Package org.apache.wss4j.dom.engine

Class WSSecurityEngine

  • public class WSSecurityEngine
extends Object
    WS-Security Engine.

    • Constructor Detail

      • WSSecurityEngine

        public WSSecurityEngine()

    • Method Detail

      • getWssConfig

        public final WSSConfig getWssConfig()
        Returns:
        the WSSConfig object set on this instance

      • setWssConfig

        public final WSSConfig setWssConfig​(WSSConfig cfg)
        Parameters:
        cfg - the WSSConfig instance for this WSSecurityEngine to use
        Returns:
        the WSSConfig instance previously set on this WSSecurityEngine instance

      • setCallbackLookup

        public void setCallbackLookup​(CallbackLookup callbackLookup)
        Set the CallbackLookup object to use to locate elements
        Parameters:
        callbackLookup - the CallbackLookup object to use to locate elements

      • getCallbackLookup

        public CallbackLookup getCallbackLookup()
        Get the CallbackLookup object to use to locate elements
        Returns:
        the CallbackLookup object to use to locate elements

      • processSecurityHeader

        public WSHandlerResult processSecurityHeader​(Document doc,
                                             String actor,
                                             CallbackHandler cb,
                                             Crypto crypto)
                                      throws WSSecurityException
        Process the security header given the soap envelope as W3C document.

        This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

        Parameters:
        doc - the SOAP envelope as Document
        actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
        crypto - the object that implements the access to the keystore and the handling of certificates.
        Returns:
        a WSHandlerResult Object containing the results of processing the security header
        Throws:
        WSSecurityException
        See Also:
        WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto)

      • processSecurityHeader

        public WSHandlerResult processSecurityHeader​(Document doc,
                                             String actor,
                                             CallbackHandler cb,
                                             Crypto sigVerCrypto,
                                             Crypto decCrypto)
                                      throws WSSecurityException
        Process the security header given the soap envelope as W3C document.

        This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

        Parameters:
        doc - the SOAP envelope as Document
        actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
        sigVerCrypto - the object that implements the access to the keystore and the handling of certificates for Signature verification
        decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
        Returns:
        a WSHandlerResult Object containing the results of processing the security header
        Throws:
        WSSecurityException
        See Also:
        WSSecurityEngine#processSecurityHeader( Element securityHeader, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto)

      • processSecurityHeader

        public WSHandlerResult processSecurityHeader​(Element securityHeader,
                                             String actor,
                                             CallbackHandler cb,
                                             Crypto sigVerCrypto,
                                             Crypto decCrypto)
                                      throws WSSecurityException
        Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

        Currently the functions can handle the following child elements:

        • ds:Signature
        • xenc:EncryptedKey
        • xenc:ReferenceList
        • wsse:UsernameToken
        • wsu:Timestamp
        Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.
        Parameters:
        securityHeader - the wsse:Security header element
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
        sigVerCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature verification
        decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
        Returns:
        a WSHandlerResult Object containing the results of processing the security header
        Throws:
        WSSecurityException

      • processSecurityHeader

        public WSHandlerResult processSecurityHeader​(Document doc,
                                             RequestData requestData)
                                      throws WSSecurityException
        Process the security header given the soap envelope as W3C document.

        This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

        Parameters:
        doc - the SOAP envelope as Document
        requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing
        Returns:
        a WSHandlerResult Object containing the results of processing the security header
        Throws:
        WSSecurityException

      • processSecurityHeader

        public WSHandlerResult processSecurityHeader​(Element securityHeader,
                                             RequestData requestData)
                                      throws WSSecurityException
        Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

        Currently the functions can handle the following child elements:

        • ds:Signature
        • xenc:EncryptedKey
        • xenc:ReferenceList
        • wsse:UsernameToken
        • wsu:Timestamp
        Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.
        Parameters:
        securityHeader - the wsse:Security header element
        requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing
        Returns:
        a WSHandlerResult Object containing the results of processing the security header
        Throws:
        WSSecurityException