loanfund
Class ServiceRequest

java.lang.Object
  extended by loanfund.ServiceRequest

public class ServiceRequest
extends java.lang.Object

The ServiceRequest is used to parse the request and save the information that we need to verify the validity of the message and to find the information needed in the response.

Author:
Gunn Olaussen & Kirsti N. Torgersen

Field Summary
private  org.w3c.dom.Node authenticationAssertion
           
private  java.lang.String authenticationIssuer
           
private  org.w3c.dom.Node authorizationAssertion
           
private  java.lang.String authorizationIssuer
           
private  java.lang.String language
           
private static long MAX_TIME_DEVIATION
           
private  javax.xml.soap.SOAPMessage message
           
private  java.lang.String messageid
           
private  java.lang.String resourceid
           
private static long SESSION_TIME_TO_LIVE
           
private  java.util.Date sessiontimeout
           
private  java.util.Date timestamp
           
private  java.lang.String userid
           
 
Constructor Summary
ServiceRequest(javax.xml.soap.SOAPMessage message)
          The constructor tries to parse the body and the header of the SOAP message.
 
Method Summary
 java.lang.String getLanguage()
           
 java.lang.String getMessageID()
           
 java.util.Date getTimestamp()
           
 java.lang.String getUserID()
           
private  void parseBody(org.w3c.dom.Node node)
          This method runs through all the nodes in the request body to find the nodes we need, which are the language and resourceID.
private  void parseHeader(javax.xml.soap.SOAPHeader header)
          This method parses the header of the message and checks the timestamp for possible replay of messages.
private  java.lang.String prepareAssertion(java.lang.String assertion, boolean removeOnlySecond)
          This method removes extra spaces, line breaks, wrong namespaces and the signature element to make the assertion similar at all times when using it for signing and signature verification.
private  void processAuthenticationToken(org.w3c.dom.Node token, int parsingDebth)
          This method processes the authentication assertion that was in the header.
private  void processAuthorizationToken(org.w3c.dom.Node token, int parsingDebth)
          This method processes the authorisation assertion that was in the header.
 boolean sessionTimedOut()
           
 java.lang.String toString()
          Returns a string representation of this request.
private  void validateSignature(org.w3c.dom.Node signaturenode, boolean authentication)
          This method validates the signature and throws an Exception if there is something wrong, to indicate that an invalid assertion and that we should not proceed with creating a response.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

MAX_TIME_DEVIATION

private static final long MAX_TIME_DEVIATION
See Also:
Constant Field Values

SESSION_TIME_TO_LIVE

private static final long SESSION_TIME_TO_LIVE
See Also:
Constant Field Values

sessiontimeout

private java.util.Date sessiontimeout

timestamp

private java.util.Date timestamp

authorizationAssertion

private org.w3c.dom.Node authorizationAssertion

authenticationAssertion

private org.w3c.dom.Node authenticationAssertion

message

private javax.xml.soap.SOAPMessage message

authenticationIssuer

private java.lang.String authenticationIssuer

authorizationIssuer

private java.lang.String authorizationIssuer

language

private java.lang.String language

messageid

private java.lang.String messageid

resourceid

private java.lang.String resourceid

userid

private java.lang.String userid
Constructor Detail

ServiceRequest

public ServiceRequest(javax.xml.soap.SOAPMessage message)
               throws ServiceRequestException
The constructor tries to parse the body and the header of the SOAP message. Throwing a ServiceRequestException means that it is not possible to create a proper response.

Parameters:
message - SOAPMessage The SOAPMessage containing the request
Throws:
ServiceRequestException - Thrown to show that the request parsing was unsuccessful
Method Detail

parseHeader

private void parseHeader(javax.xml.soap.SOAPHeader header)
                  throws javax.xml.soap.SOAPException,
                         ServiceRequestException,
                         java.security.GeneralSecurityException
This method parses the header of the message and checks the timestamp for possible replay of messages. The authorisation assertion is processed by a separate method.

Throws:
javax.xml.soap.SOAPException
ServiceRequestException
java.security.GeneralSecurityException

processAuthorizationToken

private void processAuthorizationToken(org.w3c.dom.Node token,
                                       int parsingDebth)
                                throws javax.xml.soap.SOAPException,
                                       ServiceRequestException,
                                       java.security.GeneralSecurityException
This method processes the authorisation assertion that was in the header.

Throws:
javax.xml.soap.SOAPException
ServiceRequestException
java.security.GeneralSecurityException

processAuthenticationToken

private void processAuthenticationToken(org.w3c.dom.Node token,
                                        int parsingDebth)
                                 throws javax.xml.soap.SOAPException,
                                        ServiceRequestException,
                                        java.security.GeneralSecurityException
This method processes the authentication assertion that was in the header. It checks the issuer, expiration dates and the authentication instant to see if this is still valid. The signature element is checked by a separate method.

Throws:
javax.xml.soap.SOAPException
ServiceRequestException
java.security.GeneralSecurityException

prepareAssertion

private java.lang.String prepareAssertion(java.lang.String assertion,
                                          boolean removeOnlySecond)
This method removes extra spaces, line breaks, wrong namespaces and the signature element to make the assertion similar at all times when using it for signing and signature verification. This method is used both for the authentication and authorization assertion so the second parameter tells us how much should be removed.


validateSignature

private void validateSignature(org.w3c.dom.Node signaturenode,
                               boolean authentication)
                        throws java.security.GeneralSecurityException
This method validates the signature and throws an Exception if there is something wrong, to indicate that an invalid assertion and that we should not proceed with creating a response.

Throws:
java.security.GeneralSecurityException

parseBody

private void parseBody(org.w3c.dom.Node node)
                throws javax.xml.soap.SOAPException
This method runs through all the nodes in the request body to find the nodes we need, which are the language and resourceID.

Throws:
javax.xml.soap.SOAPException

getLanguage

public java.lang.String getLanguage()
Returns:
String The language code or english if not set

getUserID

public java.lang.String getUserID()
Returns:
String The userid from the request

getMessageID

public java.lang.String getMessageID()
Returns:
String The messageid of the request

getTimestamp

public java.util.Date getTimestamp()
Returns:
Date The timestamp on the request

sessionTimedOut

public boolean sessionTimedOut()
Returns:
boolean Returns true if the session has timed out and false if not

toString

public java.lang.String toString()
Returns a string representation of this request.

Overrides:
toString in class java.lang.Object
See Also:
Object.toString()