Class WSSecurityEngine

java.lang.Object
org.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine extends Object
WS-Security Engine.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).
  • Field Details

    • VALUE_TYPE

      public static final String VALUE_TYPE
      See Also:
    • binaryToken

      public static final QName binaryToken
      wsse:BinarySecurityToken as defined by WS Security specification
    • usernameToken

      public static final QName usernameToken
      wsse:UsernameToken as defined by WS Security specification
    • timeStamp

      public static final QName timeStamp
      wsu:Timestamp as defined by OASIS WS Security specification,
    • signatureConfirmation

      public static final QName signatureConfirmation
      wsse11:signatureConfirmation as defined by OASIS WS Security specification,
    • SIGNATURE

      public static final QName SIGNATURE
      ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
    • ENCRYPTED_KEY

      public static final QName ENCRYPTED_KEY
      xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
    • REFERENCE_LIST

      public static final QName REFERENCE_LIST
      xenc:ReferenceList as defined by XML Encryption specification,
    • SAML_TOKEN

      public static final QName SAML_TOKEN
      saml:Assertion as defined by SAML specification
    • DERIVED_KEY_TOKEN_05_02

      public static final QName DERIVED_KEY_TOKEN_05_02
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification
    • SECURITY_CONTEXT_TOKEN_05_02

      public static final QName SECURITY_CONTEXT_TOKEN_05_02
      wsc:SecurityContextToken as defined by WS-SecureConversation specification
    • DERIVED_KEY_TOKEN_05_12

      public static final QName DERIVED_KEY_TOKEN_05_12
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
    • SECURITY_CONTEXT_TOKEN_05_12

      public static final QName SECURITY_CONTEXT_TOKEN_05_12
      wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
  • Constructor Details

    • WSSecurityEngine

      public WSSecurityEngine()
  • Method Details

    • getInstance

      public static WSSecurityEngine getInstance()
      Get a singleton instance of security engine.

      Returns:
      ws-security engine.
    • setWssConfig

      public static void setWssConfig(WSSConfig wsc)
      Parameters:
      wsc - set the static WSSConfig to other than default
    • processSecurityHeader

      public Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto) throws WSSecurityException
      Process the security header given the soap envelope as W3C document.

      This is the main entry point to verify or decrypt a SOAP enevelope. First check if a wsse:Security is availabe with the defined actor.

      Parameters:
      doc - the SOAP envelope as Document
      actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
      crypto - the object that implements the access to the keystore and the handling of certificates.
      Returns:
      a result vector
      Throws:
      WSSecurityException
      See Also:
    • processSecurityHeader

      public Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
      Process the security header given the soap envelope as W3C document.

      This is the main entry point to verify or decrypt a SOAP enevelope. First check if a wsse:Security is availabe with the defined actor.

      Parameters:
      doc - the SOAP envelope as Document
      actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
      sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature
      decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
      Returns:
      a result vector
      Throws:
      WSSecurityException
      See Also:
    • processSecurityHeader

      protected Vector processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException
      Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a knwon element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

      Currently the functions can handle the following child elements:

      Parameters:
      securityHeader - the wsse:Security header element
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling
      sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature
      decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
      Returns:
      a Vector of WSSecurityEngineResult. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed.
      Throws:
      WSSecurityException