org.apache.ws.security
Class WSSConfig

java.lang.Object
  extended by org.apache.ws.security.WSSConfig

public class WSSConfig
extends java.lang.Object

WSSConfig

Carries configuration data so the WSS4J spec compliance can be modified in runtime. Configure an instance of this object only if you need WSS4J to emulate certain industry clients or previous OASIS specifications for WS-Security interoperability testing purposes.

The default settings follow the latest OASIS and changing anything might violate the OASIS specs.

WARNING: changing the default settings will break the compliance with the latest specs. Do this only if you know what you are doing.

Author:
Rami Jaamour (rjaamour@parasoft.com), Werner Dittmann (werner@apache.org)

Field Summary
protected  boolean allowNamespaceQualifiedPasswordTypes
          This variable controls whether (wsse) namespace qualified password types are accepted when processing UsernameTokens.
static WsuIdAllocator DEFAULT_ID_ALLOCATOR
          The default wsu:Id allocator is a simple "start at 1 and increment up" thing that is very fast.
protected static WSSConfig defaultConfig
           
protected  boolean enableSignatureConfirmation
           
protected  boolean handleCustomPasswordTypes
          This variable controls whether types other than PasswordDigest or PasswordText are allowed when processing UsernameTokens.
protected  WsuIdAllocator idAllocator
           
protected  java.util.HashMap jceProvider
           
protected  boolean passwordsAreEncoded
          Whether the password should be treated as a binary value.
protected  boolean precisionInMilliSeconds
          Set the timestamp precision mode.
protected  int secretKeyLength
          The secret key length to be used for UT_SIGN.
protected  boolean timeStampStrict
          If set to true then the timestamp handling will throw an exception if the timestamp contains an expires element and the semantics are expired.
protected  boolean wsiBSPCompliant
           
 
Constructor Summary
protected WSSConfig()
           
 
Method Summary
 boolean addJceProvider(java.lang.String id, java.lang.String className)
          Add a new JCE security provider to use for WSS4J.
 Action getAction(int action)
          Lookup action
 boolean getAllowNamespaceQualifiedPasswordTypes()
           
static WSSConfig getDefaultWSConfig()
          returns a static WSConfig instance that is configured with the latest OASIS WS-Security settings.
 boolean getHandleCustomPasswordTypes()
           
 WsuIdAllocator getIdAllocator()
           
static WSSConfig getNewInstance()
           
 boolean getPasswordsAreEncoded()
           
 Processor getProcessor(javax.xml.namespace.QName el)
           
 int getSecretKeyLength()
          Get the secret key length to be used for UT_SIGN.
 boolean isEnableSignatureConfirmation()
           
 boolean isPrecisionInMilliSeconds()
          Checks if we need to use milliseconds in timestamps
 boolean isTimeStampStrict()
           
 boolean isWsiBSPCompliant()
          Checks if we are in WS-I Basic Security Profile compliance mode
 java.lang.String setAction(int code, Action action)
          Associate an action instance with a specific action code.
 java.lang.String setAction(int code, java.lang.String action)
          Associate an action name with a specific action code.
static void setAddJceProviders(boolean value)
          Set the value of the internal addJceProviders flag.
 void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes)
           
 void setEnableSignatureConfirmation(boolean enableSignatureConfirmation)
           
 void setHandleCustomPasswordTypes(boolean handleCustomTypes)
           
 void setIdAllocator(WsuIdAllocator idAllocator)
           
 void setPasswordsAreEncoded(boolean passwordsAreEncoded)
           
 void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds)
          Set the precision in milliseconds
 java.lang.String setProcessor(javax.xml.namespace.QName el, Processor processor)
          Associate a SOAP processor instance with a specified SOAP Security header element QName.
 java.lang.String setProcessor(javax.xml.namespace.QName el, java.lang.String name)
          Associate a SOAP processor name with a specified SOAP Security header element QName.
 void setSecretKeyLength(int length)
          Set the secret key length to be used for UT_SIGN.
 void setTimeStampStrict(boolean timeStampStrict)
           
 void setWsiBSPCompliant(boolean wsiBSPCompliant)
          Set the WS-I Basic Security Profile compliance mode.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

defaultConfig

protected static WSSConfig defaultConfig

wsiBSPCompliant

protected boolean wsiBSPCompliant

precisionInMilliSeconds

protected boolean precisionInMilliSeconds
Set the timestamp precision mode. If set to true then use timestamps with milliseconds, otherwise omit the milliseconds. As per XML Date/Time specification the default is to include the milliseconds.


enableSignatureConfirmation

protected boolean enableSignatureConfirmation

timeStampStrict

protected boolean timeStampStrict
If set to true then the timestamp handling will throw an exception if the timestamp contains an expires element and the semantics are expired. If set to false, no exception will be thrown, even if the semantics are expired.


handleCustomPasswordTypes

protected boolean handleCustomPasswordTypes
This variable controls whether types other than PasswordDigest or PasswordText are allowed when processing UsernameTokens. By default this is set to false so that the user doesn't have to explicitly reject custom token types in the callback handler.


allowNamespaceQualifiedPasswordTypes

protected boolean allowNamespaceQualifiedPasswordTypes
This variable controls whether (wsse) namespace qualified password types are accepted when processing UsernameTokens. By default this is set to false.


secretKeyLength

protected int secretKeyLength
The secret key length to be used for UT_SIGN.


passwordsAreEncoded

protected boolean passwordsAreEncoded
Whether the password should be treated as a binary value. This is needed to properly handle password equivalence for UsernameToken passwords. Binary passwords are Base64 encoded so they can be treated as strings in most places, but when the password digest is calculated or a key is derived from the password, the password will be Base64 decoded before being used. This is most useful for hashed passwords as password equivalents. See https://issues.apache.org/jira/browse/WSS-239


