org.apache.ws.security.handler
Class WSHandler

java.lang.Object
  extended byorg.apache.ws.security.handler.WSHandler
Direct Known Subclasses:
WSDoAllHandler, WSS4JHandler

public abstract class WSHandler
extends java.lang.Object

Extracted from WSDoAllReceiver and WSDoAllSender Extended to all passwordless UsernameTokens and configurable identities.

Author:
Davanum Srinivas (dims@yahoo.com)., Werner Dittmann (Werner.Dittmann@t-online.de)., Marcel Ammerlaan (marcel.ammerlaan@gmail.com).

Field Summary
protected static java.util.Hashtable cryptos
           
static java.lang.String DONE
           
protected static WSSecurityEngine secEngine
           
 
Constructor Summary
WSHandler()
           
 
Method Summary
protected  boolean checkReceiverResults(java.util.Vector wsResult, java.util.Vector actions)
           
protected  void checkSignatureConfirmation(RequestData reqData, java.util.Vector wsResult)
           
protected  boolean decodeCustomPasswordTypes(RequestData reqData)
           
protected  void decodeDecryptionParameter(RequestData reqData)
           
protected  boolean decodeEnableSignatureConfirmation(RequestData reqData)
           
protected  void decodeEncryptionParameter(RequestData reqData)
           
protected  boolean decodeMustUnderstand(RequestData reqData)
           
protected  void decodeSignatureParameter(RequestData reqData)
           
protected  void decodeSignatureParameter2(RequestData reqData)
           
protected  boolean decodeTimestampPrecision(RequestData reqData)
           
protected  boolean decodeTimestampStrict(RequestData reqData)
           
 int decodeTimeToLive(RequestData reqData)
           
protected  void decodeUTParameter(RequestData reqData)
           
protected  void doReceiverAction(int doAction, RequestData reqData)
           
protected  void doSenderAction(int doAction, org.w3c.dom.Document doc, RequestData reqData, java.util.Vector actions, boolean isRequest)
          Performs all defined security actions to set-up the SOAP request.
 java.lang.ClassLoader getClassLoader(java.lang.Object msgCtx)
          Returns the classloader to be used for loading the callback class
abstract  java.lang.Object getOption(java.lang.String key)
           
abstract  java.lang.String getPassword(java.lang.Object msgContext)
           
 WSPasswordCallback getPassword(java.lang.String username, int doAction, java.lang.String clsProp, java.lang.String refProp, RequestData reqData)
          Get a password to construct a UsernameToken or sign a message.
protected  javax.security.auth.callback.CallbackHandler getPasswordCB(RequestData reqData)
          Get the password callback class and get an instance

abstract  java.lang.Object getProperty(java.lang.Object msgContext, java.lang.String key)
           
 java.lang.String getString(java.lang.String key, java.lang.Object mc)
          Looks up key first via getOption(String) and if not found there, via getProperty(Object, String)
 java.lang.String getStringOption(java.lang.String key)
          Returns the option on name.
protected  Crypto loadDecryptionCrypto(RequestData reqData)
          Hook to allow subclasses to load their Decryption Crypto however they see fit.
protected  Crypto loadEncryptionCrypto(RequestData reqData)
          Hook to allow subclasses to load their Encryption Crypto however they see fit.
 Crypto loadSignatureCrypto(RequestData reqData)
          Hook to allow subclasses to load their Signature Crypto however they see fit.
abstract  void setPassword(java.lang.Object msgContext, java.lang.String password)
           
abstract  void setProperty(java.lang.Object msgContext, java.lang.String key, java.lang.Object value)
           
protected  boolean verifyTimestamp(Timestamp timestamp, int timeToLive)
          Evaluate whether a timestamp is considered valid on receiverside.
protected  boolean verifyTrust(java.security.cert.X509Certificate cert, RequestData reqData)
          Evaluate whether a given certificate should be trusted.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DONE

public static java.lang.String DONE

secEngine

protected static final WSSecurityEngine secEngine

cryptos

protected static java.util.Hashtable cryptos
Constructor Detail

WSHandler

public WSHandler()
Method Detail

doSenderAction

protected void doSenderAction(int doAction,
                              org.w3c.dom.Document doc,
                              RequestData reqData,
                              java.util.Vector actions,
                              boolean isRequest)
                       throws WSSecurityException
Performs all defined security actions to set-up the SOAP request.

