org.apache.cxf.ws.security.wss4j
Class WSS4JInInterceptor
java.lang.Object
org.apache.ws.security.handler.WSHandler
org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
- All Implemented Interfaces:
- org.apache.cxf.binding.soap.interceptor.SoapInterceptor, org.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>
- Direct Known Subclasses:
- AbstractUsernameTokenAuthenticatingInterceptor, PolicyBasedWSS4JInInterceptor
public class WSS4JInInterceptor
- extends AbstractWSS4JInterceptor
Performs WS-Security inbound actions.
- Author:
- Tomasz Sztelak
| Fields inherited from class org.apache.ws.security.handler.WSHandler |
cryptos, secEngine |
|
Method Summary |
protected void |
advanceBody(org.apache.cxf.binding.soap.SoapMessage msg,
Node body)
|
protected void |
computeAction(org.apache.cxf.binding.soap.SoapMessage msg,
org.apache.ws.security.handler.RequestData reqData)
Do whatever is necessary to determine the action for the incoming message and
do whatever other setup work is necessary. |
protected org.apache.cxf.security.SecurityContext |
createSecurityContext(Principal p)
|
protected org.apache.cxf.interceptor.security.SAMLSecurityContext |
createSecurityContext(Principal p,
List<String> roles)
|
protected static org.apache.ws.security.WSSecurityEngine |
createSecurityEngine(Map<QName,Object> map)
|
protected void |
doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
|
protected void |
doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult,
boolean utWithCallbacks)
|
Collection<org.apache.cxf.phase.PhaseInterceptor<? extends org.apache.cxf.message.Message>> |
getAdditionalInterceptors()
|
protected CallbackHandler |
getCallback(org.apache.ws.security.handler.RequestData reqData,
int doAction)
|
protected CallbackHandler |
getCallback(org.apache.ws.security.handler.RequestData reqData,
int doAction,
boolean utWithCallbacks)
|
Object |
getProperty(Object msgContext,
String key)
|
protected org.apache.ws.security.cache.ReplayCache |
getReplayCache(org.apache.cxf.binding.soap.SoapMessage message,
String booleanKey,
String instanceKey)
Get a ReplayCache instance. |
protected org.apache.ws.security.WSSecurityEngine |
getSecurityEngine(boolean utWithCallbacks)
|
void |
handleMessage(org.apache.cxf.binding.soap.SoapMessage msg)
|
boolean |
isGET(org.apache.cxf.binding.soap.SoapMessage message)
|
protected boolean |
isSecurityContextPrincipal(Principal p,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
Checks if a given WSS4J Principal can be represented as a user principal
inside SecurityContext. |
protected void |
setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message,
org.apache.ws.security.handler.RequestData data)
Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are allowed for encryption, signature, etc. |
void |
setIgnoreActions(boolean i)
|
| Methods inherited from class org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor |
getAfter, getBefore, getId, getOption, getPassword, getPhase, getProperties, getRoles, getUnderstoodHeaders, handleFault, isRequestor, loadCryptoFromPropertiesFile, postHandleMessage, setAfter, setBefore, setId, setPassword, setPhase, setProperties, setProperty, setProperty, translateProperties |
| Methods inherited from class org.apache.ws.security.handler.WSHandler |
checkReceiverResults, checkReceiverResultsAnyOrder, checkSignatureConfirmation, decodeAlgorithmSuite, decodeBooleanConfigValue, decodeBSPCompliance, decodeCustomPasswordTypes, decodeDecryptionParameter, decodeEnableSignatureConfirmation, decodeEncryptionParameter, decodeFutureTimeToLive, decodeMustUnderstand, decodeNamespaceQualifiedPasswordTypes, decodePasswordType, decodePasswordTypeStrict, decodeRequireSignedEncryptedDataElements, decodeSignatureParameter, decodeSignatureParameter2, decodeTimestampPrecision, decodeTimestampStrict, decodeTimeToLive, decodeUseEncodedPasswords, decodeUseSingleCertificate, decodeUTParameter, doReceiverAction, doSenderAction, getCallbackHandler, getClassLoader, getPasswordCallbackHandler, getPasswordCB, getString, getStringOption, loadCrypto, loadDecryptionCrypto, loadEncryptionCrypto, loadSignatureCrypto |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SAML_ROLE_ATTRIBUTENAME_DEFAULT
public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT
- This configuration tag specifies the default attribute name where the roles are present
The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
- See Also:
- Constant Field Values
TIMESTAMP_RESULT
public static final String TIMESTAMP_RESULT
- See Also:
- Constant Field Values
SIGNATURE_RESULT
public static final String SIGNATURE_RESULT
- See Also:
- Constant Field Values
PRINCIPAL_RESULT
public static final String PRINCIPAL_RESULT
- See Also:
- Constant Field Values
PROCESSOR_MAP
public static final String PROCESSOR_MAP
- See Also:
- Constant Field Values
VALIDATOR_MAP
public static final String VALIDATOR_MAP
- See Also:
- Constant Field Values
SECURITY_PROCESSED
public static final String SECURITY_PROCESSED
WSS4JInInterceptor
