org.apache.ws.security
Class WSSecurityEngine

java.lang.Object
  extended by org.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine
extends Object

WS-Security Engine.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

Field Summary
static QName BINARY_TOKEN
          wsse:BinarySecurityToken as defined by WS Security specification
static QName DERIVED_KEY_TOKEN_05_02
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification
static QName DERIVED_KEY_TOKEN_05_12
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
static QName ENCRYPTED_DATA
          xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification
static QName ENCRYPTED_KEY
          xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
static QName REFERENCE_LIST
          xenc:ReferenceList as defined by XML Encryption specification,
static QName SAML_TOKEN
          saml:Assertion as defined by SAML v1.1 specification
static QName SAML2_TOKEN
          saml:Assertion as defined by SAML v2.0 specification
static QName SECURITY_CONTEXT_TOKEN_05_02
          wsc:SecurityContextToken as defined by WS-SecureConversation specification
static QName SECURITY_CONTEXT_TOKEN_05_12
          wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
static QName SIGNATURE
          ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
static QName SIGNATURE_CONFIRMATION
          wsse11:signatureConfirmation as defined by OASIS WS Security specification,
static QName TIMESTAMP
          wsu:Timestamp as defined by OASIS WS Security specification,
static QName USERNAME_TOKEN
          wsse:UsernameToken as defined by WS Security specification
 
Constructor Summary
WSSecurityEngine()
           
 
Method Summary
 CallbackLookup getCallbackLookup()
          Get the CallbackLookup object to use to locate elements
 WSSConfig getWssConfig()
           
 List<WSSecurityEngineResult> processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto)
          Process the security header given the soap envelope as W3C document.
 List<WSSecurityEngineResult> processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the soap envelope as W3C document.
 List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the wsse:Security DOM Element.
 List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader, RequestData requestData)
          Process the security header given the wsse:Security DOM Element.
 void setCallbackLookup(CallbackLookup callbackLookup)
          Set the CallbackLookup object to use to locate elements
 WSSConfig setWssConfig(WSSConfig cfg)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

BINARY_TOKEN

public static final QName BINARY_TOKEN
wsse:BinarySecurityToken as defined by WS Security specification


USERNAME_TOKEN

public static final QName USERNAME_TOKEN
wsse:UsernameToken as defined by WS Security specification


TIMESTAMP

public static final QName TIMESTAMP
wsu:Timestamp as defined by OASIS WS Security specification,


SIGNATURE_CONFIRMATION

public static final QName SIGNATURE_CONFIRMATION
wsse11:signatureConfirmation as defined by OASIS WS Security specification,


SIGNATURE

public static final QName SIGNATURE
ds:Signature as defined by XML Signature specification, enhanced by WS Security specification


ENCRYPTED_KEY

public static final QName ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification


ENCRYPTED_DATA

public static final QName ENCRYPTED_DATA
xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification


REFERENCE_LIST

public static final QName REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification,


SAML_TOKEN

public static final QName SAML_TOKEN
saml:Assertion as defined by SAML v1.1 specification


SAML2_TOKEN

public static final QName SAML2_TOKEN
saml:Assertion as defined by SAML v2.0 specification


DERIVED_KEY_TOKEN_05_02

public static final QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken as defined by WS-SecureConversation specification


SECURITY_CONTEXT_TOKEN_05_02

public static final QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken as defined by WS-SecureConversation specification


DERIVED_KEY_TOKEN_05_12

public static final QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX


SECURITY_CONTEXT_TOKEN_05_12

public static final QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

Constructor Detail

WSSecurityEngine

public WSSecurityEngine()
Method Detail

getWssConfig

public final WSSConfig getWssConfig()
Returns:
the WSSConfig object set on this instance

setWssConfig

public final WSSConfig setWssConfig(WSSConfig cfg)
Parameters:
cfg - the WSSConfig instance for this WSSecurityEngine to use
Returns:
the WSSConfig instance previously set on this WSSecurityEngine instance

setCallbackLookup

public void setCallbackLookup(CallbackLookup callbackLookup)
Set the CallbackLookup object to use to locate elements

Parameters:
callbackLookup - the CallbackLookup object to use to locate elements

getCallbackLookup

public CallbackLookup getCallbackLookup()
Get the CallbackLookup object to use to locate elements

Returns:
the CallbackLookup object to use to locate elements

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Document doc,
                                                          String actor,
                                                          CallbackHandler cb,
                                                          Crypto crypto)
                                                   throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
crypto - the object that implements the access to the keystore and the handling of certificates.
Returns:
a result list
Throws:
WSSecurityException
See Also:
processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Document doc,
                                                          String actor,
                                                          CallbackHandler cb,
                                                          Crypto sigCrypto,
                                                          Crypto decCrypto)
                                                   throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
Returns:
a result list
Throws:
WSSecurityException
See Also:
processSecurityHeader( Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader,
                                                          CallbackHandler cb,
                                                          Crypto sigCrypto,
                                                          Crypto decCrypto)
                                                   throws WSSecurityException
Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:
securityHeader - the wsse:Security header element
cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling
sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
Returns:
a List of WSSecurityEngineResult. Each element in the the List represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The List may be empty if no security processing was performed.
Throws:
WSSecurityException

processSecurityHeader

public List<WSSecurityEngineResult> processSecurityHeader(Element securityHeader,
                                                          RequestData requestData)
                                                   throws WSSecurityException
Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:
securityHeader - the wsse:Security header element
requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing
Returns:
a List of WSSecurityEngineResult. Each element in the the List represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The List may be empty if no security processing was performed.
Throws:
WSSecurityException


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.