org.apache.ws.security
Class WSSConfig

java.lang.Object
  extended by org.apache.ws.security.WSSConfig

public class WSSConfig
extends Object

WSSConfig

Carries configuration data so the WSS4J spec compliance can be modified in runtime. Configure an instance of this object only if you need WSS4J to emulate certain industry clients or previous OASIS specifications for WS-Security interoperability testing purposes.

The default settings follow the latest OASIS and changing anything might violate the OASIS specs.

WARNING: changing the default settings will break the compliance with the latest specs. Do this only if you know what you are doing.

Author:
Rami Jaamour (rjaamour@parasoft.com), Werner Dittmann (werner@apache.org)

Field Summary
protected  boolean allowNamespaceQualifiedPasswordTypes
          This variable controls whether (wsse) namespace qualified password types are accepted when processing UsernameTokens.
static WsuIdAllocator DEFAULT_ID_ALLOCATOR
          The default wsu:Id allocator is a simple "start at 1 and increment up" thing that is very fast.
protected  boolean enableSignatureConfirmation
           
protected  boolean handleCustomPasswordTypes
          This variable controls whether types other than PasswordDigest or PasswordText are allowed when processing UsernameTokens.
protected  WsuIdAllocator idAllocator
           
protected  boolean passwordsAreEncoded
          Whether the password should be treated as a binary value.
protected  boolean precisionInMilliSeconds
          Set the timestamp precision mode.
protected  String requiredPasswordType
          If this value is not null, then username token handling will throw an exception if the password type of the Username Token does not match this value
protected  int secretKeyLength
          The secret key length to be used for UT_SIGN.
protected  int timeStampFutureTTL
          The time in seconds in the future within which the Created time of an incoming Timestamp is valid.
protected  boolean timeStampStrict
          If set to true then the timestamp handling will throw an exception if the timestamp contains an expires element and the semantics are expired.
protected  int timeStampTTL
          The time in seconds between creation and expiry for a Timestamp.
protected  boolean wsiBSPCompliant
           
 
Constructor Summary
WSSConfig()
           
 
Method Summary
static String addJceProvider(String name, Provider provider)
          Add a new JCE security provider to use for WSS4J, of the specified name and class.
static String addJceProvider(String name, String className)
          Add a new JCE security provider to use for WSS4J, of the specified name and class.
static void addXMLDSigRIInternal()
           
static String appendJceProvider(String name, Provider provider)
          Add a new JCE security provider to use for WSS4J, of the specified name and class.
static String appendJceProvider(String name, String className)
          Add a new JCE security provider to use for WSS4J, of the specified name and class.
 Action getAction(int action)
          Lookup action
 boolean getAllowNamespaceQualifiedPasswordTypes()
           
 boolean getHandleCustomPasswordTypes()
           
 WsuIdAllocator getIdAllocator()
           
static WSSConfig getNewInstance()
           
 boolean getPasswordsAreEncoded()
           
 Processor getProcessor(QName el)
           
 String getRequiredPasswordType()
           
 int getSecretKeyLength()
          Get the secret key length to be used for UT_SIGN.
 int getTimeStampFutureTTL()
           
 int getTimeStampTTL()
           
 Validator getValidator(QName el)
           
static void init()
           
 boolean isEnableSignatureConfirmation()
           
 boolean isPrecisionInMilliSeconds()
          Checks if we need to use milliseconds in timestamps
 boolean isTimeStampStrict()
           
 boolean isWsiBSPCompliant()
          Checks if we are in WS-I Basic Security Profile compliance mode
 Class<?> setAction(int code, Action action)
          Associate an action instance with a specific action code.
 Class<?> setAction(int code, Class<?> clazz)
          Associate an action instance with a specific action code.
static void setAddJceProviders(boolean value)
          Set the value of the internal addJceProviders flag.
 void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes)
           
 void setEnableSignatureConfirmation(boolean enableSignatureConfirmation)
           
 void setHandleCustomPasswordTypes(boolean handleCustomTypes)
           
 void setIdAllocator(WsuIdAllocator idAllocator)
           
