Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.ws.security
Class WSSecurityEngine

java.lang.Object
  extended by org.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine
extends Object

WS-Security Engine.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

Field Summary
static QName binaryToken
          wsse:BinarySecurityToken as defined by WS Security specification
static QName DERIVED_KEY_TOKEN_05_02
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification
static QName DERIVED_KEY_TOKEN_05_12
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
static QName ENCRYPTED_DATA
          xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification
static QName ENCRYPTED_KEY
          xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
static QName REFERENCE_LIST
          xenc:ReferenceList as defined by XML Encryption specification,
static QName SAML_TOKEN
          saml:Assertion as defined by SAML specification
static QName SAML2_TOKEN
           
static QName SECURITY_CONTEXT_TOKEN_05_02
          wsc:SecurityContextToken as defined by WS-SecureConversation specification
static QName SECURITY_CONTEXT_TOKEN_05_12
          wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
static QName SIGNATURE
          ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
static QName signatureConfirmation
          wsse11:signatureConfirmation as defined by OASIS WS Security specification,
static QName timeStamp
          wsu:Timestamp as defined by OASIS WS Security specification,
static QName usernameToken
          wsse:UsernameToken as defined by WS Security specification
static String VALUE_TYPE
           
 
Constructor Summary
WSSecurityEngine()
           
 
Method Summary
static WSSecurityEngine getInstance()
          Get a singleton instance of security engine.
 WSSConfig getWssConfig()
           
 Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto)
          Process the security header given the soap envelope as W3C document.
 Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the soap envelope as W3C document.
protected  Vector processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the wsse:Security DOM Element.
 WSSConfig setWssConfig(WSSConfig cfg)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VALUE_TYPE

public static final String VALUE_TYPE
See Also:
Constant Field Values

binaryToken

public static final QName binaryToken
wsse:BinarySecurityToken as defined by WS Security specification

usernameToken

public static final QName usernameToken
wsse:UsernameToken as defined by WS Security specification

timeStamp

public static final QName timeStamp
wsu:Timestamp as defined by OASIS WS Security specification,

signatureConfirmation

public static final QName signatureConfirmation
wsse11:signatureConfirmation as defined by OASIS WS Security specification,

SIGNATURE

public static final QName SIGNATURE
ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

ENCRYPTED_KEY

public static final QName ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

ENCRYPTED_DATA

public static final QName ENCRYPTED_DATA
xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification

REFERENCE_LIST

public static final QName REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification,

SAML_TOKEN

public static final QName SAML_TOKEN
saml:Assertion as defined by SAML specification

SAML2_TOKEN

public static final QName SAML2_TOKEN

DERIVED_KEY_TOKEN_05_02

public static final QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken as defined by WS-SecureConversation specification

SECURITY_CONTEXT_TOKEN_05_02

public static final QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken as defined by WS-SecureConversation specification

DERIVED_KEY_TOKEN_05_12

public static final QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

SECURITY_CONTEXT_TOKEN_05_12

public static final QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

Constructor Detail

WSSecurityEngine

public WSSecurityEngine()
Method Detail

getInstance

public static WSSecurityEngine getInstance()
Get a singleton instance of security engine.

Returns:
ws-security engine.

getWssConfig

public final WSSConfig getWssConfig()
Returns:
the WSSConfig object set on this instance, or the statically defined one, if the instance-level config object is null.

setWssConfig

public final WSSConfig setWssConfig(WSSConfig cfg)
Parameters:
cfg - the WSSConfig instance for this WSSecurityEngine to use
Returns:
the WSSConfig instance previously set on this WSSecurityEngine instance

processSecurityHeader

public Vector processSecurityHeader(Document doc,
                                    String actor,
                                    CallbackHandler cb,
                                    Crypto crypto)
                             throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
crypto - the object that implements the access to the keystore and the handling of certificates.
Returns:
a result vector
Throws:
WSSecurityException
See Also:
processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public Vector processSecurityHeader(Document doc,
                                    String actor,
                                    CallbackHandler cb,
                                    Crypto sigCrypto,
                                    Crypto decCrypto)
                             throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
Returns:
a result vector
Throws:
WSSecurityException
See Also:
processSecurityHeader( Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

protected Vector processSecurityHeader(Element securityHeader,
                                       CallbackHandler cb,
                                       Crypto sigCrypto,
                                       Crypto decCrypto)
                                throws WSSecurityException
Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:
securityHeader - the wsse:Security header element
cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling
sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
Returns:
a Vector of WSSecurityEngineResult. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed.
Throws:
WSSecurityException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2015 The Apache Software Foundation. All Rights Reserved.