public final class WSHandlerConstants extends Object
Modifier and Type | Field and Description |
---|---|
static String |
ACTION
The action parameter.
|
static String |
ACTOR
The actor or role name of the
wsse:Security header. |
static String |
ADD_UT_ELEMENTS
Parameter to generate additional elements (nonce and created) in a
UsernameToken . |
static String |
ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
This variable controls whether (wsse) namespace qualified password types are
accepted when processing UsernameTokens.
|
static String |
ALLOW_USERNAMETOKEN_NOPASSWORD
This variable controls whether a UsernameToken with no password element is allowed.
|
static String |
DEC_PROP_FILE
The path of the crypto property file to use for Decryption.
|
static String |
DEC_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the decryption Crypto implementation.
|
static String |
DERIVED_KEY_ITERATIONS
This parameter sets the number of iterations to use when deriving a key
from a Username Token.
|
static String |
ENABLE_REVOCATION
This variable controls whether to enable Certificate Revocation List (CRL) checking
or not when verifying trust in a certificate.
|
static String |
ENABLE_SIGNATURE_CONFIRMATION
Whether to enable signatureConfirmation or not.
|
static String |
ENC_CALLBACK_CLASS
This tag refers to the CallbackHandler implementation class used to get the key
associated with a key name.
|
static String |
ENC_CALLBACK_REF
This tag refers to the CallbackHandler implementation object used to get the key
associated with a key name.
|
static String |
ENC_DIGEST_ALGO
Defines which encryption digest algorithm to use with the RSA OAEP Key Transport
algorithm for encryption.
|
static String |
ENC_KEY_ID
Defines which key identifier type to use for encryption.
|
static String |
ENC_KEY_NAME
Text of the embedded key name to be sent in the KeyInfo for encryption.
|
static String |
ENC_KEY_TRANSPORT
Defines which algorithm to use to encrypt the generated symmetric key.
|
static String |
ENC_PROP_FILE
The path of the crypto property file to use for Encryption.
|
static String |
ENC_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the encryption Crypto implementation.
|
static String |
ENC_SYM_ALGO
Defines which symmetric encryption algorithm to use.
|
static String |
ENC_SYM_ENC_KEY
Defines whether to encrypt the symmetric encryption key or not.
|
static String |
ENCRYPT
Perform an Encryption action.
|
static String |
ENCRYPTION_PARTS
Parameter to define which parts of the request shall be encrypted.
|
static String |
ENCRYPTION_USER
The user's name for encryption.
|
static String |
HANDLE_CUSTOM_PASSWORD_TYPES
This variable controls whether types other than PasswordDigest or PasswordText
are allowed when processing UsernameTokens.
|
static String |
IS_BSP_COMPLIANT
Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.
|
static String |
MUST_UNDERSTAND
Whether to set the mustUnderstand flag on an outbound message or not.
|
static String |
NO_SECURITY
Perform no action.
|
static String |
PASSWORD_TYPE
Specific parameter for UsernameToken action to define the encoding
of the password.
|
static String |
PASSWORD_TYPE_STRICT
Set the value of this parameter to true to enable strict Username Token password type
handling.
|
static String |
PW_CALLBACK_CLASS
This tag refers to the CallbackHandler implementation class used to obtain passwords.
|
static String |
PW_CALLBACK_REF
This tag refers to the CallbackHandler implementation object used to obtain
passwords.
|
static String |
RECV_RESULTS
The WSHandler stores a result
List in this property. |
static String |
REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS
Whether the engine needs to enforce EncryptedData elements are
in a signed subtree of the document.
|
static String |
SAML_CALLBACK_CLASS
This tag refers to the SAML CallbackHandler implementation class used to construct
SAML Assertions.
|
static String |
SAML_CALLBACK_REF
This tag refers to the SAML CallbackHandler implementation object used to construct
SAML Assertions.
|
static String |
SAML_PROP_FILE
The name of the SAML Issuer factory property file.
|
static String |
SAML_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the SAML Issuer configuration.
|
static String |
SAML_TOKEN_SIGNED
Perform a signed SAML Token action.
|
static String |
SAML_TOKEN_UNSIGNED
Perform an unsigned SAML Token action.
|
static String |
SEND_SIGV
internally used property names to store values inside the message context
that must have the same lifetime as a message (request/response model).
|
static String |
SIG_ALGO
Defines which signature algorithm to use.
|
static String |
SIG_C14N_ALGO
Defines which signature c14n (canonicalization) algorithm to use.
|
static String |
SIG_CONF_DONE |
static String |
SIG_DIGEST_ALGO
Defines which signature digest algorithm to use.
|
static String |
SIG_KEY_ID
Defines which key identifier type to use for signature.
|
static String |
SIG_PROP_FILE
The path of the crypto property file to use for Signature.
|
static String |
SIG_PROP_REF_ID
The key that holds a reference to the object holding complete information about
the signature Crypto implementation.
|
static String |
SIG_SUBJECT_CERT_CONSTRAINTS
This configuration tag is a comma separated String of regular expressions which
will be applied to the subject DN of the certificate used for signature
validation, after trust verification of the certificate chain associated with the
certificate.
|
static String |
SIGN_WITH_UT_KEY
Use this to use a specific signature mechanism for .Net.
|
static String |
SIGNATURE
Perform a Signature action.
|
static String |
SIGNATURE_PARTS
Parameter to define which parts of the request shall be signed.
|
static String |
SIGNATURE_USER
The user's name for signature.
|
static String |
TIMESTAMP
Add a timestamp to the security header.
|
static String |
TIMESTAMP_PRECISION
Set whether Timestamps have precision in milliseconds.
|
static String |
TIMESTAMP_STRICT
Set the value of this parameter to true to enable strict timestamp
handling.
|
static String |
TTL_FUTURE_TIMESTAMP
This configuration tag specifies the time in seconds in the future within which
the Created time of an incoming Timestamp is valid.
|
static String |
TTL_FUTURE_USERNAMETOKEN
This configuration tag specifies the time in seconds in the future within which
the Created time of an incoming UsernameToken is valid.
|
static String |
TTL_TIMESTAMP
Time-To-Live is the time difference between creation and expiry time in
seconds in the WSS Timestamp.
|
static String |
TTL_USERNAMETOKEN
Time-To-Live is the time difference between creation and expiry time in
seconds of the UsernameToken Created value.
|
static String |
USE_DERIVED_KEY
This parameter sets whether to use UsernameToken Key Derivation, as defined
in the UsernameTokenProfile 1.1 specification.
|
static String |
USE_DERIVED_KEY_FOR_MAC
This parameter sets whether to use the Username Token derived key for a MAC
or not.
|
static String |
USE_ENCODED_PASSWORDS
Set the value of this parameter to true to treat passwords as binary values
for Username Tokens.
|
static String |
USE_REQ_SIG_CERT
Specifying this name as
ENCRYPTION_USER
triggers a special action to get the public key to use for encryption. |
static String |
USE_SINGLE_CERTIFICATE
This parameter sets whether to use a single certificate or a whole certificate
chain when constructing a BinarySecurityToken used for direct reference in
signature.
|
static String |
USER
The user's name.
|
static String |
USERNAME_TOKEN
Perform a UsernameToken action.
|
static String |
USERNAME_TOKEN_NO_PASSWORD
Perform a UsernameToken action with no password.
|
static String |
WSE_SECRET_KEY_LENGTH
This parameter sets the length of the secret (derived) key to use for the
WSE UT_SIGN functionality.
|
Modifier and Type | Method and Description |
---|---|
static Integer |
getKeyIdentifier(String parameter)
Get the key identifier type corresponding to the parameter.
|
public static final String ACTION
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
public static final String NO_SECURITY
public static final String USERNAME_TOKEN
public static final String USERNAME_TOKEN_NO_PASSWORD
public static final String SAML_TOKEN_UNSIGNED
public static final String SAML_TOKEN_SIGNED
public static final String SIGNATURE
public static final String ENCRYPT
public static final String TIMESTAMP
public static final String SIGN_WITH_UT_KEY
public static final String ACTOR
wsse:Security
header. If this parameter
is omitted, the actor name is not set.
The value of the actor or role has to match the receiver's setting or may contain standard values.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ACTOR, "ActorName");
public static final String USER
UsernameToken
.
SIGNATURE_USER
is not used.
ENCRYPTION_USER
is not used.
public static final String ENCRYPTION_USER
If this parameter is not set, then the encryption
function falls back to the USER
parameter to get the
certificate.
If only encryption of the SOAP body data is requested, it is recommended to use this parameter to define the username.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENCRYPTION_USER, "encryptionUser");
public static final String SIGNATURE_USER
If this parameter is not set, then the signature
function falls back to the USER
parameter.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.SIGNATURE_USER, "signatureUser");
public static final String USE_REQ_SIG_CERT
ENCRYPTION_USER
triggers a special action to get the public key to use for encryption.
The handler uses the public key of the sender's certificate. Using this way to define an encryption key simplifies certificate management to a large extent.
public static final String PW_CALLBACK_CLASS
CallbackHandler
instance.
The callback function
CallbackHandler.handle(
javax.security.auth.callback.Callback[])
gets an array of
WSPasswordCallback
objects. Only the first entry of the
array is used. This object contains the username/keyname as identifier. The callback
handler must set the password or key associated with this identifier before it returns.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "PWCallbackClass");
public static final String PW_CALLBACK_REF
CallbackHandler
instance.
Refer to PW_CALLBACK_CLASS
for further information about password callback
handling.public static final String SAML_CALLBACK_CLASS
CallbackHandler
instance.public static final String SAML_CALLBACK_REF
CallbackHandler
instance.public static final String ENC_CALLBACK_CLASS
CallbackHandler
instance.public static final String ENC_CALLBACK_REF
CallbackHandler
instance.public static final String SIG_PROP_FILE
To locate the implementation of the
Crypto
interface implementation the property file must contain the property
org.apache.ws.security.crypto.provider
. The value of
this property is the classname of the implementation class.
The following line defines the standard implementation:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.MerlinThe other contents of the property file depend on the implementation of the
Crypto
interface. Please see the WSS4J website for more information on the Merlin property
tags and values.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.SIG_PROP_FILE, "myCrypto.properties");
public static final String SIG_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of SIG_PROP_FILE
.public static final String DEC_PROP_FILE
SIG_PROP_FILE
for more information about the contents of the Properties file.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.DEC_PROP_FILE, "myCrypto.properties");
public static final String DEC_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of DEC_PROP_FILE
.public static final String ENC_PROP_FILE
SIG_PROP_FILE
for more information about the contents of the Properties file.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_PROP_FILE, "myCrypto.properties");
public static final String ENC_PROP_REF_ID
java.util.Properties
file, which should contain all information that
would contain in an equivalent properties file which includes the Crypto implementation
class name.
Refer to documentation of ENC_PROP_FILE
.public static final String SAML_PROP_FILE
public static final String SAML_PROP_REF_ID
java.util.Properties
Object.
Refer to documentation of SAML_PROP_FILE
.public static final String ENABLE_SIGNATURE_CONFIRMATION
public static final String MUST_UNDERSTAND
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");
public static final String IS_BSP_COMPLIANT
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
public static final String HANDLE_CUSTOM_PASSWORD_TYPES
public static final String ALLOW_USERNAMETOKEN_NOPASSWORD
public static final String PASSWORD_TYPE_STRICT
public static final String ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES
public static final String ENABLE_REVOCATION
public static final String USE_ENCODED_PASSWORDS
public static final String USE_SINGLE_CERTIFICATE
public static final String USE_DERIVED_KEY
public static final String USE_DERIVED_KEY_FOR_MAC
public static final String TIMESTAMP_PRECISION
public static final String TIMESTAMP_STRICT
Expires
element and the semantics of the request are
expired, i.e. the current time at the receiver is past the expires time.public static final String ENC_SYM_ENC_KEY
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_SYM_ENC_KEY, "false");
public static final String REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS
public static final String ENC_KEY_NAME
public static final String PASSWORD_TYPE
The parameter can be set to either WSConstants.PW_DIGEST
or to WSConstants.PW_TEXT
.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);The default setting is PW_DIGEST.
public static final String ADD_UT_ELEMENTS
UsernameToken
.
The value of this parameter is a list of element names that are added to the UsernameToken. The names of the list a separated by spaces.
The list may contain the names nonce
and
created
only. Use this option if the password type is
passwordText
and the handler shall add the Nonce
and/or Created
elements.
public static final String SIG_KEY_ID
IssuerSerial
. For possible signature
key identifier types refer to getKeyIdentifier(String)
.