public WSS4JInInterceptor()
WSS4JInInterceptor
public WSS4JInInterceptor(boolean ignore)
WSS4JInInterceptor
public WSS4JInInterceptor(Map<String,Object> properties)
getAdditionalInterceptors
public Collection<org.apache.cxf.phase.PhaseInterceptor<? extends org.apache.cxf.message.Message>> getAdditionalInterceptors()
- Specified by:
getAdditionalInterceptors in interface org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>- Overrides:
getAdditionalInterceptors in class AbstractWSS4JInterceptor
setIgnoreActions
public void setIgnoreActions(boolean i)
getProperty
public Object getProperty(Object msgContext,
String key)
- Overrides:
getProperty in class AbstractWSS4JInterceptor
isGET
public final boolean isGET(org.apache.cxf.binding.soap.SoapMessage message)
handleMessage
public void handleMessage(org.apache.cxf.binding.soap.SoapMessage msg)
throws org.apache.cxf.interceptor.Fault
- Throws:
org.apache.cxf.interceptor.Fault
computeAction
protected void computeAction(org.apache.cxf.binding.soap.SoapMessage msg,
org.apache.ws.security.handler.RequestData reqData)
throws org.apache.ws.security.WSSecurityException
- Do whatever is necessary to determine the action for the incoming message and
do whatever other setup work is necessary.
- Parameters:
msg - reqData -
- Throws:
org.apache.ws.security.WSSecurityException
setAlgorithmSuites
protected void setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message,
org.apache.ws.security.handler.RequestData data)
throws org.apache.ws.security.WSSecurityException
- Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
algorithms that are allowed for encryption, signature, etc.
- Throws:
org.apache.ws.security.WSSecurityException
doResults
protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
throws SOAPException,
XMLStreamException,
org.apache.ws.security.WSSecurityException
- Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException
doResults
protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg,
String actor,
Element soapHeader,
Element soapBody,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult,
boolean utWithCallbacks)
throws SOAPException,
XMLStreamException,
org.apache.ws.security.WSSecurityException
- Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException
isSecurityContextPrincipal
protected boolean isSecurityContextPrincipal(Principal p,
List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
- Checks if a given WSS4J Principal can be represented as a user principal
inside SecurityContext. Example, UsernameToken or PublicKey principals can
be used to facilitate checking the user roles, etc.
advanceBody
protected void advanceBody(org.apache.cxf.binding.soap.SoapMessage msg,
Node body)
throws SOAPException,
XMLStreamException,
org.apache.ws.security.WSSecurityException
- Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException
createSecurityContext
protected org.apache.cxf.security.SecurityContext createSecurityContext(Principal p)
createSecurityContext
protected org.apache.cxf.interceptor.security.SAMLSecurityContext createSecurityContext(Principal p,
List<String> roles)
getCallback
protected CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData,
int doAction,
boolean utWithCallbacks)
throws org.apache.ws.security.WSSecurityException
- Throws:
org.apache.ws.security.WSSecurityException
getCallback
protected CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData,
int doAction)
throws org.apache.ws.security.WSSecurityException
- Throws:
org.apache.ws.security.WSSecurityException
getSecurityEngine
protected org.apache.ws.security.WSSecurityEngine getSecurityEngine(boolean utWithCallbacks)
- Returns:
- the WSSecurityEngine in use by this interceptor.
This engine is defined to be the secEngineOverride
instance, if defined in this class (and supplied through
construction); otherwise, it is taken to be the default
WSSecEngine instance (currently defined in the WSHandler
base class).
createSecurityEngine
protected static org.apache.ws.security.WSSecurityEngine createSecurityEngine(Map<QName,Object> map)
- Returns:
- a freshly minted WSSecurityEngine instance, using the
(non-null) processor map, to be used to initialize the
WSSecurityEngine instance.
getReplayCache
protected org.apache.ws.security.cache.ReplayCache getReplayCache(org.apache.cxf.binding.soap.SoapMessage message,
String booleanKey,
String instanceKey)
- Get a ReplayCache instance. It first checks to see whether caching has been explicitly
enabled or disabled via the booleanKey argument. If it has been set to false then no
replay caching is done (for this booleanKey). If it has not been specified, then caching
is enabled only if we are not the initiator of the exchange. If it has been specified, then
caching is enabled.
It tries to get an instance of ReplayCache via the instanceKey argument from a
contextual property, and failing that the message exchange. If it can't find any, then it
defaults to using an EH-Cache instance and stores that on the message exchange.
Apache CXF