Package org.apache.ws.security

Class WSSecurityEngine

  • public class WSSecurityEngine
extends java.lang.Object
    WS-Security Engine.

    Author:
    Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static javax.xml.namespace.QName binaryToken
      wsse:BinarySecurityToken as defined by WS Security specification
      static javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_02
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification
      static javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_12
      wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
      static javax.xml.namespace.QName ENCRYPTED_KEY
      xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
      static javax.xml.namespace.QName REFERENCE_LIST
      xenc:ReferenceList as defined by XML Encryption specification,
      static javax.xml.namespace.QName SAML_TOKEN
      saml:Assertion as defined by SAML specification
      static javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_02
      wsc:SecurityContextToken as defined by WS-SecureConversation specification
      static javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_12
      wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
      static javax.xml.namespace.QName SIGNATURE
      ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
      static javax.xml.namespace.QName signatureConfirmation
      wsse11:signatureConfirmation as defined by OASIS WS Security specification,
      static javax.xml.namespace.QName timeStamp
      wsu:Timestamp as defined by OASIS WS Security specification,
      static javax.xml.namespace.QName usernameToken
      wsse:UsernameToken as defined by WS Security specification
      static java.lang.String VALUE_TYPE  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static WSSecurityEngine getInstance()
      Get a singleton instance of security engine.
      java.util.Vector processSecurityHeader​(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto crypto)
      Process the security header given the soap envelope as W3C document.
      java.util.Vector processSecurityHeader​(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
      Process the security header given the soap envelope as W3C document.
      protected java.util.Vector processSecurityHeader​(org.w3c.dom.Element securityHeader, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
      Process the security header given the wsse:Security DOM Element.
      static void setWssConfig​(WSSConfig wsc)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • binaryToken

        public static final javax.xml.namespace.QName binaryToken
        wsse:BinarySecurityToken as defined by WS Security specification

      • usernameToken

        public static final javax.xml.namespace.QName usernameToken
        wsse:UsernameToken as defined by WS Security specification

      • timeStamp

        public static final javax.xml.namespace.QName timeStamp
        wsu:Timestamp as defined by OASIS WS Security specification,

      • signatureConfirmation

        public static final javax.xml.namespace.QName signatureConfirmation
        wsse11:signatureConfirmation as defined by OASIS WS Security specification,

      • SIGNATURE

        public static final javax.xml.namespace.QName SIGNATURE
        ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

      • ENCRYPTED_KEY

        public static final javax.xml.namespace.QName ENCRYPTED_KEY
        xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

      • REFERENCE_LIST

        public static final javax.xml.namespace.QName REFERENCE_LIST
        xenc:ReferenceList as defined by XML Encryption specification,

      • SAML_TOKEN

        public static final javax.xml.namespace.QName SAML_TOKEN
        saml:Assertion as defined by SAML specification

      • DERIVED_KEY_TOKEN_05_02

        public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_02
        wsc:DerivedKeyToken as defined by WS-SecureConversation specification

      • SECURITY_CONTEXT_TOKEN_05_02

        public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_02
        wsc:SecurityContextToken as defined by WS-SecureConversation specification

      • DERIVED_KEY_TOKEN_05_12

        public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_12
        wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

      • SECURITY_CONTEXT_TOKEN_05_12

        public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_12
        wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

    • Constructor Detail

      • WSSecurityEngine

        public WSSecurityEngine()

    • Method Detail

      • getInstance

        public static WSSecurityEngine getInstance()
        Get a singleton instance of security engine.

        Returns:
        ws-security engine.

      • setWssConfig

        public static void setWssConfig​(WSSConfig wsc)
        Parameters:
        wsc - set the static WSSConfig to other than default

      • processSecurityHeader

        public java.util.Vector processSecurityHeader​(org.w3c.dom.Document doc,
                                              java.lang.String actor,
                                              javax.security.auth.callback.CallbackHandler cb,
                                              Crypto crypto)
                                       throws WSSecurityException
        Process the security header given the soap envelope as W3C document.

        This is the main entry point to verify or decrypt a SOAP enevelope. First check if a wsse:Security is availabe with the defined actor.

        Parameters:
        doc - the SOAP envelope as Document
        actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
        crypto - the object that implements the access to the keystore and the handling of certificates.
        Returns:
        a result vector
        Throws:
        WSSecurityException
        See Also:
        processSecurityHeader(Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)

      • processSecurityHeader

        public java.util.Vector processSecurityHeader​(org.w3c.dom.Document doc,
                                              java.lang.String actor,
                                              javax.security.auth.callback.CallbackHandler cb,
                                              Crypto sigCrypto,
                                              Crypto decCrypto)
                                       throws WSSecurityException
        Process the security header given the soap envelope as W3C document.

        This is the main entry point to verify or decrypt a SOAP enevelope. First check if a wsse:Security is availabe with the defined actor.

        Parameters:
        doc - the SOAP envelope as Document
        actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
        sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature
        decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
        Returns:
        a result vector
        Throws:
        WSSecurityException
        See Also:
        processSecurityHeader(Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)

      • processSecurityHeader

        protected java.util.Vector processSecurityHeader​(org.w3c.dom.Element securityHeader,
                                                 javax.security.auth.callback.CallbackHandler cb,
                                                 Crypto sigCrypto,
                                                 Crypto decCrypto)
                                          throws WSSecurityException
        Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a knwon element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

        Currently the functions can handle the following child elements:

        Parameters:
        securityHeader - the wsse:Security header element
        cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling
        sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature
        decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
        Returns:
        a Vector of WSSecurityEngineResult. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed.
        Throws:
        WSSecurityException