DEFAULT_ID_ALLOCATOR

public static WsuIdAllocator DEFAULT_ID_ALLOCATOR
The default wsu:Id allocator is a simple "start at 1 and increment up" thing that is very fast.


idAllocator

protected WsuIdAllocator idAllocator

jceProvider

protected java.util.HashMap jceProvider
Constructor Detail

WSSConfig

protected WSSConfig()
Method Detail

setAddJceProviders

public static void setAddJceProviders(boolean value)
Set the value of the internal addJceProviders flag. This flag turns on (or off) automatic registration of known JCE providers that provide necessary cryptographic algorithms for use with WSS4J. By default, this flag is true, for backwards compatibility. You may wish (or need) to initialize the JCE manually, e.g., in some JVMs.


getNewInstance

public static WSSConfig getNewInstance()
Returns:
a new WSSConfig instance configured with the default values (values identical to getDefaultWSConfig())

getDefaultWSConfig

public static WSSConfig getDefaultWSConfig()
returns a static WSConfig instance that is configured with the latest OASIS WS-Security settings.


isWsiBSPCompliant

public boolean isWsiBSPCompliant()
Checks if we are in WS-I Basic Security Profile compliance mode

Returns:
TODO

setWsiBSPCompliant

public void setWsiBSPCompliant(boolean wsiBSPCompliant)
Set the WS-I Basic Security Profile compliance mode. The default is false (dues to .Net interop problems).

Parameters:
wsiBSPCompliant -

isPrecisionInMilliSeconds

public boolean isPrecisionInMilliSeconds()
Checks if we need to use milliseconds in timestamps

Returns:
TODO

setPrecisionInMilliSeconds

public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds)
Set the precision in milliseconds

Parameters:
precisionInMilliSeconds - TODO

isEnableSignatureConfirmation

public boolean isEnableSignatureConfirmation()
Returns:
Returns the enableSignatureConfirmation.

setEnableSignatureConfirmation

public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation)
Parameters:
enableSignatureConfirmation - The enableSignatureConfirmation to set.

setHandleCustomPasswordTypes

public void setHandleCustomPasswordTypes(boolean handleCustomTypes)
Parameters:
handleCustomTypes - whether to handle custom UsernameToken password types or not

getHandleCustomPasswordTypes

public boolean getHandleCustomPasswordTypes()
Returns:
whether custom UsernameToken password types are allowed or not

setAllowNamespaceQualifiedPasswordTypes

public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes)
Parameters:
allowNamespaceQualifiedTypes - whether (wsse) namespace qualified password types are accepted or not

getAllowNamespaceQualifiedPasswordTypes

public boolean getAllowNamespaceQualifiedPasswordTypes()
Returns:
whether (wsse) namespace qualified password types are accepted or not

isTimeStampStrict

public boolean isTimeStampStrict()
Returns:
Returns if we shall throw an exception on expired request semantic

setTimeStampStrict

public void setTimeStampStrict(boolean timeStampStrict)
Parameters:
timeStampStrict - If true throw an exception on expired request semantic

setSecretKeyLength

public void setSecretKeyLength(int length)
Set the secret key length to be used for UT_SIGN.


getSecretKeyLength

public int getSecretKeyLength()
Get the secret key length to be used for UT_SIGN.


setPasswordsAreEncoded

public void setPasswordsAreEncoded(boolean passwordsAreEncoded)
Parameters:
passwordsAreEncoded - whether passwords are encoded

getPasswordsAreEncoded

public boolean getPasswordsAreEncoded()
Returns:
whether passwords are encoded

getIdAllocator

public WsuIdAllocator getIdAllocator()
Returns:
Returns the WsuIdAllocator used to generate wsu:Id attributes

setIdAllocator

public void setIdAllocator(WsuIdAllocator idAllocator)

setAction

public java.lang.String setAction(int code,
                                  java.lang.String action)
Associate an action name with a specific action code. This operation allows applications to supply their own actions for well-known operations.


setAction

public java.lang.String setAction(int code,
                                  Action action)
Associate an action instance with a specific action code. This operation allows applications to supply their own actions for well-known operations.


getAction

public Action getAction(int action)
                 throws WSSecurityException
Lookup action

Parameters:
action -
Returns:
An action class to create a security token
Throws:
WSSecurityException

setProcessor

public java.lang.String setProcessor(javax.xml.namespace.QName el,
                                     java.lang.String name)
Associate a SOAP processor name with a specified SOAP Security header element QName. Processors registered under this QName will be called when processing header elements with the specified type.


setProcessor

public java.lang.String setProcessor(javax.xml.namespace.QName el,
                                     Processor processor)
Associate a SOAP processor instance with a specified SOAP Security header element QName. Processors registered under this QName will be called when processing header elements with the specified type.


getProcessor

public Processor getProcessor(javax.xml.namespace.QName el)
                       throws WSSecurityException
Returns:
the SOAP processor associated with the specified QName. The QName is intended to refer to an element in a SOAP security header. This operation returns null if there is no processor associated with the specified QName.
Throws:
WSSecurityException

addJceProvider

public boolean addJceProvider(java.lang.String id,
                              java.lang.String className)
Add a new JCE security provider to use for WSS4J. If the provider is not already known the method loads a security provider class and adds the provider to the java security service.

Parameters:
id - The id string of the provider
className - Name of the class the implements the provider. This class must be a subclass of java.security.Provider
Returns:
Returns true if the provider was successfully added, false otherwise.


Copyright © 2004-2011 The Apache Software Foundation. All Rights Reserved.