if (requestData.getOfferedSequenceId() != null && rc.configuration.requestResponseOperationsDetected()) {
// there is an offered sequence and this endpoint does contain some 2-way operations
// if this is a oneway-only endpoint, we simply ignore the offered sequence (WS-I RSP R0011)
if (rc.sequenceManager().isValid(requestData.getOfferedSequenceId())) {
// we already have such sequence
throw new CreateSequenceRefusedFault(
LocalizationMessages.WSRM_1137_OFFERED_ID_ALREADY_IN_USE(requestData.getOfferedSequenceId()),
Code.Sender);
}
final String wsaTo = rc.communicator.getWsaTo(request);
try {
requestDestination = new WSEndpointReference(new URI(wsaTo), rc.addressingVersion).toSpec();
} catch (URISyntaxException e) {
throw new CreateSequenceRefusedFault(
LocalizationMessages.WSRM_1129_INVALID_VALUE_OF_MESSAGE_HEADER("To", "CreateSequence", wsaTo),
Code.Sender,
e);
} catch (NullPointerException e) {
throw new CreateSequenceRefusedFault(
LocalizationMessages.WSRM_1130_MISSING_MESSAGE_HEADER("To", "CreateSequence", wsaTo),
Code.Sender,
e);
}
}
String receivedSctId = null;
if (requestData.getStrType() != null) { // RM messaging should be bound to a secured session
// FIXME: The STR processing should probably only check if the
// com.sun.xml.ws.runtime.util.Session was started by security tube
// and if the STR id equals to the one in this session...
String activeSctId = validator.getSecurityContextTokenId(request);
if (activeSctId == null) {
throw new CreateSequenceRefusedFault(
LocalizationMessages.WSRM_1133_NO_SECURITY_TOKEN_IN_REQUEST_PACKET(),
Code.Sender);
}
try {
receivedSctId = validator.extractSecurityTokenId(requestData.getStrType());
} catch (Exception ex) {
throw new CreateSequenceRefusedFault(
ex.getMessage(),
Code.Sender);
}
if (!activeSctId.equals(receivedSctId)) {
throw new CreateSequenceRefusedFault(
LocalizationMessages.WSRM_1131_SECURITY_TOKEN_AUTHORIZATION_ERROR(receivedSctId, activeSctId),
Code.Sender);
}
}