* needs to send a HTTP 202 message (with no content)
*/
if (mc == null) {
return;
}
SoapVersion version = mc.getVersion();
RequestData reqData = new RequestData();
/*
* The overall try, just to have a finally at the end to perform some
* housekeeping.
*/
try {
WSSConfig config = WSSConfig.getNewInstance();
reqData.setWssConfig(config);
/*
* Setup any custom actions first by processing the input properties
* and reconfiguring the WSSConfig with the user defined properties.
*/
this.configureActions(mc, doDebug, version, config);
/*
* Get the action first.
*/
List<HandlerAction> actions =
CastUtils.cast((List<?>)getProperty(mc, WSHandlerConstants.HANDLER_ACTIONS));
if (actions == null) {
// If null then just fall back to the "action" String
String action = getString(WSHandlerConstants.ACTION, mc);
if (action == null) {
throw new SoapFault(new Message("NO_ACTION", LOG), version
.getReceiver());
}
actions = WSSecurityUtil.decodeHandlerAction(action, config);
}
if (actions.isEmpty()) {
return;
}
translateProperties(mc);
reqData.setMsgContext(mc);
reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
handleSecureMTOM(mc, actions);
/*
* For every action we need a username, so get this now. The
* username defined in the deployment descriptor takes precedence.
*/
reqData.setUsername((String) getOption(WSHandlerConstants.USER));
if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
String username = (String) getProperty(reqData.getMsgContext(),
WSHandlerConstants.USER);
if (username != null) {
reqData.setUsername(username);
}
}
/*
* Now we perform some set-up for UsernameToken and Signature
* functions. No need to do it for encryption only. Check if
* username is available and then get a passowrd.
*/
boolean userNameRequired = false;
for (HandlerAction handlerAction : actions) {
if ((handlerAction.getAction() == WSConstants.SIGN
|| handlerAction.getAction() == WSConstants.UT
|| handlerAction.getAction() == WSConstants.UT_SIGN)
&& (handlerAction.getActionToken() == null
|| handlerAction.getActionToken().getUser() == null)) {
userNameRequired = true;
break;
}
}
if (userNameRequired && (reqData.getUsername() == null || reqData.getUsername().equals(""))
&& (String)getOption(WSHandlerConstants.SIGNATURE_USER) == null) {
/*
* We need a username - if none throw an SoapFault. For
* encryption there is a specific parameter to get a username.
*/
throw new SoapFault(new Message("NO_USERNAME", LOG), version
.getReceiver());
}
if (doDebug) {
LOG.fine("Actor: " + reqData.getActor());
}
/*
* Now get the SOAP part from the request message and convert it
* into a Document. This forces CXF to serialize the SOAP request
* into FORM_STRING. This string is converted into a document.
* During the FORM_STRING serialization CXF performs multi-ref of
* complex data types (if requested), generates and inserts
* references for attachments and so on. The resulting Document
* MUST be the complete and final SOAP request as CXF would send it
* over the wire. Therefore this must shall be the last (or only)
* handler in a chain. Now we can perform our security operations on
* this request.
*/
SOAPMessage saaj = mc.getContent(SOAPMessage.class);
if (saaj == null) {
LOG.warning("SAAJOutHandler must be enabled for WS-Security!");
throw new SoapFault(new Message("NO_SAAJ_DOC", LOG), version
.getReceiver());
}
Document doc = saaj.getSOAPPart();
doSenderAction(doc, reqData, actions, Boolean.TRUE
.equals(getProperty(mc, org.apache.cxf.message.Message.REQUESTOR_ROLE)));
if (doDebug) {
LOG.fine("WSS4JOutInterceptor: exit handleMessage()");
}
} catch (WSSecurityException e) {
throw new SoapFault(new Message("SECURITY_FAILED", LOG), e, version
.getSender());
} finally {
reqData.clear();
reqData = null;
}