 void setPasswordsAreEncoded(boolean passwordsAreEncoded)
           
 void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds)
          Set the precision in milliseconds for timestamps
 Class<?> setProcessor(QName el, Class<?> clazz)
          Associate a SOAP processor name with a specified SOAP Security header element QName.
 Class<?> setProcessor(QName el, Processor processor)
          Associate a SOAP processor name with a specified SOAP Security header element QName.
 void setRequiredPasswordType(String requiredPasswordType)
           
 void setSecretKeyLength(int length)
          Set the secret key length to be used for UT_SIGN.
 void setTimeStampFutureTTL(int timeStampFutureTTL)
           
 void setTimeStampStrict(boolean timeStampStrict)
           
 void setTimeStampTTL(int timeStampTTL)
           
 Class<?> setValidator(QName el, Class<?> clazz)
          Associate a SOAP validator name with a specified SOAP Security header element QName.
 Class<?> setValidator(QName el, Validator validator)
          Associate a SOAP validator name with a specified SOAP Security header element QName.
 void setWsiBSPCompliant(boolean wsiBSPCompliant)
          Set the WS-I Basic Security Profile compliance mode.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

wsiBSPCompliant

protected boolean wsiBSPCompliant

precisionInMilliSeconds

protected boolean precisionInMilliSeconds
Set the timestamp precision mode. If set to true then use timestamps with milliseconds, otherwise omit the milliseconds. As per XML Date/Time specification the default is to include the milliseconds.


enableSignatureConfirmation

protected boolean enableSignatureConfirmation

timeStampStrict

protected boolean timeStampStrict
If set to true then the timestamp handling will throw an exception if the timestamp contains an expires element and the semantics are expired. If set to false, no exception will be thrown, even if the semantics are expired.


requiredPasswordType

protected String requiredPasswordType
If this value is not null, then username token handling will throw an exception if the password type of the Username Token does not match this value


timeStampTTL

protected int timeStampTTL
The time in seconds between creation and expiry for a Timestamp. The default is 300 seconds (5 minutes).


timeStampFutureTTL

protected int timeStampFutureTTL
The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default is 60 seconds.


handleCustomPasswordTypes

protected boolean handleCustomPasswordTypes
This variable controls whether types other than PasswordDigest or PasswordText are allowed when processing UsernameTokens. By default this is set to false so that the user doesn't have to explicitly reject custom token types in the callback handler.


allowNamespaceQualifiedPasswordTypes

protected boolean allowNamespaceQualifiedPasswordTypes
This variable controls whether (wsse) namespace qualified password types are accepted when processing UsernameTokens. By default this is set to false.


secretKeyLength

protected int secretKeyLength
The secret key length to be used for UT_SIGN.


passwordsAreEncoded

protected boolean passwordsAreEncoded
Whether the password should be treated as a binary value. This is needed to properly handle password equivalence for UsernameToken passwords. Binary passwords are Base64 encoded so they can be treated as strings in most places, but when the password digest is calculated or a key is derived from the password, the password will be Base64 decoded before being used. This is most useful for hashed passwords as password equivalents. See https://issues.apache.org/jira/browse/WSS-239


DEFAULT_ID_ALLOCATOR

public static WsuIdAllocator DEFAULT_ID_ALLOCATOR
The default wsu:Id allocator is a simple "start at 1 and increment up" thing that is very fast.


idAllocator

protected WsuIdAllocator idAllocator
Constructor Detail

WSSConfig

public WSSConfig()
Method Detail

setAddJceProviders

public static void setAddJceProviders(boolean value)
Set the value of the internal addJceProviders flag. This flag turns on (or off) automatic registration of known JCE providers that provide necessary cryptographic algorithms for use with WSS4J. By default, this flag is true. You may wish (or need) to initialize the JCE manually, e.g., in some JVMs.


init

public static void init()

addXMLDSigRIInternal

public static void addXMLDSigRIInternal()

getNewInstance

public static WSSConfig getNewInstance()
Returns:
a new WSSConfig instance configured with the default values

isWsiBSPCompliant

public boolean isWsiBSPCompliant()
Checks if we are in WS-I Basic Security Profile compliance mode

Returns:
whether we are in WS-I Basic Security Profile compliance mode

setWsiBSPCompliant

public void setWsiBSPCompliant(boolean wsiBSPCompliant)
Set the WS-I Basic Security Profile compliance mode. The default is true.

