public class PicketLinkSTSConfiguration extends Object implements STSConfiguration
Standard JBoss STS configuration implementation.
Constructor and Description |
---|
PicketLinkSTSConfiguration()
Creates an instance of
PicketLinkSTSConfiguration with default configuration values. |
PicketLinkSTSConfiguration(STSType config)
Creates an instance of
PicketLinkSTSConfiguration with the specified configuration. |
Modifier and Type | Method and Description |
---|---|
void |
addTokenProvider(String key,
SecurityTokenProvider provider)
Allows you to add a token provider to handle a particular namespace
|
void |
copy(STSCoreConfig thatConfig) |
boolean |
encryptIssuedToken()
Indicates whether the issued token should be encrypted or not.
|
Certificate |
getCertificate(String alias)
Obtains the certificate identified by the specified alias.
|
ClaimsProcessor |
getClaimsProcessor(String claimsDialect)
Obtains the
ClaimsProcessor that must be used to handle claims of the specified dialect. |
long |
getIssuedTokenTimeout()
Obtains the timeout value (in milliseconds) for issued tokens.
|
SecurityTokenProvider |
getProviderForService(String serviceName)
Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of
that
service.
|
SecurityTokenProvider |
getProviderForTokenElementNS(String family,
QName tokenQName)
Obtains the token provider that can handle tokens that have the specified local name and namespace.
|
SecurityTokenProvider |
getProviderForTokenType(String tokenType)
Given a token type, obtains the token provider that should be used to handle token requests of that type.
|
List<SecurityTokenProvider> |
getProvidersByFamily(String familyName)
Get a list of
SecurityTokenProvider that belong to a family |
WSTrustRequestHandler |
getRequestHandler()
Obtains the WS-Trust request handler class.
|
X509Certificate |
getServiceProviderCertificate(String serviceName)
Obtains the certificate of the specified service provider.
|
PublicKey |
getServiceProviderPublicKey(String serviceName)
Obtains the public key of the specified service provider.
|
String |
getSigningCertificateAlias() |
KeyPair |
getSTSKeyPair()
Obtains a reference to the
KeyPair object that contains the STS PrivateKey and PublicKey . |
String |
getSTSName()
Obtains the unique name of the secure token service.
|
List<SecurityTokenProvider> |
getTokenProviders()
Get an unmodifiable list of token providers
|
String |
getTokenTypeForService(String serviceName)
Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to
clients of
that service.
|
String |
getXMLDSigCanonicalizationMethod()
Returns the configured canonicalization method.
|
void |
removeTokenProvider(String key)
Remove a token provider with the passed key
|
void |
setSigningCertificateAlias(String alias) |
boolean |
signIssuedToken()
Indicates whether the issued token should be digitally signed or not.
|
String |
toString() |
public PicketLinkSTSConfiguration()
Creates an instance of PicketLinkSTSConfiguration
with default configuration values.
public PicketLinkSTSConfiguration(STSType config)
Creates an instance of PicketLinkSTSConfiguration
with the specified configuration.
config
- a reference to the object that holds the configuration of the STS.public String getSTSName()
STSCoreConfig
Obtains the unique name of the secure token service.
getSTSName
in interface STSCoreConfig
String
representing the STS name.public boolean encryptIssuedToken()
STSCoreConfig
Indicates whether the issued token should be encrypted or not.
encryptIssuedToken
in interface STSCoreConfig
true
if the issued token is to be encrypted; false
otherwise.public boolean signIssuedToken()
STSCoreConfig
Indicates whether the issued token should be digitally signed or not.
signIssuedToken
in interface STSCoreConfig
true
if the issued token is to be signed; false
otherwise.public long getIssuedTokenTimeout()
STSCoreConfig
Obtains the timeout value (in milliseconds) for issued tokens.
getIssuedTokenTimeout
in interface STSCoreConfig
public WSTrustRequestHandler getRequestHandler()
STSConfiguration
Obtains the WS-Trust request handler class.
getRequestHandler
in interface STSConfiguration
WSTrustRequestHandler
.public SecurityTokenProvider getProviderForService(String serviceName)
STSCoreConfig
Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of
that
service. When requesting a token to the STS, a client can specify the service it needs the token for using the
AppliesTo
element. Based on the service provider name, the STS identifies the type of the token that is
to be
issued and then selects the appropriate token provider to handle the request.
