1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.kuali.student.security.cxf.interceptors;
17
18 import java.io.StringWriter;
19 import java.util.Map;
20 import java.util.Vector;
21
22 import javax.xml.namespace.QName;
23 import javax.xml.soap.SOAPException;
24 import javax.xml.soap.SOAPMessage;
25 import javax.xml.stream.XMLStreamException;
26 import javax.xml.transform.Transformer;
27 import javax.xml.transform.TransformerFactory;
28 import javax.xml.transform.dom.DOMSource;
29 import javax.xml.transform.stream.StreamResult;
30
31 import org.apache.cxf.binding.soap.SoapMessage;
32 import org.apache.cxf.headers.Header;
33 import org.apache.cxf.interceptor.Fault;
34 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
35 import org.apache.ws.security.WSSecurityException;
36 import org.apache.ws.security.handler.RequestData;
37 import org.apache.ws.security.processor.SAMLTokenProcessor;
38 import org.opensaml.SAMLAssertion;
39 import org.springframework.security.context.SecurityContextHolder;
40 import org.springframework.security.providers.cas.CasAuthenticationToken;
41 import org.w3c.dom.Element;
42 import org.w3c.dom.Node;
43 import org.w3c.dom.NodeList;
44
45 public class SamlTokenCxfInInterceptor extends WSS4JInInterceptor {
46
47 private String samlIssuerForUser = null;
48
49 public SamlTokenCxfInInterceptor(Map<String, Object> properties) {
50 super(properties);
51 }
52
53 @Override
54 protected void computeAction(SoapMessage msg, RequestData reqData) {
55 super.computeAction(msg, reqData);
56 }
57
58 @Override
59 protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult) throws SOAPException, XMLStreamException, WSSecurityException {
60 super.doResults(msg, actor, doc, wsResult);
61
62 QName wsseQN = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
63 if (msg.hasHeader(wsseQN)) {
64 Header wsseHeader = msg.getHeader(wsseQN);
65
66 if (wsseHeader != null) {
67 Node domSecurityHeader = (Node) wsseHeader.getObject();
68 NodeList nodeList = domSecurityHeader.getChildNodes();
69 Node childNode = null;
70
71 for (int i = 0; i < nodeList.getLength(); i++) {
72 childNode = nodeList.item(i);
73
74 if ((childNode.getNodeName().equals("Assertion")) && (childNode.getNodeType() == Node.ELEMENT_NODE)) {
75 SAMLTokenProcessor stp = new SAMLTokenProcessor();
76
77 try {
78 SAMLAssertion samlAssertion = stp.handleSAMLToken((Element) childNode);
79
80 if (samlAssertion.getIssuer().equals(samlIssuerForUser)) {
81 CasAuthenticationToken cat = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
82 cat.setDetails(samlAssertion);
83 break;
84 }
85 } catch (Exception e) {
86 throw new RuntimeException(e);
87 }
88 }
89 }
90 }
91
92 System.out.println("\n\n THE WHOLE MESSAGE RECEIVED IN INTERCEPTOR ...... ");
93 Node env = msg.getContent(Node.class);
94 DOMSource domSource = new DOMSource(env);
95 StringWriter writer = new StringWriter();
96 StreamResult result = new StreamResult(writer);
97
98 TransformerFactory tf = TransformerFactory.newInstance();
99 Transformer transformer;
100 try {
101 transformer = tf.newTransformer();
102 transformer.transform(domSource, result);
103 } catch (Exception e) {
104 e.printStackTrace();
105 }
106 writer.flush();
107 System.out.println(writer.toString());
108
109 }
110 }
111
112 @Override
113 public void handleMessage(SoapMessage msg) throws Fault {
114 super.handleMessage(msg);
115 }
116
117 @Override
118 public void setIgnoreActions(boolean i) {
119 super.setIgnoreActions(i);
120 }
121
122 public String getSamlIssuerForUser() {
123 return samlIssuerForUser;
124 }
125
126 public void setSamlIssuerForUser(String samlIssuerForUser) {
127 this.samlIssuerForUser = samlIssuerForUser;
128 }
129
130 }