org.apache.ws.security
Class WSSecurityEngine

java.lang.Object
  extended byorg.apache.ws.security.WSSecurityEngine

public class WSSecurityEngine
extends java.lang.Object

WS-Security Engine.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de).

Field Summary
static javax.xml.namespace.QName binaryToken
          wsse:BinarySecurityToken as defined by WS Security specification
static javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_02
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification
static javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_12
          wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX
static javax.xml.namespace.QName ENCRYPTED_DATA
          xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification
static javax.xml.namespace.QName ENCRYPTED_KEY
          xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification
static javax.xml.namespace.QName REFERENCE_LIST
          xenc:ReferenceList as defined by XML Encryption specification,
static javax.xml.namespace.QName SAML_TOKEN
          saml:Assertion as defined by SAML specification
static javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_02
          wsc:SecurityContextToken as defined by WS-SecureConversation specification
static javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_12
          wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX
static javax.xml.namespace.QName SIGNATURE
          ds:Signature as defined by XML Signature specification, enhanced by WS Security specification
static javax.xml.namespace.QName signatureConfirmation
          wsse11:signatureConfirmation as defined by OASIS WS Security specification,
static javax.xml.namespace.QName timeStamp
          wsu:Timestamp as defined by OASIS WS Security specification,
static javax.xml.namespace.QName usernameToken
          wsse:UsernameToken as defined by WS Security specification
static java.lang.String VALUE_TYPE
           
 
Constructor Summary
WSSecurityEngine()
           
 
Method Summary
static WSSecurityEngine getInstance()
          Get a singleton instance of security engine.
 WSSConfig getWssConfig()
           
 java.util.Vector processSecurityHeader(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto crypto)
          Process the security header given the soap envelope as W3C document.
 java.util.Vector processSecurityHeader(org.w3c.dom.Document doc, java.lang.String actor, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the soap envelope as W3C document.
protected  java.util.Vector processSecurityHeader(org.w3c.dom.Element securityHeader, javax.security.auth.callback.CallbackHandler cb, Crypto sigCrypto, Crypto decCrypto)
          Process the security header given the wsse:Security DOM Element.
 WSSConfig setWssConfig(WSSConfig cfg)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VALUE_TYPE

public static final java.lang.String VALUE_TYPE
See Also:
Constant Field Values

binaryToken

public static final javax.xml.namespace.QName binaryToken
wsse:BinarySecurityToken as defined by WS Security specification


usernameToken

public static final javax.xml.namespace.QName usernameToken
wsse:UsernameToken as defined by WS Security specification


timeStamp

public static final javax.xml.namespace.QName timeStamp
wsu:Timestamp as defined by OASIS WS Security specification,


signatureConfirmation

public static final javax.xml.namespace.QName signatureConfirmation
wsse11:signatureConfirmation as defined by OASIS WS Security specification,


SIGNATURE

public static final javax.xml.namespace.QName SIGNATURE
ds:Signature as defined by XML Signature specification, enhanced by WS Security specification


ENCRYPTED_KEY

public static final javax.xml.namespace.QName ENCRYPTED_KEY
xenc:EncryptedKey as defined by XML Encryption specification, enhanced by WS Security specification


ENCRYPTED_DATA

public static final javax.xml.namespace.QName ENCRYPTED_DATA
xenc:EncryptedData as defined by XML Encryption specification, enhanced by WS Security specification


REFERENCE_LIST

public static final javax.xml.namespace.QName REFERENCE_LIST
xenc:ReferenceList as defined by XML Encryption specification,


SAML_TOKEN

public static final javax.xml.namespace.QName SAML_TOKEN
saml:Assertion as defined by SAML specification


DERIVED_KEY_TOKEN_05_02

public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_02
wsc:DerivedKeyToken as defined by WS-SecureConversation specification


SECURITY_CONTEXT_TOKEN_05_02

public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_02
wsc:SecurityContextToken as defined by WS-SecureConversation specification


DERIVED_KEY_TOKEN_05_12

public static final javax.xml.namespace.QName DERIVED_KEY_TOKEN_05_12
wsc:DerivedKeyToken as defined by WS-SecureConversation specification in WS-SX


SECURITY_CONTEXT_TOKEN_05_12

public static final javax.xml.namespace.QName SECURITY_CONTEXT_TOKEN_05_12
wsc:SecurityContextToken as defined by WS-SecureConversation specification in WS-SX

Constructor Detail

WSSecurityEngine

public WSSecurityEngine()
Method Detail

getInstance

public static WSSecurityEngine getInstance()
Get a singleton instance of security engine.

Returns:
ws-security engine.

getWssConfig

public final WSSConfig getWssConfig()
Returns:
the WSSConfig object set on this instance, or the statically defined one, if the instance-level config object is null.

setWssConfig

public final WSSConfig setWssConfig(WSSConfig cfg)
Parameters:
cfg - the WSSConfig instance for this WSSecurityEngine to use
Returns:
the WSSConfig instance previously set on this WSSecurityEngine instance

processSecurityHeader

public java.util.Vector processSecurityHeader(org.w3c.dom.Document doc,
                                              java.lang.String actor,
                                              javax.security.auth.callback.CallbackHandler cb,
                                              Crypto crypto)
                                       throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
crypto - the object that implements the access to the keystore and the handling of certificates.
Returns:
a result vector
Throws:
WSSecurityException
See Also:
processSecurityHeader(Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

public java.util.Vector processSecurityHeader(org.w3c.dom.Document doc,
                                              java.lang.String actor,
                                              javax.security.auth.callback.CallbackHandler cb,
                                              Crypto sigCrypto,
                                              Crypto decCrypto)
                                       throws WSSecurityException
Process the security header given the soap envelope as W3C document.

This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

Parameters:
doc - the SOAP envelope as Document
actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
sigCrypto - the object that implements the access to the keystore and the handling of certificates for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
Returns:
a result vector
Throws:
WSSecurityException
See Also:
processSecurityHeader( Element securityHeader, CallbackHandler cb,Crypto sigCrypto, Crypto decCrypto)

processSecurityHeader

protected java.util.Vector processSecurityHeader(org.w3c.dom.Element securityHeader,
                                                 javax.security.auth.callback.CallbackHandler cb,
                                                 Crypto sigCrypto,
                                                 Crypto decCrypto)
                                          throws WSSecurityException
Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

Currently the functions can handle the following child elements:

Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.

Parameters:
securityHeader - the wsse:Security header element
cb - a callback hander to the caller to resolve passwords during encryption and UsernameTokenhandling
sigCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature
decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
Returns:
a Vector of WSSecurityEngineResult. Each element in the the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector maybe empty if no security processing was performed.
Throws:
WSSecurityException


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.