Apache CXF API

org.apache.cxf.ws.security.wss4j
Class CryptoCoverageChecker

java.lang.Object
  extended by org.apache.cxf.phase.AbstractPhaseInterceptor<SoapMessage>
      extended by org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor
          extended by org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker
All Implemented Interfaces:
SoapInterceptor, Interceptor<SoapMessage>, PhaseInterceptor<SoapMessage>
Direct Known Subclasses:
DefaultCryptoCoverageChecker

public class CryptoCoverageChecker
extends AbstractSoapInterceptor

Utility to enable the checking of WS-Security signature/encryption coverage based on the results of the WSS4J processors. This interceptor provides an alternative to using WS-Policy based configuration for crypto coverage enforcement.

Note that the processor must properly address the Security Token Reference Dereference transform in the case of a signed security token such as a SAML assertion. Consequently, a version of WSS4J that properly addresses this transform must be used with this utility if you wish to check coverage over a message part referenced through the Security Token Reference Dereference transform. See WSS-222 for more details.


Nested Class Summary
static class CryptoCoverageChecker.XPathExpression
          A simple wrapper for an XPath expression and coverage type / scope indicating how the XPath expression should be enforced as a cryptographic coverage requirement.
 
Field Summary
protected  Map<String,String> prefixMap
          Mapping of namespace prefixes to namespace URIs.
protected  List<CryptoCoverageChecker.XPathExpression> xPaths
          The XPath expressions for locating elements in SOAP messages that must be covered.
 
Constructor Summary
CryptoCoverageChecker()
          Creates a new instance.
CryptoCoverageChecker(Map<String,String> prefixes, List<CryptoCoverageChecker.XPathExpression> xPaths)
          Creates a new instance that checks for signature coverage over matches to the provided XPath expressions making defensive copies of provided arguments.
 
Method Summary
 void addPrefixes(Map<String,String> prefixes)
          Adds the mapping of namespace prefixes to namespace URIs, adding to any previously set mappings.
 void addXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)
          Adds the XPath expressions to check for, adding to any previously set expressions.
 void handleMessage(SoapMessage message)
          Checks that the WSS4J results refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
 void setPrefixes(Map<String,String> prefixes)
          Sets the mapping of namespace prefixes to namespace URIs, clearing all previously set mappings.
 void setXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)
          Sets the XPath expressions to check for, clearing all previously set expressions.
 
Methods inherited from class org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor
getFaultCodePrefix, getRoles, getUnderstoodHeaders, prepareStackTrace
 
Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor
addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.cxf.interceptor.Interceptor
handleFault
 

Field Detail

xPaths

protected List<CryptoCoverageChecker.XPathExpression> xPaths
The XPath expressions for locating elements in SOAP messages that must be covered. See prefixMap for namespace prefixes available.


prefixMap

protected Map<String,String> prefixMap
Mapping of namespace prefixes to namespace URIs.

Constructor Detail

CryptoCoverageChecker

public CryptoCoverageChecker()
Creates a new instance. See #setPrefixes() and #setXpaths() for providing configuration options.


CryptoCoverageChecker

public CryptoCoverageChecker(Map<String,String> prefixes,
                             List<CryptoCoverageChecker.XPathExpression> xPaths)
Creates a new instance that checks for signature coverage over matches to the provided XPath expressions making defensive copies of provided arguments.

Parameters:
prefixes - mapping of namespace prefixes to namespace URIs
xPaths - a list of XPath expressions
Method Detail

handleMessage

public void handleMessage(SoapMessage message)
                   throws Fault
Checks that the WSS4J results refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.

Parameters:
message - the SOAP message containing the signature
Throws:
SoapFault - if there is an error evaluating an XPath or an element is not covered by the required cryptographic operation
Fault

setXPaths

public final void setXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)
Sets the XPath expressions to check for, clearing all previously set expressions.

Parameters:
xPaths - the XPath expressions to check for

addXPaths

public final void addXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)
Adds the XPath expressions to check for, adding to any previously set expressions.

Parameters:
xPaths - the XPath expressions to check for

setPrefixes

public final void setPrefixes(Map<String,String> prefixes)
Sets the mapping of namespace prefixes to namespace URIs, clearing all previously set mappings.

Parameters:
prefixes - the mapping of namespace prefixes to namespace URIs

addPrefixes

public final void addPrefixes(Map<String,String> prefixes)
Adds the mapping of namespace prefixes to namespace URIs, adding to any previously set mappings.

Parameters:
prefixes - the mapping of namespace prefixes to namespace URIs

Apache CXF API

Apache CXF