org.apache.cxf.ws.security.trust

Class STSTokenValidator

java.lang.Object

org.apache.cxf.ws.security.trust.STSTokenValidator

All Implemented Interfaces:

Validator

public class STSTokenValidator
extends Object
implements Validator

A WSS4J-based Validator to validate a received WS-Security credential by dispatching it to a STS via WS-Trust. The default binding is "validate", but "issue" is also possible by setting the "useIssueBinding" property. In this case, the credentials are sent via "OnBehalfOf" unless the "useOnBehalfOf" property is set to "false", in which case the credentials are used depending on the security policy of the STS endpoint (e.g. in a UsernameToken if this is what the policy requires). Setting "useOnBehalfOf" to "false" + "useIssueBinding" to "true" only works for validating UsernameTokens.

Constructor Summary

Constructors

Constructor and Description
STSTokenValidator()
STSTokenValidator(boolean alwaysValidateToSts) Construct a new instance.

Method Summary

Modifier and Type	Method and Description
STSClient	getStsClient()
TokenStore	getTokenStore()
boolean	isDisableCaching()
boolean	isUseIssueBinding()
boolean	isUseOnBehalfOf()
protected boolean	isValidatedLocally(Credential credential, RequestData data)
void	setDisableCaching(boolean disableCaching)
void	setStsClient(STSClient stsClient)
void	setTokenStore(TokenStore tokenStore)
void	setUseIssueBinding(boolean useIssueBinding)
void	setUseOnBehalfOf(boolean useOnBehalfOf)
Credential	validate(Credential credential, RequestData data) Validate the credential argument.
Credential	validateWithSTS(Credential credential, Message message)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

STSTokenValidator

public STSTokenValidator()

STSTokenValidator

public STSTokenValidator(boolean alwaysValidateToSts)

Construct a new instance.

Parameters:

alwaysValidateToSts - whether to always validate the token to the STS

Method Detail

validate

public Credential validate(Credential credential,
                           RequestData data)
                    throws WSSecurityException

Description copied from interface: Validator

Validate the credential argument. This method returns a Credential instance that represents the validated credential. This instance can be the same as the instance that was validated, or it can represent some transformation of the initial Credential instance.

Specified by:

validate in interface Validator

Parameters:

credential - the Credential to be validated

data - the RequestData associated with the request

Returns:

a validated Credential

Throws:

WSSecurityException - on a failed validation

validateWithSTS

public Credential validateWithSTS(Credential credential,
                                  Message message)
                           throws WSSecurityException

Throws:

WSSecurityException

isValidatedLocally

protected boolean isValidatedLocally(Credential credential,
                                     RequestData data)
                              throws WSSecurityException

Throws:

WSSecurityException

isUseIssueBinding

public boolean isUseIssueBinding()

setUseIssueBinding

public void setUseIssueBinding(boolean useIssueBinding)

isUseOnBehalfOf

public boolean isUseOnBehalfOf()

setUseOnBehalfOf

public void setUseOnBehalfOf(boolean useOnBehalfOf)

getStsClient

public STSClient getStsClient()

setStsClient

public void setStsClient(STSClient stsClient)

getTokenStore

public TokenStore getTokenStore()

setTokenStore

public void setTokenStore(TokenStore tokenStore)

isDisableCaching

public boolean isDisableCaching()

setDisableCaching

public void setDisableCaching(boolean disableCaching)