org.opensaml.ws.security.provider.HTTPRule Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of openws Show documentation
Show all versions of openws Show documentation
The OpenWS library provides a growing set of tools to work with web services at a low level. These tools include
classes for creating and reading SOAP messages, transport-independent clients for connecting to web services,
and various transports for use with those clients.
The newest version!
/*
* Licensed to the University Corporation for Advanced Internet Development,
* Inc. (UCAID) under one or more contributor license agreements. See the
* NOTICE file distributed with this work for additional information regarding
* copyright ownership. The UCAID licenses this file to You under the Apache
* License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.opensaml.ws.security.provider;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.SecurityPolicyRule;
import org.opensaml.ws.transport.http.HTTPTransport;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A security rule that checks basic HTTP connection properties.
*/
public class HTTPRule implements SecurityPolicyRule {
/** Class logger. */
private final Logger log = LoggerFactory.getLogger(HTTPRule.class);
/** Expected content type of the request. */
private String requiredContentType;
/** Expected method of the request. */
private String requiredRequestMethod;
/** Whether the request must be secure. */
private boolean requireSecured;
/**
* Constructor.
*
* @param type expected content type
* @param method expected request method
* @param secured whether the request must be secured
*/
public HTTPRule(String type, String method, boolean secured) {
requiredContentType = DatatypeHelper.safeTrimOrNullString(type);
requiredRequestMethod = DatatypeHelper.safeTrimOrNullString(method);
requireSecured = secured;
}
/** {@inheritDoc} */
public void evaluate(MessageContext messageContext) throws SecurityPolicyException {
if (!(messageContext.getInboundMessageTransport() instanceof HTTPTransport)) {
log.debug("Message context was did not contain an HTTP transport, unable to evaluate security rule");
return;
}
doEvaluate(messageContext);
}
/**
* Evaluates if the message context transport, guaranteed to be of type {@link HTTPTransport}, meets all
* requirements.
*
* @param messageContext message context being evaluated
*
* @throws SecurityPolicyException thrown if the message context does not meet the requirements of an evaluated rule
*/
protected void doEvaluate(MessageContext messageContext) throws SecurityPolicyException {
HTTPTransport transport = (HTTPTransport) messageContext.getInboundMessageTransport();
evaluateContentType(transport);
evaluateRequestMethod(transport);
evaluateSecured(transport);
}
/**
* Checks if the transport is of the correct content type.
*
* @param transport transport being evalauted
*
* @throws SecurityPolicyException thrown if the content type was an unexpected value
*/
protected void evaluateContentType(HTTPTransport transport) throws SecurityPolicyException {
String transportContentType = transport.getHeaderValue("Content-Type");
if (requiredContentType != null && !transportContentType.startsWith(requiredContentType)) {
log.error("Invalid content type, expected " + requiredContentType + " but was " + transportContentType);
throw new SecurityPolicyException("Invalid content type, expected " + requiredContentType + " but was "
+ transportContentType);
}
}
/**
* Checks if the transport is of the correct request method.
*
* @param transport transport being evalauted
*
* @throws SecurityPolicyException thrown if the request method was an unexpected value
*/
protected void evaluateRequestMethod(HTTPTransport transport) throws SecurityPolicyException {
String transportMethod = transport.getHTTPMethod();
if (requiredRequestMethod != null && !transportMethod.equalsIgnoreCase(requiredRequestMethod)) {
log.error("Invalid request method, expected " + requiredRequestMethod + " but was " + transportMethod);
throw new SecurityPolicyException("Invalid request method, expected " + requiredRequestMethod + " but was "
+ transportMethod);
}
}
/**
* Checks if the transport is secured.
*
* @param transport transport being evalauted
*
* @throws SecurityPolicyException thrown if the transport is not secure and was required to be
*/
protected void evaluateSecured(HTTPTransport transport) throws SecurityPolicyException {
if (requireSecured && !transport.isConfidential()) {
log.error("Request was required to be secured but was not");
throw new SecurityPolicyException("Request was required to be secured but was not");
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy