|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.ws.security.handler.WSHandler org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor
public abstract class AbstractUsernameTokenAuthenticatingInterceptor
Base class providing an extensibility point for populating javax.security.auth.Subject from a current UsernameToken. WSS4J requires a password for validating digests which may not be available when external security systems provide for the authentication. This class implements WSS4J Processor interface so that it can delegate a UsernameToken validation to an external system. In order to handle digests, this class currently creates a new WSS4J Security Engine for every request. If clear text passwords are expected then a supportDigestPasswords boolean property with a false value can be used to disable creating security engines. Note that if a UsernameToken containing a clear text password has been encrypted then an application is expected to provide a password callback handler for decrypting the token only.
Nested Class Summary | |
---|---|
protected class |
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator
|
Field Summary |
---|
Fields inherited from class org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor |
---|
PRINCIPAL_RESULT, PROCESSOR_MAP, SAML_ROLE_ATTRIBUTENAME_DEFAULT, SECURITY_PROCESSED, SIGNATURE_RESULT, TIMESTAMP_RESULT, VALIDATOR_MAP |
Fields inherited from class org.apache.ws.security.handler.WSHandler |
---|
cryptos, secEngine |
Constructor Summary | |
---|---|
AbstractUsernameTokenAuthenticatingInterceptor()
|
|
AbstractUsernameTokenAuthenticatingInterceptor(Map<String,Object> properties)
|
Method Summary | |
---|---|
protected SecurityContext |
createSecurityContext(Principal p)
|
protected abstract Subject |
createSubject(String name,
String password,
boolean isDigest,
String nonce,
String created)
Create a Subject representing a current user and its roles. |
protected SecurityContext |
doCreateSecurityContext(Principal p,
Subject subject)
Creates default SecurityContext which implements isUserInRole using the following approach : skip the first Subject principal, and then check optional Groups the principal is a member of. |
protected org.apache.ws.security.WSSecurityEngine |
getSecurityEngine(boolean utNoCallbacks)
|
boolean |
getSupportDigestPasswords()
|
void |
handleMessage(SoapMessage msg)
Intercepts a message. |
protected void |
setSubject(String name,
String password,
boolean isDigest,
String nonce,
String created)
|
void |
setSupportDigestPasswords(boolean support)
|
Methods inherited from class org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor |
---|
advanceBody, computeAction, createSecurityContext, createSecurityEngine, doResults, doResults, getAdditionalInterceptors, getCallback, getCallback, getProperty, getReplayCache, isGET, isSecurityContextPrincipal, setIgnoreActions |
Methods inherited from class org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor |
---|
getAfter, getBefore, getId, getOption, getPassword, getPhase, getProperties, getRoles, getUnderstoodHeaders, handleFault, isRequestor, loadCrypto, loadCryptoFromPropertiesFile, postHandleMessage, setAfter, setBefore, setId, setPassword, setPhase, setProperties, setProperty, setProperty, translateProperties |
Methods inherited from class org.apache.ws.security.handler.WSHandler |
---|
checkReceiverResults, checkReceiverResultsAnyOrder, checkSignatureConfirmation, decodeBooleanConfigValue, decodeBSPCompliance, decodeCustomPasswordTypes, decodeDecryptionParameter, decodeEnableSignatureConfirmation, decodeEncryptionParameter, decodeFutureTimeToLive, decodeMustUnderstand, decodeNamespaceQualifiedPasswordTypes, decodePasswordType, decodePasswordTypeStrict, decodeRequireSignedEncryptedDataElements, decodeSignatureParameter, decodeSignatureParameter2, decodeTimestampPrecision, decodeTimestampStrict, decodeTimeToLive, decodeUseEncodedPasswords, decodeUseSingleCertificate, decodeUTParameter, doReceiverAction, doSenderAction, getCallbackHandler, getClassLoader, getPasswordCallbackHandler, getPasswordCB, getString, getStringOption, loadDecryptionCrypto, loadEncryptionCrypto, loadSignatureCrypto |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public AbstractUsernameTokenAuthenticatingInterceptor()
public AbstractUsernameTokenAuthenticatingInterceptor(Map<String,Object> properties)
Method Detail |
---|
public void setSupportDigestPasswords(boolean support)
public boolean getSupportDigestPasswords()
public void handleMessage(SoapMessage msg) throws Fault
Interceptor
handleMessage
in interface Interceptor<SoapMessage>
handleMessage
in class WSS4JInInterceptor
Fault
protected SecurityContext createSecurityContext(Principal p)
createSecurityContext
in class WSS4JInInterceptor
protected SecurityContext doCreateSecurityContext(Principal p, Subject subject)
p
- principalsubject
- subject
protected void setSubject(String name, String password, boolean isDigest, String nonce, String created) throws org.apache.ws.security.WSSecurityException
org.apache.ws.security.WSSecurityException
protected abstract Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException
name
- usernamepassword
- passwordisDigest
- true if a password digest is usednonce
- optional noncecreated
- optional timestamp
SecurityException
protected org.apache.ws.security.WSSecurityEngine getSecurityEngine(boolean utNoCallbacks)
getSecurityEngine
in class WSS4JInInterceptor
|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |