDescription getHandlerDesc() {
	<span class="fc" id="L58"> return this.handlerDesc;</span>
	}

	public String getName() {
	<span class="nc" id="L62"> return "Post dispatch security verification handler";</span>
	}

	public Parameter getParameter(String name) {
	<span class="nc" id="L66"> return this.handlerDesc.getParameter(name);</span>
	}

	public void init(HandlerDescription handlerDesc) {
	<span class="fc" id="L70"> this.handlerDesc = handlerDesc;</span>
	<span class="fc" id="L71"> }</span>

	public InvocationResponse invoke(MessageContext msgContext)
	throws AxisFault {

	<span class="fc bfc" id="L76" title="All 2 branches covered."> if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {</span>
	<span class="fc" id="L77"> return InvocationResponse.CONTINUE;</span>
	}

	<span class="fc" id="L80"> Policy policy = msgContext.getEffectivePolicy();</span>

	<span class="fc bfc" id="L82" title="All 2 branches covered."> if(msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY) != null) {</span>
	<span class="fc" id="L83"> policy = (Policy)msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY);</span>
	}


	<span class="pc bpc" id="L87" title="1 of 2 branches missed."> if(policy == null) {</span>
	<span class="nc" id="L88"> policy = msgContext.getEffectivePolicy();</span>
	}

	<span class="pc bpc" id="L91" title="1 of 2 branches missed."> if(policy == null) {</span>
	<span class="nc" id="L92"> Parameter param = msgContext.getParameter(RampartMessageData.KEY_RAMPART_POLICY);</span>
	<span class="nc bnc" id="L93" title="All 2 branches missed."> if(param != null) {</span>
	<span class="nc" id="L94"> OMElement policyElem = param.getParameterElement().getFirstElement();</span>
	<span class="nc" id="L95"> policy = PolicyEngine.getPolicy(policyElem);</span>
	}
	}

	<span class="pc bpc" id="L99" title="1 of 2 branches missed."> if(policy == null) {</span>
	<span class="nc" id="L100"> return InvocationResponse.CONTINUE;</span>
	}

	<span class="fc" id="L103"> Iterator<List<Assertion>> alternatives = policy.getAlternatives();</span>

	<span class="fc" id="L105"> boolean securityPolicyPresent = false;</span>
	<span class="pc bpc" id="L106" title="1 of 2 branches missed."> if(alternatives.hasNext()) {</span>
	<span class="fc" id="L107"> List<Assertion> assertions = alternatives.next();</span>
	<span class="pc bpc" id="L108" title="1 of 2 branches missed."> for (Iterator<Assertion> iterator = assertions.iterator(); iterator.hasNext();) {</span>
	<span class="fc" id="L109"> Assertion assertion = iterator.next();</span>
	//Check for any *Binding assertion
	<span class="fc bfc" id="L111" title="All 2 branches covered."> if (assertion instanceof Binding) {</span>
	<span class="fc" id="L112"> securityPolicyPresent = true;</span>
	<span class="fc" id="L113"> break;</span>
	// There can be security policies containing only supporting tokens
	<span class="pc bpc" id="L115" title="1 of 2 branches missed."> } else if (assertion instanceof SupportingToken) {</span>
	<span class="nc" id="L116"> securityPolicyPresent = true; </span>
	<span class="nc" id="L117"> break;</span>
	}
	<span class="fc" id="L119"> }</span>
	}



	<span class="pc bpc" id="L124" title="1 of 2 branches missed."> if (securityPolicyPresent) {</span>
	<span class="fc" id="L125"> RampartPolicyData rpd = (RampartPolicyData)msgContext.</span>
	getProperty(RampartMessageData.RAMPART_POLICY_DATA);
	// Security policy data has not been populated at the time of verification
	<span class="pc bpc" id="L128" title="1 of 2 branches missed."> if (rpd == null ) {</span>
	<span class="nc" id="L129"> throw new AxisFault("InvalidSecurity");</span>
	}

	<span class="fc" id="L132"> boolean isInitiator = false;</span>
	<span class="fc" id="L133"> Parameter clientSideParam = msgContext.getAxisService().</span>
	getParameter(RampartMessageData.PARAM_CLIENT_SIDE);
	<span class="fc bfc" id="L135" title="All 2 branches covered."> if(clientSideParam != null) {</span>
	<span class="fc" id="L136"> isInitiator = true;</span>
	}

	//Now check for security processing results if security policy is available
	<span class="pc bpc" id="L140" title="2 of 4 branches missed."> if(RampartUtil.isSecHeaderRequired(rpd,isInitiator,true) && </span>
	msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
	<span class="nc" id="L142"> throw new AxisFault("InvalidSecurity");</span>
	}

	}

	//Check for an empty security processing results when parameter based
	//configuration is used
	<span class="pc bpc" id="L149" title="2 of 4 branches missed."> if(msgContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null \|\|</span>
	msgContext.getProperty(WSSHandlerConstants.INFLOW_SECURITY) != null) {
	<span class="nc bnc" id="L151" title="All 2 branches missed."> if(msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {</span>
	<span class="nc" id="L152"> throw new AxisFault("InvalidSecurity");</span>
	} else {
	<span class="nc bnc" id="L154" title="All 2 branches missed."> if(((List<WSHandlerResult>)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {</span>
	<span class="nc" id="L155"> throw new AxisFault("InvalidSecurity");</span>
	}
	}
	}

	// If a security header is there and Rampart is engaged, it has to be processed.
	// If it is not processed, there must have been a problem in picking the policy

	<span class="fc" id="L163"> SOAPHeaderBlock secHeader = getSecurityHeader(msgContext);</span>

	<span class="pc bpc" id="L165" title="2 of 4 branches missed."> if (secHeader != null && (secHeader.isProcessed() == false)) {</span>
	<span class="nc" id="L166"> throw new AxisFault("InvalidSecurity - Security policy not found");</span>
	}

	<span class="fc" id="L169"> return InvocationResponse.CONTINUE;</span>

	}

	private SOAPHeaderBlock getSecurityHeader(MessageContext msgContext) throws AxisFault {

	<span class="fc" id="L175"> SOAPHeader header = null;</span>
	try {
	<span class="fc" id="L177"> header = msgContext.getEnvelope().getHeader();</span>
	<span class="nc" id="L178"> } catch (OMException ex) {</span>
	<span class="nc" id="L179"> throw new AxisFault(</span>
	"PostDispatchVerificationHandler: cannot get SOAP header after security processing",
	ex);
	<span class="fc" id="L182"> }</span>

	<span class="pc bpc" id="L184" title="1 of 2 branches missed."> if(header == null) {</span>
	<span class="nc" id="L185"> return null;</span>
	}

	<span class="fc" id="L188"> Iterator headers = header.getChildElements();</span>

	<span class="fc" id="L190"> SOAPHeaderBlock headerBlock = null;</span>

	<span class="pc bpc" id="L192" title="1 of 2 branches missed."> while (headers.hasNext()) { </span>
	// Find the wsse header
	<span class="fc" id="L194"> SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();</span>
	<span class="pc bpc" id="L195" title="2 of 4 branches missed."> if (hb.getLocalName().equals(WSConstants.WSSE_LN)</span>
	&& hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
	<span class="fc" id="L197"> headerBlock = hb;</span>
	<span class="fc" id="L198"> break;</span>
	}
	<span class="nc" id="L200"> }</span>

	<span class="fc" id="L202"> return headerBlock;</span>


	}

	}
	</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html>