public class WSSecurityEngine extends Object
Modifier and Type | Field and Description |
---|---|
static QName |
BINARY_TOKEN
wsse:BinarySecurityToken as defined by WS Security specification |
static QName |
DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken as defined by WS-SecureConversation specification |
static QName |
DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX |
static QName |
ENCRYPTED_ASSERTION
saml:EncryptedAssertion as defined by SAML v2.0 specification |
static QName |
ENCRYPTED_DATA
xenc:EncryptedData as defined by XML Encryption specification,
enhanced by WS Security specification |
static QName |
ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification,
enhanced by WS Security specification |
static QName |
REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification, |
static QName |
SAML_TOKEN
saml:Assertion as defined by SAML v1.1 specification |
static QName |
SAML2_TOKEN
saml:Assertion as defined by SAML v2.0 specification |
static QName |
SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken as defined by WS-SecureConversation specification |
static QName |
SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken as defined by WS-SecureConversation specification in
WS-SX |
static QName |
SIGNATURE
ds:Signature as defined by XML Signature specification,
enhanced by WS Security specification |
static QName |
SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation as defined by OASIS WS Security specification, |
static QName |
TIMESTAMP
wsu:Timestamp as defined by OASIS WS Security specification, |
static QName |
USERNAME_TOKEN
wsse:UsernameToken as defined by WS Security specification |
Constructor and Description |
---|
WSSecurityEngine() |
Modifier and Type | Method and Description |
---|---|
CallbackLookup |
getCallbackLookup()
Get the CallbackLookup object to use to locate elements
|
WSSConfig |
getWssConfig() |
List<WSSecurityEngineResult> |
processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto crypto)
Process the security header given the soap envelope as W3C document.
|
List<WSSecurityEngineResult> |
processSecurityHeader(Document doc,
String actor,
CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the soap envelope as W3C document.
|
List<WSSecurityEngineResult> |
processSecurityHeader(Element securityHeader,
CallbackHandler cb,
Crypto sigCrypto,
Crypto decCrypto)
Process the security header given the
wsse:Security DOM
Element. |
List<WSSecurityEngineResult> |
processSecurityHeader(Element securityHeader,
RequestData requestData)
Process the security header given the
wsse:Security DOM
Element. |
void |
setCallbackLookup(CallbackLookup callbackLookup)
Set the CallbackLookup object to use to locate elements
|
WSSConfig |
setWssConfig(WSSConfig cfg) |
public static final QName BINARY_TOKEN
wsse:BinarySecurityToken
as defined by WS Security specificationpublic static final QName USERNAME_TOKEN
wsse:UsernameToken
as defined by WS Security specificationpublic static final QName TIMESTAMP
wsu:Timestamp
as defined by OASIS WS Security specification,public static final QName SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation
as defined by OASIS WS Security specification,public static final QName SIGNATURE
ds:Signature
as defined by XML Signature specification,
enhanced by WS Security specificationpublic static final QName ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification,
enhanced by WS Security specificationpublic static final QName ENCRYPTED_DATA
xenc:EncryptedData
as defined by XML Encryption specification,
enhanced by WS Security specificationpublic static final QName REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification,public static final QName SAML_TOKEN
saml:Assertion
as defined by SAML v1.1 specificationpublic static final QName SAML2_TOKEN
saml:Assertion
as defined by SAML v2.0 specificationpublic static final QName ENCRYPTED_ASSERTION
saml:EncryptedAssertion
as defined by SAML v2.0 specificationpublic static final QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken
as defined by WS-SecureConversation specificationpublic static final QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken
as defined by WS-SecureConversation specificationpublic static final QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SXpublic static final QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in
WS-SXpublic final WSSConfig getWssConfig()
public final WSSConfig setWssConfig(WSSConfig cfg)
cfg
- the WSSConfig instance for this WSSecurityEngine to usepublic void setCallbackLookup(CallbackLookup callbackLookup)
callbackLookup
- the CallbackLookup object to use to locate elementspublic CallbackLookup getCallbackLookup()
public List<WSSecurityEngineResult> processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto) throws WSSecurityException
wsse:Security
is available with the
defined actor.doc
- the SOAP envelope as Document
actor
- the engine works on behalf of this actor
. Refer
to the SOAP specification about actor
or role
cb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken handlingcrypto
- the object that implements the access to the keystore and the
handling of certificates.WSSecurityException
processSecurityHeader(Element securityHeader, CallbackHandler cb,
Crypto sigCrypto, Crypto decCrypto)
public List<WSSecurityEngineResult> processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
wsse:Security
is available with the
defined actor.doc
- the SOAP envelope as Document
actor
- the engine works on behalf of this actor
. Refer
to the SOAP specification about actor
or role
cb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken handlingsigCrypto
- the object that implements the access to the keystore and the
handling of certificates for SignaturedecCrypto
- the object that implements the access to the keystore and the
handling of certificates for DecryptionWSSecurityException
processSecurityHeader(
Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
wsse:Security
DOM
Element.
This function loops over all direct child elements of the
wsse:Security
header. If it finds a known element, it
transfers control to the appropriate handling function. The method
processes the known child elements in the same order as they appear in
the wsse:Security
element. This is in accordance to the WS
Security specification.
Currently the functions can handle the following child elements:
Note that additional child elements can be processed if appropriate
Processors have been registered with the WSSCondig instance set
on this class.securityHeader
- the wsse:Security
header elementcb
- a callback hander to the caller to resolve passwords during
encryption and UsernameToken handlingsigCrypto
- the object that implements the access to the keystore and the
handling of certificates used for SignaturedecCrypto
- the object that implements the access to the keystore and the
handling of certificates used for DecryptionWSSecurityEngineResult
. Each element in the
the List represents the result of a security action. The elements
are ordered according to the sequence of the security actions in the
wsse:Signature header. The List may be empty if no security processing
was performed.WSSecurityException
public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader, RequestData requestData) throws WSSecurityException
wsse:Security
DOM
Element.
This function loops over all direct child elements of the
wsse:Security
header. If it finds a known element, it
transfers control to the appropriate handling function. The method
processes the known child elements in the same order as they appear in
the wsse:Security
element. This is in accordance to the WS
Security specification.
Currently the functions can handle the following child elements:
Note that additional child elements can be processed if appropriate
Processors have been registered with the WSSCondig instance set
on this class.securityHeader
- the wsse:Security
header elementrequestData
- the RequestData associated with the request. It should
be able to provide the callback handler, cryptos, etc...
as needed by the processingWSSecurityEngineResult
. Each element in the
the List represents the result of a security action. The elements
are ordered according to the sequence of the security actions in the
wsse:Signature header. The List may be empty if no security processing
was performed.WSSecurityException
Copyright © 2018 JBoss by Red Hat. All rights reserved.