org.apache.cxf.ws.security.trust

Class STSTokenValidator

java.lang.Object

org.apache.cxf.ws.security.trust.STSTokenValidator

All Implemented Interfaces:

org.apache.wss4j.dom.validate.Validator

public class STSTokenValidator
extends Object
implements org.apache.wss4j.dom.validate.Validator

A WSS4J-based Validator to validate a received WS-Security credential by dispatching it to a STS via WS-Trust. The default binding is "validate", but "issue" is also possible by setting the "useIssueBinding" property. In this case, the credentials are sent via "OnBehalfOf" unless the "useOnBehalfOf" property is set to "false", in which case the credentials are used depending on the security policy of the STS endpoint (e.g. in a UsernameToken if this is what the policy requires). Setting "useOnBehalfOf" to "false" + "useIssueBinding" to "true" only works for validating UsernameTokens.

Constructor Summary

Constructors

Constructor and Description
STSTokenValidator()
STSTokenValidator(boolean alwaysValidateToSts) Construct a new instance.

Method Summary

Modifier and Type	Method and Description
STSClient	getStsClient()
TokenStore	getTokenStore()
boolean	isDisableCaching()
boolean	isUseIssueBinding()
boolean	isUseOnBehalfOf()
protected boolean	isValidatedLocally(org.apache.wss4j.dom.validate.Credential credential, org.apache.wss4j.dom.handler.RequestData data)
void	setDisableCaching(boolean disableCaching)
void	setStsClient(STSClient stsClient)
void	setTokenStore(TokenStore tokenStore)
void	setUseIssueBinding(boolean useIssueBinding)
void	setUseOnBehalfOf(boolean useOnBehalfOf)
org.apache.wss4j.dom.validate.Credential	validate(org.apache.wss4j.dom.validate.Credential credential, org.apache.wss4j.dom.handler.RequestData data)
org.apache.wss4j.dom.validate.Credential	validateWithSTS(org.apache.wss4j.dom.validate.Credential credential, Message message)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

STSTokenValidator

public STSTokenValidator()

STSTokenValidator

public STSTokenValidator(boolean alwaysValidateToSts)

Construct a new instance.

Parameters:

alwaysValidateToSts - whether to always validate the token to the STS

Method Detail

validate

public org.apache.wss4j.dom.validate.Credential validate(org.apache.wss4j.dom.validate.Credential credential,
                                                         org.apache.wss4j.dom.handler.RequestData data)
                                                  throws org.apache.wss4j.common.ext.WSSecurityException

Specified by:

validate in interface org.apache.wss4j.dom.validate.Validator

Throws:

org.apache.wss4j.common.ext.WSSecurityException

validateWithSTS

public org.apache.wss4j.dom.validate.Credential validateWithSTS(org.apache.wss4j.dom.validate.Credential credential,
                                                                Message message)
                                                         throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

isValidatedLocally

protected boolean isValidatedLocally(org.apache.wss4j.dom.validate.Credential credential,
                                     org.apache.wss4j.dom.handler.RequestData data)
                              throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

isUseIssueBinding

public boolean isUseIssueBinding()

setUseIssueBinding

public void setUseIssueBinding(boolean useIssueBinding)

isUseOnBehalfOf

public boolean isUseOnBehalfOf()

setUseOnBehalfOf

public void setUseOnBehalfOf(boolean useOnBehalfOf)

getStsClient

public STSClient getStsClient()

setStsClient

public void setStsClient(STSClient stsClient)

getTokenStore

public TokenStore getTokenStore()

setTokenStore

public void setTokenStore(TokenStore tokenStore)

isDisableCaching

public boolean isDisableCaching()

setDisableCaching

public void setDisableCaching(boolean disableCaching)