viernes, 8 de febrero de 2013

Example of JAX-WS handler for accesing WS-Security UsernameToken info

//I really need to configure syntax highlighting and formatting again in my blog :(


package test;

import java.util.Iterator;
import java.util.Set;

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.soap.SOAPFaultException;

public class XSecurityJaxWsHandler implements SOAPHandler {

private class Credentials {
public String username = null;
public String password = null;
}

public Set getHeaders() {
return null;
}

public void close(MessageContext arg0) {
}

public boolean handleFault(SOAPMessageContext arg0) {
return true;
}

public boolean handleMessage(SOAPMessageContext messagecontext) {

Boolean outbound = (Boolean)messagecontext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

if (!outbound) {
try {
SOAPMessage message = messagecontext.getMessage();
SOAPHeader header = message.getSOAPHeader();

Credentials credentials = null;

           if (header != null) {
            credentials = extractCredentialsFromSOAPHeader(header);
           } else {
    generateSOAPFault("No se recibieron credenciales de autenticaci\u00F3n (elemento UsernameToken en SOAP header");
    return false;
           }
           
//do something with sec info...
           
} catch (SOAPException e) {
    generateSOAPFault(e.getMessage());
    e.printStackTrace();
    return false;
    }
}

return true;
}

private void generateSOAPFault(String reason) {
try {
SOAPMessage msg = MessageFactory.newInstance().createMessage();
SOAPBody soapBody = msg.getSOAPPart().getEnvelope().getBody();
SOAPFault soapFault = soapBody.addFault();
soapFault.setFaultString(reason);
throw new SOAPFaultException(soapFault); 
        }
        catch(SOAPException e) { 
        // uh?
        }
    }

private Credentials extractCredentialsFromSOAPHeader(SOAPHeader header) {
Credentials credentials = new Credentials();
    Iterator headersIt = header.getChildElements();
    while (headersIt.hasNext()) { //...
    Object nextHeader = headersIt.next();
    if(nextHeader instanceof SOAPHeaderElement) {
    SOAPHeaderElement soapHeader = (SOAPHeaderElement)nextHeader;
    if(soapHeader.getLocalName().equals("Security")) { //... (any version)
        Iterator secIt = soapHeader.getChildElements();
        while (secIt.hasNext()) {
        Object nextSecurityElement = secIt.next();
        if(nextSecurityElement instanceof SOAPElement) {
        SOAPElement securitySoapElement = (SOAPElement)nextSecurityElement;
        if(securitySoapElement.getLocalName().equals("UsernameToken")) { //...
        Iterator untSecIt = securitySoapElement.getChildElements();
        while (untSecIt.hasNext()) {
        Object nextUsernameTokenElement = untSecIt.next();
        if(nextUsernameTokenElement instanceof SOAPElement) {
        SOAPElement usernameTokenSoapChildElement = (SOAPElement)nextUsernameTokenElement;
        if(usernameTokenSoapChildElement.getLocalName().equals("Username")) { //...
        credentials.username = usernameTokenSoapChildElement.getFirstChild().getTextContent();
        } else if(usernameTokenSoapChildElement.getLocalName().equals("Password")) { //...
        credentials.password = usernameTokenSoapChildElement.getFirstChild().getTextContent();
        }
        }
        }
        }
        }
        }
    }
    }
    }
return credentials;
}

}

No hay comentarios: