org.apache.ws.security

Class WSSecurityEngine

java.lang.Object

org.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine
extends Object

WS-Security Engine.

Author:

Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

Field Summary

Fields

Modifier and Type	Field and Description
static QName	BINARY_TOKEN wsse:BinarySecurityToken as defined by WS Security specification
static QName	DERIVED_KEY_TOKEN_05_02 wsc:DerivedKeyToken as defined by WS-SecureConversation specification
static QName	DERIVED_KEY_TOKEN_05_12 wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
static QName	ENCRYPTED_ASSERTION saml:EncryptedAssertion as defined by SAML v2.0 specification
static QName	ENCRYPTED_DATA xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification
static QName	ENCRYPTED_KEY xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
static QName	REFERENCE_LIST xenc:ReferenceList as defined by XML Encryption specification,
static QName	SAML_TOKEN saml:Assertion as defined by SAML v1.1 specification
static QName	SAML2_TOKEN saml:Assertion as defined by SAML v2.0 specification
static QName	SECURITY_CONTEXT_TOKEN_05_02 wsc:SecurityContextToken as defined by WS-SecureConversation specification
static QName	SECURITY_CONTEXT_TOKEN_05_12 wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
static QName	SIGNATURE ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
static QName	SIGNATURE_CONFIRMATION wsse11:signatureConfirmation as defined by OASIS WS Security specification,
static QName	TIMESTAMP wsu:Timestamp as defined by OASIS WS Security specification,
static QName	USERNAME_TOKEN wsse:UsernameToken as defined by WS Security specification

Constructor Summary

Constructors

Constructor and Description
WSSecurityEngine()

Method Summary

Methods

Modifier and Type	Method and Description
CallbackLookup	getCallbackLookup() Get the CallbackLookup object to use to locate elements
WSSConfig	getWssConfig()
List<WSSecurityEngineResult>	processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto) Process the security header given the soap envelope as W3C document.
List<WSSecurityEngineResult>	processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given the soap envelope as W3C document.
List<WSSecurityEngineResult>	processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given the wsse:Security DOM Element.
List<WSSecurityEngineResult>	processSecurityHeader(Element securityHeader, RequestData requestData) Process the security header given the wsse:Security DOM Element.
void	setCallbackLookup(CallbackLookup callbackLookup) Set the CallbackLookup object to use to locate elements
WSSConfig	setWssConfig(WSSConfig cfg)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BINARY_TOKEN

public static final QName BINARY_TOKEN

wsse:BinarySecurityToken as defined by WS Security specification

USERNAME_TOKEN

public static final QName USERNAME_TOKEN

wsse:UsernameToken as defined by WS Security specification

TIMESTAMP

public static final QName TIMESTAMP

wsu:Timestamp as defined by OASIS WS Security specification,

SIGNATURE_CONFIRMATION

public static final QName SIGNATURE_CONFIRMATION

wsse11:signatureConfirmation as defined by OASIS WS Security specification,

SIGNATURE

public static final QName SIGNATURE

ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

ENCRYPTED_KEY

public static final QName ENCRYPTED_KEY

xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

ENCRYPTED_DATA

public static final QName ENCRYPTED_DATA

xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification

REFERENCE_LIST

public static final QName REFERENCE_LIST

xenc:ReferenceList as defined by XML Encryption specification,

SAML_TOKEN

public static final QName SAML_TOKEN

saml:Assertion as defined by SAML v1.1 specification

SAML2_TOKEN

public static final QName SAML2_TOKEN

saml:Assertion as defined by SAML v2.0 specification

ENCRYPTED_ASSERTION

public static final QName ENCRYPTED_ASSERTION

saml:EncryptedAssertion as defined by SAML v2.0 specification

DERIVED_KEY_TOKEN_05_02

public static final QName DERIVED_KEY_TOKEN_05_02

wsc:DerivedKeyToken as defined by WS-SecureConversation specification

SECURITY_CONTEXT_TOKEN_05_02

public static final QName SECURITY_CONTEXT_TOKEN_05_02

wsc:SecurityContextToken as defined by WS-SecureConversation specification

DERIVED_KEY_TOKEN_05_12

public static final QName DERIVED_KEY_TOKEN_05_12

wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

SECURITY_CONTEXT_TOKEN_05_12

public static final QName SECURITY_CONTEXT_TOKEN_05_12

wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

Constructor Detail

WSSecurityEngine

public WSSecurityEngine()

Method Detail

getWssConfig

public final WSSConfig getWssConfig()

Returns:

the WSSConfig object set on this instance

setWssConfig

public final WSSConfig setWssConfig(WSSConfig cfg)

Parameters:

cfg - the WSSConfig instance for this WSSecurityEngine to use

Returns:

the WSSConfig instance previously set on this WSSecurityEngine instance

setCallbackLookup

public void setCallbackLookup(CallbackLookup callbackLookup)

Set the CallbackLookup object to use to locate elements

Parameters:

callbackLookup - the CallbackLookup object to use to locate elements

getCallbackLookup

public CallbackLookup getCallbackLookup()

Get the CallbackLookup object to use to locate elements

Returns:

the CallbackLookup object to use to locate elements

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Document doc,
                                                 String actor,
                                                 CallbackHandler cb,
                                                 Crypto crypto)
                                                   throws WSSecurityException

Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:

doc - the SOAP envelope as Document

actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role

cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling

crypto - the object that implements the access to the keystore and the handling of certificates.

Returns:

a result list

Throws:

WSSecurityException

See Also:

processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Document doc,
                                                 String actor,
                                                 CallbackHandler cb,
                                                 Crypto sigCrypto,
                                                 Crypto decCrypto)
                                                   throws WSSecurityException

Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:

doc - the SOAP envelope as Document

actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role

cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling

sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature

decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption

Returns:

a result list

Throws:

WSSecurityException

See Also:

processSecurityHeader( Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader,
                                                 CallbackHandler cb,
                                                 Crypto sigCrypto,
                                                 Crypto decCrypto)
                                                   throws WSSecurityException

Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

• ds:Signature
• xenc:EncryptedKey
• xenc:ReferenceList
• wsse:UsernameToken
• wsu:Timestamp

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:

securityHeader - the wsse:Security header element

cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling

sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature

decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption

Returns:

a List of WSSecurityEngineResult. Each element in the the List represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The List may be empty if no security processing was performed.

Throws:

WSSecurityException

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader,
                                                 RequestData requestData)
                                                   throws WSSecurityException

Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

• ds:Signature
• xenc:EncryptedKey
• xenc:ReferenceList
• wsse:UsernameToken
• wsu:Timestamp

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:

securityHeader - the wsse:Security header element

requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing

Returns:

a List of WSSecurityEngineResult. Each element in the the List represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The List may be empty if no security processing was performed.

Throws:

WSSecurityException