in modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java [73:171]
public InvocationResponse invoke(MessageContext msgContext)
throws AxisFault {
if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
return InvocationResponse.CONTINUE;
}
Policy policy = msgContext.getEffectivePolicy();
if(msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY) != null) {
policy = (Policy)msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY);
}
if(policy == null) {
policy = msgContext.getEffectivePolicy();
}
if(policy == null) {
Parameter param = msgContext.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
if(param != null) {
OMElement policyElem = param.getParameterElement().getFirstElement();
policy = PolicyEngine.getPolicy(policyElem);
}
}
if(policy == null) {
return InvocationResponse.CONTINUE;
}
Iterator<List<Assertion>> alternatives = policy.getAlternatives();
boolean securityPolicyPresent = false;
if(alternatives.hasNext()) {
List<Assertion> assertions = alternatives.next();
for (Iterator<Assertion> iterator = assertions.iterator(); iterator.hasNext();) {
Assertion assertion = iterator.next();
//Check for any *Binding assertion
if (assertion instanceof Binding) {
securityPolicyPresent = true;
break;
// There can be security policies containing only supporting tokens
} else if (assertion instanceof SupportingToken) {
securityPolicyPresent = true;
break;
}
}
}
if (securityPolicyPresent) {
RampartPolicyData rpd = (RampartPolicyData)msgContext.
getProperty(RampartMessageData.RAMPART_POLICY_DATA);
// Security policy data has not been populated at the time of verification
if (rpd == null ) {
throw new AxisFault("InvalidSecurity");
}
boolean isInitiator = false;
Parameter clientSideParam = msgContext.getAxisService().
getParameter(RampartMessageData.PARAM_CLIENT_SIDE);
if(clientSideParam != null) {
isInitiator = true;
}
//Now check for security processing results if security policy is available
if(RampartUtil.isSecHeaderRequired(rpd,isInitiator,true) &&
msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
throw new AxisFault("InvalidSecurity");
}
}
//Check for an empty security processing results when parameter based
//configuration is used
if(msgContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null ||
msgContext.getProperty(WSSHandlerConstants.INFLOW_SECURITY) != null) {
if(msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
throw new AxisFault("InvalidSecurity");
} else {
if(((List<WSHandlerResult>)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {
throw new AxisFault("InvalidSecurity");
}
}
}
// If a security header is there and Rampart is engaged, it has to be processed.
// If it is not processed, there must have been a problem in picking the policy
SOAPHeaderBlock secHeader = getSecurityHeader(msgContext);
if (secHeader != null && (secHeader.isProcessed() == false)) {
throw new AxisFault("InvalidSecurity - Security policy not found");
}
return InvocationResponse.CONTINUE;
}