For signature IssuerSerial
, DirectReference
,
X509KeyIdentifier
, Thumbprint
, SKIKeyIdentifier
and KeyValue
are valid only.
The default is IssuerSerial
.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
public static final String SIG_ALGO
The application may set this parameter using the following method:
call.setProperty( WSHandlerConstants.SIG_ALGO, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" );
public static final String SIG_DIGEST_ALGO
The application may set this parameter using the following method:
call.setProperty( WSHandlerConstants.SIG_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256" );
public static final String SIG_C14N_ALGO
public static final String SIGNATURE_PARTS
Refer to ENCRYPTION_PARTS
for a detailed description of
the format of the value string.
If this parameter is not specified the handler signs the SOAP Body by default, i.e.:
<parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;" />To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If there is no other element in the request with a local name of
Body
then the SOAP namespace identifier can be empty
({}
).
public static final String WSE_SECRET_KEY_LENGTH
public static final String DERIVED_KEY_ITERATIONS
public static final String ENC_KEY_ID
IssuerSerial
. For
possible encryption key identifier types refer to
getKeyIdentifier(String)
. For encryption IssuerSerial
,
DirectReference
, X509KeyIdentifier
,
Thumbprint
, SKIKeyIdentifier
, EncryptedKeySHA1
and EmbeddedKeyName
are valid only.
The default is IssuerSerial
.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_KEY_ID, "X509KeyIdentifier");
public static final String ENC_SYM_ALGO
WSConstants.TRIPLE_DES
,
WSConstants.AES_128
, WSConstants.AES_256
,
and WSConstants.AES_192
. Except for AES 192 all of these
algorithms are required by the XML Encryption specification.
The default algorithm is:
"http://www.w3.org/2001/04/xmlenc#aes128-cbc"
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_SYM_ALGO, WSConstants.AES_256);
public static final String ENC_KEY_TRANSPORT
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_KEY_TRANSPORT, WSConstants.KEYTRANSPORT_RSA15);
public static final String ENCRYPTION_PARTS
The value of this parameter is a list of semi-colon separated element names that identify the elements to encrypt. An encryption mode specifier and a namespace identification, each inside a pair of curly brackets, may preceed each element name.
The encryption mode specifier is either {Content}
or
{Element}
. Please refer to the W3C XML Encryption
specification about the differences between Element and Content
encryption. The encryption mode defaults to Content
if it is omitted. Example of a list:
<parameter name="encryptionParts" value="{Content}{http://example.org/paymentv2}CreditCard; {Element}{}UserName" />The the first entry of the list identifies the element
CreditCard
in the namespace
http://example.org/paymentv2
, and will encrypt its content.
Be aware that the element name, the namespace identifier, and the
encryption modifier are case sensitive.
The encryption modifier and the namespace identifier can be ommited.
In this case the encryption mode defaults to Content
and
the namespace is set to the SOAP namespace.
An empty encryption mode defaults to Content
, an empty
namespace identifier defaults to the SOAP namespace.
The second line of the example defines Element
as
encryption mode for an UserName
element in the SOAP
namespace.
To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If no list is specified, the handler encrypts the SOAP Body in
Content
mode by default.
public static final String ENC_DIGEST_ALGO
The application may set this parameter using the following method:
call.setProperty( WSHandlerConstants.ENC_DIGEST_ALGO, "http://www.w3.org/2001/04/xmlenc#sha256" );
public static final String TTL_USERNAMETOKEN
If this parameter is not defined, contains a value less or equal zero, or an illegal format the handlers use a default TTL of 300 seconds (5 minutes).
public static final String TTL_FUTURE_USERNAMETOKEN
public static final String SIG_SUBJECT_CERT_CONSTRAINTS
public static final String TTL_TIMESTAMP
If this parameter is not defined, contains a value less or equal zero, or an illegal format the handlers use a default TTL of 300 seconds (5 minutes).
public static final String TTL_FUTURE_TIMESTAMP
public static final String RECV_RESULTS
List
in this property.public static final String SEND_SIGV
public static final String SIG_CONF_DONE
public static Integer getKeyIdentifier(String parameter)
parameter
- Copyright © 2018 JBoss by Red Hat. All rights reserved.