This project has retired. For details please refer to its Attic page.
WebSphereAuthHandler xref

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.chemistry.opencmis.server.impl.webservices;
20  
21  import java.io.StringReader;
22  import java.util.HashMap;
23  import java.util.List;
24  import java.util.Map;
25  import java.util.Set;
26  
27  import javax.xml.bind.JAXBElement;
28  import javax.xml.bind.Unmarshaller;
29  import javax.xml.namespace.QName;
30  import javax.xml.ws.handler.MessageContext;
31  import javax.xml.ws.handler.MessageContext.Scope;
32  import javax.xml.ws.handler.soap.SOAPHandler;
33  import javax.xml.ws.handler.soap.SOAPMessageContext;
34  
35  public class WebSphereAuthHandler extends AbstractUsernameTokenAuthHandler implements SOAPHandler<SOAPMessageContext> {
36  
37      public Set<QName> getHeaders() {
38          return HEADERS;
39      }
40  
41      public void close(MessageContext context) {
42      }
43  
44      public boolean handleFault(SOAPMessageContext context) {
45          return true;
46      }
47  
48      @SuppressWarnings("unchecked")
49      public boolean handleMessage(SOAPMessageContext context) {
50          Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
51          if (outboundProperty.booleanValue()) {
52              // we are only looking at inbound messages
53              return true;
54          }
55  
56          Map<String, String> callContextMap = null;
57  
58          Map<QName, List<String>> requestHeaders = (Map<QName, List<String>>) context
59                  .get("jaxws.binding.soap.headers.inbound");
60  
61          if (requestHeaders != null) {
62              List<String> secHeaders = requestHeaders.get(WSSE_SECURITY);
63              if (secHeaders != null && secHeaders.size() > 0) {
64                  try {
65                      Unmarshaller unmarshaller = WSSE_CONTEXT.createUnmarshaller();
66  
67                      for (String h : secHeaders) {
68                          try {
69                              JAXBElement<SecurityHeaderType> sht = (JAXBElement<SecurityHeaderType>) unmarshaller
70                                      .unmarshal(new StringReader(h));
71  
72                              callContextMap = extractUsernamePassword(sht);
73                              if (callContextMap != null) {
74                                  break;
75                              }
76  
77                          } catch (Exception e) {
78                              // unmarshalling failed, maybe another header -
79                              // ignore
80                          }
81                      }
82                  } catch (Exception e) {
83                      // JAXB problem - ignore
84                  }
85              }
86          }
87  
88          // add user and password to context
89          if (callContextMap == null) {
90              callContextMap = new HashMap<String, String>();
91          }
92  
93          context.put(AbstractService.CALL_CONTEXT_MAP, callContextMap);
94          context.setScope(AbstractService.CALL_CONTEXT_MAP, Scope.APPLICATION);
95  
96          return true;
97      }
98  }