org.apache.ws.security

Class WSSecurityEngine

java.lang.Object

org.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine
extends Object

WS-Security Engine.

Author:

Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

Field Summary

Fields

Modifier and Type	Field and Description
static javax.xml.namespace.QName	binaryToken wsse:BinarySecurityToken as defined by WS Security specification
static javax.xml.namespace.QName	DERIVED_KEY_TOKEN_05_02 wsc:DerivedKeyToken as defined by WS-SecureConversation specification
static javax.xml.namespace.QName	DERIVED_KEY_TOKEN_05_12 wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
static javax.xml.namespace.QName	ENCRYPTED_DATA xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification
static javax.xml.namespace.QName	ENCRYPTED_KEY xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
static javax.xml.namespace.QName	REFERENCE_LIST xenc:ReferenceList as defined by XML Encryption specification,
static javax.xml.namespace.QName	SAML_TOKEN saml:Assertion as defined by SAML specification
static javax.xml.namespace.QName	SECURITY_CONTEXT_TOKEN_05_02 wsc:SecurityContextToken as defined by WS-SecureConversation specification
static javax.xml.namespace.QName	SECURITY_CONTEXT_TOKEN_05_12 wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
static javax.xml.namespace.QName	SIGNATURE ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
static javax.xml.namespace.QName	signatureConfirmation wsse11:signatureConfirmation as defined by OASIS WS Security specification,
static javax.xml.namespace.QName	timeStamp wsu:Timestamp as defined by OASIS WS Security specification,
static javax.xml.namespace.QName	usernameToken wsse:UsernameToken as defined by WS Security specification
static String	VALUE_TYPE

Constructor Summary

Constructors

Constructor and Description
WSSecurityEngine()

Method Summary

Methods

Modifier and Type	Method and Description
static WSSecurityEngine	getInstance() Get a singleton instance of security engine.
WSSConfig	getWssConfig()
Vector	processSecurityHeader(org.w3c.dom.Document doc, String actor, javax.security.auth.callback.CallbackHandler cb, Crypto crypto) Process the security header given the soap envelope as W3C document.
Vector	processSecurityHeader(org.w3c.dom.Document doc, String actor, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given the soap envelope as W3C document.
protected Vector	processSecurityHeader(org.w3c.dom.Element securityHeader, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto) Process the security header given the wsse:Security DOM Element.
WSSConfig	setWssConfig(WSSConfig cfg)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VALUE_TYPE

public static final String VALUE_TYPE

See Also:

Constant Field Values

binaryToken

public static final javax.xml.namespace.QName binaryToken

wsse:BinarySecurityToken as defined by WS Security specification

usernameToken

public static final javax.xml.namespace.QName usernameToken

wsse:UsernameToken as defined by WS Security specification

timeStamp

public static final javax.xml.namespace.QName timeStamp

wsu:Timestamp as defined by OASIS WS Security specification,

signatureConfirmation

public static final javax.xml.namespace.QName signatureConfirmation

wsse11:signatureConfirmation as defined by OASIS WS Security specification,

SIGNATURE

public static final javax.xml.namespace.QName SIGNATURE

ds:Signature as defined by XML Signature specification, enhanced by WS Security specification

ENCRYPTED_KEY

public static final javax.xml.namespace.QName ENCRYPTED_KEY

xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification

ENCRYPTED_DATA

public static final javax.xml.namespace.QName ENCRYPTED_DATA

xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification

REFERENCE_LIST

public static final javax.xml.namespace.QName REFERENCE_LIST

xenc:ReferenceList as defined by XML Encryption specification,

SAML_TOKEN

public static final javax.xml.namespace.QName SAML_TOKEN

saml:Assertion as defined by SAML specification

DERIVED_KEY_TOKEN_05_02

public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_02

wsc:DerivedKeyToken as defined by WS-SecureConversation specification

SECURITY_CONTEXT_TOKEN_05_02

public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_02

wsc:SecurityContextToken as defined by WS-SecureConversation specification

DERIVED_KEY_TOKEN_05_12

public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_12

wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX

SECURITY_CONTEXT_TOKEN_05_12

public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_12

wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

Constructor Detail

WSSecurityEngine

public WSSecurityEngine()

Method Detail

getInstance

public static WSSecurityEngine getInstance()

Get a singleton instance of security engine.

Returns:

ws-security engine.

getWssConfig

public final WSSConfig getWssConfig()

Returns:

the WSSConfig object set on this instance, or the statically defined one, if the instance-level config object is null.

setWssConfig

public final WSSConfig setWssConfig(WSSConfig cfg)

Parameters:

cfg - the WSSConfig instance for this WSSecurityEngine to use

Returns:

the WSSConfig instance previously set on this WSSecurityEngine instance

processSecurityHeader

public Vector processSecurityHeader(org.w3c.dom.Document doc,
                           String actor,
                           javax.security.auth.callback.CallbackHandler cb,
                           Crypto crypto)
                             throws WSSecurityException

Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:

doc - the SOAP envelope as Document

actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role

cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling

crypto - the object that implements the access to the keystore and the handling of certificates.

Returns:

a result vector

Throws:

WSSecurityException

See Also:

processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public Vector processSecurityHeader(org.w3c.dom.Document doc,
                           String actor,
                           javax.security.auth.callback.CallbackHandler cb,
                           Crypto sigCrypto,
                           Crypto decCrypto)
                             throws WSSecurityException

Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:

doc - the SOAP envelope as Document

actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role

cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling

sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature

decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption

Returns:

a result vector

Throws:

WSSecurityException

See Also:

processSecurityHeader( Element securityHeader, CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

protected Vector processSecurityHeader(org.w3c.dom.Element securityHeader,
                           javax.security.auth.callback.CallbackHandler cb,
                           Crypto sigCrypto,
                           Crypto decCrypto)
                                throws WSSecurityException

Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

• ds:Signature
• xenc:EncryptedKey
• xenc:ReferenceList
• wsse:UsernameToken
• wsu:Timestamp

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:

securityHeader - the wsse:Security header element

cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling

sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature

decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption

Returns:

a Vector of WSSecurityEngineResult. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed.

Throws:

WSSecurityException