public void handleMessage()

in bindings/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java [64:130]

• 54 lines of code
• 19 McCabe index (conditional complexity)

    public void handleMessage(SoapMessage message) throws Fault {
     
        try {
            if (!delegateToJaas) {
                return;
            }
            Subject subject = (Subject) currentSubject.get();
            
            if (subject == null) {
                subject = new Subject();
                currentSubject.set(subject);
            }
            List<Object> results = (List<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
            if (results == null) {
                return;
            }
            for (Iterator iter = results.iterator(); iter.hasNext();) {
                WSHandlerResult hr = (WSHandlerResult) iter.next();
                if (hr == null || hr.getResults() == null) {
                    return;
                }
                boolean authenticated = false;
                
                //favor WSSE UsernameToken based authentication over X.509 certificate
                //based authentication. For that purpose we iterate twice over the 
                //WSHandler result list
                for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
                    WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
                        
                    if (er != null && er.get(WSSecurityEngineResult.TAG_PRINCIPAL) instanceof WSUsernameTokenPrincipal) {
                        WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal)er.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                        subject.getPrincipals().add(p);
                        this.authenticationService.authenticate(subject, domain, p.getName(), p.getPassword());
                        authenticated = true;
                    }
                }
                
                //Second iteration checking for X.509 certificate to run authentication on
                //but only if not already authenticated on WSSE UsernameToken
                if (!authenticated && x509) {
	                for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
	                  WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
	
	                    if (er != null && er.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES) instanceof X509Certificate) {
	                      X509Certificate cert = (X509Certificate)er.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
	                      this.authenticationService.authenticate(subject, domain, cert.getIssuerX500Principal().getName(), cert);
	                  }
	                }
                }
            }
            
            message.put(Subject.class, subject);
        } catch (GeneralSecurityException e) {
            throw new Fault(e);
        } catch (java.lang.reflect.UndeclaredThrowableException e) {
            java.lang.Throwable undeclared = e.getUndeclaredThrowable();
            if (undeclared != null
                    && undeclared instanceof java.lang.reflect.InvocationTargetException) {
                throw new Fault(
                        ((java.lang.reflect.InvocationTargetException) undeclared)
                                .getTargetException());
            }

        } finally {
            currentSubject.set(null);
        }
    }