SecurityScenario scenario = null;
try {
AxisService service = axisConfig.getServiceForActivation(serviceName);
if (service == null) {
throw new SecurityConfigException("AxisService is Null");
}
// at registry
String servicePath = RegistryResources.SERVICE_GROUPS
+ service.getAxisServiceGroup().getServiceGroupName()
+ RegistryResources.SERVICES + serviceName;
String policyResourcePath = servicePath + RegistryResources.POLICIES;
if (!registry.resourceExists(policyResourcePath)) {
return scenario;
}
Map endPointMap = service.getEndpoints();
for (Object o : endPointMap.entrySet()) {
scenario = null;
Map.Entry entry = (Map.Entry) o;
AxisEndpoint point = (AxisEndpoint) entry.getValue();
AxisBinding binding = point.getBinding();
java.util.Collection policies = binding.getPolicySubject()
.getAttachedPolicyComponents();
Iterator policyComponents = policies.iterator();
String policyId = "";
while (policyComponents.hasNext()) {
PolicyComponent currentPolicyComponent = (PolicyComponent) policyComponents
.next();
if (currentPolicyComponent instanceof Policy) {
policyId = ((Policy) currentPolicyComponent).getId();
} else if (currentPolicyComponent instanceof PolicyReference) {
policyId = ((PolicyReference) currentPolicyComponent).getURI().substring(1);
}
// Check whether this is a security scenario
scenario = SecurityScenarioDatabase.getByWsuId(policyId);
}
// If a scenario is NOT applied to at least one non HTTP
// binding,
// we consider the service unsecured.
if ((scenario == null)
&& (!binding.getName().getLocalPart().contains("HttpBinding"))) {
break;
}
}
// If the binding level policies are not present, check whether there is a policy attached
// at the service level. This is a fix for Securing Proxy Services.
if(scenario == null){
java.util.Collection policies = service.getPolicySubject()
.getAttachedPolicyComponents();
Iterator policyComponents = policies.iterator();
String policyId = "";
while (policyComponents.hasNext()) {
PolicyComponent currentPolicyComponent = (PolicyComponent) policyComponents
.next();
if (currentPolicyComponent instanceof Policy) {
policyId = ((Policy) currentPolicyComponent).getId();
} else if (currentPolicyComponent instanceof PolicyReference) {
policyId = ((PolicyReference) currentPolicyComponent).getURI().substring(1);
}
// Check whether this is a security scenario
scenario = SecurityScenarioDatabase.getByWsuId(policyId);
}
}
return scenario;
} catch (Exception e) {
throw new SecurityConfigException("readingSecurity", e);
}
}