Package org.apache.ws.security
Class WSSecurityEngine
java.lang.Object
org.apache.ws.security.WSSecurityEngine
WS-Security Engine.
- Author:
- Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final QName
wsse:BinarySecurityToken
as defined by WS Security specificationstatic final QName
wsc:DerivedKeyToken
as defined by WS-SecureConversation specificationstatic final QName
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SXstatic final QName
xenc:EncryptedKey
as defined by XML Encryption specification, enhanced by WS Security specificationstatic final QName
xenc:ReferenceList
as defined by XML Encryption specification,static final QName
saml:Assertion
as defined by SAML specificationstatic final QName
wsc:SecurityContextToken
as defined by WS-SecureConversation specificationstatic final QName
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in WS-SXstatic final QName
ds:Signature
as defined by XML Signature specification, enhanced by WS Security specificationstatic final QName
wsse11:signatureConfirmation
as defined by OASIS WS Security specification,static final QName
wsu:Timestamp
as defined by OASIS WS Security specification,static final QName
wsse:UsernameToken
as defined by WS Security specificationstatic final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic WSSecurityEngine
Get a singleton instance of security engine.processSecurityHeader
(Document doc, String actor, CallbackHandler cb, Crypto crypto) Process the security header given the soap envelope as W3C document.processSecurityHeader
(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given the soap envelope as W3C document.protected Vector
processSecurityHeader
(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given thewsse:Security
DOM Element.static void
setWssConfig
(WSSConfig wsc)
-
Field Details
-
VALUE_TYPE
- See Also:
-
binaryToken
wsse:BinarySecurityToken
as defined by WS Security specification -
usernameToken
wsse:UsernameToken
as defined by WS Security specification -
timeStamp
wsu:Timestamp
as defined by OASIS WS Security specification, -
signatureConfirmation
wsse11:signatureConfirmation
as defined by OASIS WS Security specification, -
SIGNATURE
ds:Signature
as defined by XML Signature specification, enhanced by WS Security specification -
ENCRYPTED_KEY
xenc:EncryptedKey
as defined by XML Encryption specification, enhanced by WS Security specification -
REFERENCE_LIST
xenc:ReferenceList
as defined by XML Encryption specification, -
SAML_TOKEN
saml:Assertion
as defined by SAML specification -
DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification -
SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken
as defined by WS-SecureConversation specification -
DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken
as defined by WS-SecureConversation specification in WS-SX -
SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken
as defined by WS-SecureConversation specification in WS-SX
-
-
Constructor Details
-
WSSecurityEngine
public WSSecurityEngine()
-
-
Method Details
-
getInstance
Get a singleton instance of security engine.- Returns:
- ws-security engine.
-
setWssConfig
- Parameters:
wsc
- set the static WSSConfig to other than default
-
processSecurityHeader
public Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto) throws WSSecurityException Process the security header given the soap envelope as W3C document. This is the main entry point to verify or decrypt a SOAP enevelope. First check if awsse:Security
is availabe with the defined actor.- Parameters:
doc
- the SOAP envelope asDocument
actor
- the engine works on behalf of thisactor
. Refer to the SOAP specification aboutactor
orrole
cb
- a callback hander to the caller to resolve passwords during encryption andUsernameToken
handlingcrypto
- the object that implements the access to the keystore and the handling of certificates.- Returns:
- a result vector
- Throws:
WSSecurityException
- See Also:
-
processSecurityHeader
public Vector processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException Process the security header given the soap envelope as W3C document. This is the main entry point to verify or decrypt a SOAP enevelope. First check if awsse:Security
is availabe with the defined actor.- Parameters:
doc
- the SOAP envelope asDocument
actor
- the engine works on behalf of thisactor
. Refer to the SOAP specification aboutactor
orrole
cb
- a callback hander to the caller to resolve passwords during encryption andUsernameToken
handlingsigCrypto
- the object that implements the access to the keystore and the handling of certificates for SignaturedecCrypto
- the object that implements the access to the keystore and the handling of certificates for Decryption- Returns:
- a result vector
- Throws:
WSSecurityException
- See Also:
-
processSecurityHeader
protected Vector processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) throws WSSecurityException Process the security header given thewsse:Security
DOM Element. This function loops over all direct child elements of thewsse:Security
header. If it finds a knwon element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in thewsse:Security
element. This is in accordance to the WS Security specification. Currently the functions can handle the following child elements:- Parameters:
securityHeader
- thewsse:Security
header elementcb
- a callback hander to the caller to resolve passwords during encryption andUsernameToken
handlingsigCrypto
- the object that implements the access to the keystore and the handling of certificates used for SignaturedecCrypto
- the object that implements the access to the keystore and the handling of certificates used for Decryption- Returns:
- a Vector of
WSSecurityEngineResult
. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed. - Throws:
WSSecurityException
-