getProviderForService
in interface STSCoreConfig
serviceName
- the name of the service provider that requires a token from its clients.SecurityTokenProvider
that must be used in order to issue tokens to clients
of
the
specified service.public SecurityTokenProvider getProviderForTokenType(String tokenType)
STSCoreConfig
Given a token type, obtains the token provider that should be used to handle token requests of that type. When a
client
doesn't specify the service provider name through the AppliesTo
element, it must specify the token type
through
the TokenType
element. The STS uses the supplied type to select the appropriate token provider.
getProviderForTokenType
in interface STSCoreConfig
tokenType
- a String
representing the type of the token.SecurityTokenProvider
that must be used to handle token requests of the
specified
type.public SecurityTokenProvider getProviderForTokenElementNS(String family, QName tokenQName)
STSCoreConfig
Obtains the token provider that can handle tokens that have the specified local name and namespace. When a
validate,
renew, or cancel request is made, the token type is not set in the WS-Trust request. In these cases the
SecurityTokenProvider
must be determined using the security token itself.
getProviderForTokenElementNS
in interface STSCoreConfig
family
- a String
representing the familytokenQName
- a QName
representing the token element namespace. (e.g.
urn:oasis:names:tc:SAML:2.0:assertion
).SecurityTokenProvider
that must be used to handle the request that contains
only the
security token.STSCoreConfig.getProviderForTokenElementNS(java.lang.String,
javax.xml.namespace.QName)
public ClaimsProcessor getClaimsProcessor(String claimsDialect)
STSConfiguration
Obtains the ClaimsProcessor
that must be used to handle claims of the specified dialect.
getClaimsProcessor
in interface STSConfiguration
claimsDialect
- a String
representing the claims dialect (usually a URL).ClaimsProcessor
to be used, or null
if no processor could be found for the dialect.public String getTokenTypeForService(String serviceName)
STSCoreConfig
Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to clients of that service.
getTokenTypeForService
in interface STSCoreConfig
serviceName
- the name of the service provider that requires a token from its clients.String
representing the type of the token that suits the specified service.public PublicKey getServiceProviderPublicKey(String serviceName)
STSCoreConfig
Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens.
getServiceProviderPublicKey
in interface STSCoreConfig
serviceName
- the name of the service provider (normally the provider URL).PublicKey
public X509Certificate getServiceProviderCertificate(String serviceName)
STSCoreConfig
Obtains the certificate of the specified service provider. The returned certificate is used to encrypt issued tokens.
getServiceProviderCertificate
in interface STSCoreConfig
serviceName
- the name of the service provider (normally the provider URL).PublicKey
public KeyPair getSTSKeyPair()
STSCoreConfig
Obtains a reference to the KeyPair
object that contains the STS PrivateKey
and PublicKey
.
getSTSKeyPair
in interface STSCoreConfig
KeyPair
.public Certificate getCertificate(String alias)
STSCoreConfig
Obtains the certificate identified by the specified alias.
getCertificate
in interface STSCoreConfig
alias
- the alias associated with the certificate in the keystore.Certificate
obtained from the keystore, or null
if no certificate was found.public String getXMLDSigCanonicalizationMethod()
STSConfiguration
Returns the configured canonicalization method.
NOTE: Defaults to javax.xml.crypto.dsig.CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS
getXMLDSigCanonicalizationMethod
in interface STSConfiguration
STSConfiguration.getXMLDSigCanonicalizationMethod()
public void addTokenProvider(String key, SecurityTokenProvider provider)
STSCoreConfig
addTokenProvider
in interface STSCoreConfig
STSCoreConfig#addTokenProvider(String, SecurityTokenProvider)}
public void removeTokenProvider(String key)
STSCoreConfig
removeTokenProvider
in interface STSCoreConfig
STSCoreConfig#removeTokenProvider(String)}
public List<SecurityTokenProvider> getTokenProviders()
STSCoreConfig
getTokenProviders
in interface STSCoreConfig
STSCoreConfig.getTokenProviders()
public List<SecurityTokenProvider> getProvidersByFamily(String familyName)
STSCoreConfig
SecurityTokenProvider
that belong to a familygetProvidersByFamily
in interface STSCoreConfig
STSCoreConfig.getProvidersByFamily(java.lang.String)
public String getSigningCertificateAlias()
getSigningCertificateAlias
in interface STSCoreConfig
public void setSigningCertificateAlias(String alias)
public void copy(STSCoreConfig thatConfig)
copy
in interface STSCoreConfig
STSCoreConfig.copy(org.picketlink.identity.federation.core.sts.STSCoreConfig)
Copyright © 2017 JBoss by Red Hat. All rights reserved.