public abstract class STSSecurityHandler extends Object implements SOAPHandler<SOAPMessageContext>
getSecurityElementQName()
This should return the qualified name of the security header. This lets us
support
different versions.getTokenElementQName()
This should return the qualified name of the security token element that should
exist in
the security header. This lets us support different tokens that can be validated with the configured STS.
<?xml version="1.0" encoding="UTF-8"?>
<jws:handler-config xmlns:jws="http://java.sun.com/xml/ns/javaee">
<jws:handler-chains>
<jws:handler-chain>
<jws:handler>
<jws:handler-class>org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler</jws:handler-class>
</jws:handler>
</jws:handler-chain>
</jws:handler-chains>
</jws:handler-config>
This class uses STSClient
to interact with an STS. By default the configuration properties are set in a file
named
STSClientConfig.DEFAULT_CONFIG_FILE
. This can be overridden by specifying environment entries in a
deployment
descriptor.
For example in web.xml:
<env-entry>
<env-entry-name>STSClientConfig</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>/sts-client.properties</env-entry-value>
</env-entry>
Username and password for the STS can be configured as shown above in the sts-client.properties file. But it may
also
be
specified by a handler earlier in the handlerchain. Such a handler is expected to extract the username and password
for the
desired location and put these values into the SOAPMessageContext using: USERNAME_MSG_CONTEXT_PROPERTY
PASSWORD_MSG_CONTEXT_PROPERTY
Modifier and Type | Field and Description |
---|---|
protected static PicketLinkLogger |
logger |
static String |
PASSWORD_MSG_CONTEXT_PROPERTY
Constant that can be used by handlers to set the password in the SOAPMessageContext.
|
static String |
USERNAME_MSG_CONTEXT_PROPERTY
Constant that can be used by handlers to set the username in the SOAPMessageContext.
|
Constructor and Description |
---|
STSSecurityHandler() |
Modifier and Type | Method and Description |
---|---|
void |
close(MessageContext messageContext)
Called at the conclusion of a message exchange pattern just prior to
the JAX-WS runtime disptaching a message, fault or exception.
|
Set<QName> |
getHeaders()
Gets the header blocks that can be processed by this Handler
instance.
|
abstract QName |
getSecurityElementQName()
Subclasses can return the QName of the Security header element in usage.
|
abstract QName |
getTokenElementQName()
Subclasses can return the QName of the Security Element that should be used as the token for validation.
|
boolean |
handleFault(SOAPMessageContext messageContext)
The
handleFault method is invoked for fault message
processing. |
boolean |
handleMessage(SOAPMessageContext messageContext)
Will process in-bound messages and extract a security token from the SOAP Header.
|
void |
parseSTSConfig()
Post construct will be called when the handler is deployed.
|
void |
setConfigFile(String configFile)
This setter enables the injection of the jboss-sts-client.properties file path.
|
protected static final PicketLinkLogger logger
public static final String USERNAME_MSG_CONTEXT_PROPERTY
public static final String PASSWORD_MSG_CONTEXT_PROPERTY
public abstract QName getSecurityElementQName()
public abstract QName getTokenElementQName()
@PostConstruct public void parseSTSConfig()
WebServiceException
public boolean handleMessage(SOAPMessageContext messageContext)
handleMessage
in interface Handler<SOAPMessageContext>
messageContext
- The messageContext
.WebServiceException
- If the security token could not be validated.public Set<QName> getHeaders()
SOAPHandler
getHeaders
in interface SOAPHandler<SOAPMessageContext>
QNames
of header blocks processed by this
handler instance. QName
is the qualified
name of the outermost element of the Header block.public boolean handleFault(SOAPMessageContext messageContext)
Handler
handleFault
method is invoked for fault message
processing. Refer to the description of the handler
framework in the JAX-WS specification for full details.handleFault
in interface Handler<SOAPMessageContext>
messageContext
- the message contexttrue
to continue
processing.false
to block
processing.public void close(MessageContext messageContext)
Handler
close
in interface Handler<SOAPMessageContext>
messageContext
- the message contextpublic void setConfigFile(String configFile)
configFile
- Copyright © 2017 JBoss by Red Hat. All rights reserved.