Parameters:
wsiBSPCompliant -

isPrecisionInMilliSeconds

public boolean isPrecisionInMilliSeconds()
Checks if we need to use milliseconds in timestamps

Returns:
whether to use precision in milliseconds for timestamps

setPrecisionInMilliSeconds

public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds)
Set the precision in milliseconds for timestamps

Parameters:
precisionInMilliSeconds - whether to use precision in milliseconds for timestamps

isEnableSignatureConfirmation

public boolean isEnableSignatureConfirmation()
Returns:
Returns the enableSignatureConfirmation.

setEnableSignatureConfirmation

public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation)
Parameters:
enableSignatureConfirmation - The enableSignatureConfirmation to set.

setHandleCustomPasswordTypes

public void setHandleCustomPasswordTypes(boolean handleCustomTypes)
Parameters:
handleCustomTypes - whether to handle custom UsernameToken password types or not

getHandleCustomPasswordTypes

public boolean getHandleCustomPasswordTypes()
Returns:
whether custom UsernameToken password types are allowed or not

setAllowNamespaceQualifiedPasswordTypes

public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes)
Parameters:
allowNamespaceQualifiedTypes - whether (wsse) namespace qualified password types are accepted or not

getAllowNamespaceQualifiedPasswordTypes

public boolean getAllowNamespaceQualifiedPasswordTypes()
Returns:
whether (wsse) namespace qualified password types are accepted or not

isTimeStampStrict

public boolean isTimeStampStrict()
Returns:
Returns if we shall throw an exception on expired request semantic

setTimeStampStrict

public void setTimeStampStrict(boolean timeStampStrict)
Parameters:
timeStampStrict - If true throw an exception on expired request semantic

getRequiredPasswordType

public String getRequiredPasswordType()
Returns:
the required password type when processing a UsernameToken

setRequiredPasswordType

public void setRequiredPasswordType(String requiredPasswordType)
Parameters:
requiredPasswordType - The required password type when processing a Username Token.

getTimeStampTTL

public int getTimeStampTTL()
Returns:
Returns the TTL of a Timestamp in seconds

setTimeStampTTL

public void setTimeStampTTL(int timeStampTTL)
Parameters:
timeStampTTL - The new value for timeStampTTL

getTimeStampFutureTTL

public int getTimeStampFutureTTL()
Returns:
Returns the Future TTL of a Timestamp in seconds

setTimeStampFutureTTL

public void setTimeStampFutureTTL(int timeStampFutureTTL)
Parameters:
timeStampFutureTTL - he new value for timeStampFutureTTL

setSecretKeyLength

public void setSecretKeyLength(int length)
Set the secret key length to be used for UT_SIGN.


getSecretKeyLength

public int getSecretKeyLength()
Get the secret key length to be used for UT_SIGN.


setPasswordsAreEncoded

public void setPasswordsAreEncoded(boolean passwordsAreEncoded)
Parameters:
passwordsAreEncoded - whether passwords are encoded

getPasswordsAreEncoded

public boolean getPasswordsAreEncoded()
Returns:
whether passwords are encoded

getIdAllocator

public WsuIdAllocator getIdAllocator()
Returns:
Returns the WsuIdAllocator used to generate wsu:Id attributes

setIdAllocator

public void setIdAllocator(WsuIdAllocator idAllocator)

setAction

public Class<?> setAction(int code,
                          Action action)
Associate an action instance with a specific action code. This operation allows applications to supply their own actions for well-known operations. Please note that the Action object does NOT get class-loaded per invocation, and so it is up to the implementing class to ensure that it is thread-safe.


setAction

public Class<?> setAction(int code,
                          Class<?> clazz)
Associate an action instance with a specific action code. This operation allows applications to supply their own actions for well-known operations.


getAction

public Action getAction(int action)
                 throws WSSecurityException
Lookup action

Parameters:
action -
Returns:
An action class to create a security token
Throws:
WSSecurityException

setProcessor

public Class<?> setProcessor(QName el,
                             Processor processor)
Associate a SOAP processor name with a specified SOAP Security header element QName. Processors registered under this QName will be called when processing header elements with the specified type. Please note that the Processor object does NOT get class-loaded per invocation, and so it is up to the implementing class to ensure that it is thread-safe.


setProcessor

public Class<?> setProcessor(QName el,
                             Class<?> clazz)
Associate a SOAP processor name with a specified SOAP Security header element QName. Processors registered under this QName will be called when processing header elements with the specified type.


setValidator

public Class<?> setValidator(QName el,
                             Validator validator)
Associate a SOAP validator name with a specified SOAP Security header element QName. Validators registered under this QName will be called when processing header elements with the specified type. Please note that the Validator object does NOT get class-loaded per invocation, and so it is up to the implementing class to ensure that it is thread-safe.


setValidator

public Class<?> setValidator(QName el,
                             Class<?> clazz)
Associate a SOAP validator name with a specified SOAP Security header element QName. validator registered under this QName will be called when processing header elements with the specified type.


getValidator

public Validator getValidator(QName el)
                       throws WSSecurityException
Returns:
the SOAP Validator associated with the specified QName. The QName is intended to refer to an element in a SOAP security header. This operation returns null if there is no Validator associated with the specified QName.
Throws:
WSSecurityException

getProcessor

public Processor getProcessor(QName el)
                       throws WSSecurityException
Returns:
the SOAP processor associated with the specified QName. The QName is intended to refer to an element in a SOAP security header. This operation returns null if there is no processor associated with the specified QName.
Throws:
WSSecurityException

addJceProvider

public static String addJceProvider(String name,
                                    String className)
Add a new JCE security provider to use for WSS4J, of the specified name and class. Return either the name of the previously loaded provider, the name of the new loaded provider, or null if there's an exception in loading the provider. Add the provider either after the SUN provider (see WSS-99), or the IBMJCE provider. Otherwise fall back to the old behaviour of inserting the provider in position 2.

Parameters:
name - The name string of the provider (this may not be the real name of the provider)
className - Name of the class the implements the provider. This class must be a subclass of java.security.Provider
Returns:
Returns the actual name of the provider that was loaded

addJceProvider

public static String addJceProvider(String name,
                                    Provider provider)
Add a new JCE security provider to use for WSS4J, of the specified name and class. Return either the name of the previously loaded provider, the name of the new loaded provider, or null if there's an exception in loading the provider. Add the provider either after the SUN provider (see WSS-99), or the IBMJCE provider. Otherwise fall back to the old behaviour of inserting the provider in position 2.

Parameters:
name - The name string of the provider (this may not be the real name of the provider)
provider - A subclass of java.security.Provider
Returns:
Returns the actual name of the provider that was loaded

appendJceProvider

public static String appendJceProvider(String name,
                                       String className)
Add a new JCE security provider to use for WSS4J, of the specified name and class. Return either the name of the previously loaded provider, the name of the new loaded provider, or null if there's an exception in loading the provider. Append the provider to the provider list.

Parameters:
name - The name string of the provider (this may not be the real name of the provider)
className - Name of the class the implements the provider. This class must be a subclass of java.security.Provider
Returns:
Returns the actual name of the provider that was loaded

appendJceProvider

public static String appendJceProvider(String name,
                                       Provider provider)
Add a new JCE security provider to use for WSS4J, of the specified name and class. Return either the name of the previously loaded provider, the name of the new loaded provider, or null if there's an exception in loading the provider. Append the provider to the provider list.

Parameters:
name - The name string of the provider (this may not be the real name of the provider)
provider - A subclass of java.security.Provider
Returns:
Returns the actual name of the provider that was loaded


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.