Parameters:
doAction - a set defining the actions to do
doc - the request as DOM document
reqData - a data storage to pass values around between methods
actions - a vector holding the actions to do in the order defined in the deployment file or property
Throws:
WSSecurityException

doReceiverAction

protected void doReceiverAction(int doAction,
                                RequestData reqData)
                         throws WSSecurityException
Throws:
WSSecurityException

checkReceiverResults

protected boolean checkReceiverResults(java.util.Vector wsResult,
                                       java.util.Vector actions)

checkSignatureConfirmation

protected void checkSignatureConfirmation(RequestData reqData,
                                          java.util.Vector wsResult)
                                   throws WSSecurityException
Throws:
WSSecurityException

loadSignatureCrypto

public Crypto loadSignatureCrypto(RequestData reqData)
                           throws WSSecurityException
Hook to allow subclasses to load their Signature Crypto however they see fit.

Throws:
WSSecurityException

loadEncryptionCrypto

protected Crypto loadEncryptionCrypto(RequestData reqData)
                               throws WSSecurityException
Hook to allow subclasses to load their Encryption Crypto however they see fit.

Throws:
WSSecurityException

decodeUTParameter

protected void decodeUTParameter(RequestData reqData)
                          throws WSSecurityException
Throws:
WSSecurityException

decodeSignatureParameter

protected void decodeSignatureParameter(RequestData reqData)
                                 throws WSSecurityException
Throws:
WSSecurityException

decodeEncryptionParameter

protected void decodeEncryptionParameter(RequestData reqData)
                                  throws WSSecurityException
Throws:
WSSecurityException

decodeMustUnderstand

protected boolean decodeMustUnderstand(RequestData reqData)
                                throws WSSecurityException
Throws:
WSSecurityException

decodeTimeToLive

public int decodeTimeToLive(RequestData reqData)

decodeEnableSignatureConfirmation

protected boolean decodeEnableSignatureConfirmation(RequestData reqData)
                                             throws WSSecurityException
Throws:
WSSecurityException

decodeTimestampPrecision

protected boolean decodeTimestampPrecision(RequestData reqData)
                                    throws WSSecurityException
Throws:
WSSecurityException

decodeCustomPasswordTypes

protected boolean decodeCustomPasswordTypes(RequestData reqData)
                                     throws WSSecurityException
Throws:
WSSecurityException

decodeTimestampStrict

protected boolean decodeTimestampStrict(RequestData reqData)
                                 throws WSSecurityException
Throws:
WSSecurityException

getPassword

public WSPasswordCallback getPassword(java.lang.String username,
                                      int doAction,
                                      java.lang.String clsProp,
                                      java.lang.String refProp,
                                      RequestData reqData)
                               throws WSSecurityException
Get a password to construct a UsernameToken or sign a message.

Try all possible sources to get a password.

Throws:
WSSecurityException

loadDecryptionCrypto

protected Crypto loadDecryptionCrypto(RequestData reqData)
                               throws WSSecurityException
Hook to allow subclasses to load their Decryption Crypto however they see fit.

Throws:
WSSecurityException

decodeSignatureParameter2

protected void decodeSignatureParameter2(RequestData reqData)
                                  throws WSSecurityException
Throws:
WSSecurityException

decodeDecryptionParameter

protected void decodeDecryptionParameter(RequestData reqData)
                                  throws WSSecurityException
Throws:
WSSecurityException

getPasswordCB

protected javax.security.auth.callback.CallbackHandler getPasswordCB(RequestData reqData)
                                                              throws WSSecurityException
Get the password callback class and get an instance

Throws:
WSSecurityException

verifyTrust

protected boolean verifyTrust(java.security.cert.X509Certificate cert,
                              RequestData reqData)
                       throws WSSecurityException
Evaluate whether a given certificate should be trusted. Hook to allow subclasses to implement custom validation methods however they see fit.

Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:
cert - the certificate that should be validated against the keystore
Returns:
true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
Throws:
WSSecurityException

verifyTimestamp

protected boolean verifyTimestamp(Timestamp timestamp,
                                  int timeToLive)
                           throws WSSecurityException
Evaluate whether a timestamp is considered valid on receiverside. Hook to allow subclasses to implement custom validation methods however they see fit. Policy used in this implementation: 1. The receiver can set its own time to live (besides from that set on sender side) 2. If the message was created before (now-ttl) the message is rejected

Parameters:
timestamp - the timestamp that is validated
timeToLive - the limit on receiverside, the timestamp is validated against
Returns:
true if the timestamp is before (now-timeToLive), false otherwise
Throws:
WSSecurityException

getString

public java.lang.String getString(java.lang.String key,
                                  java.lang.Object mc)
Looks up key first via getOption(String) and if not found there, via getProperty(Object, String)

Parameters:
key - the key to search for. May not be null.
mc - the message context to search.
Returns:
the value found.
Throws:
java.lang.IllegalArgumentException - if key is null.

getStringOption

public java.lang.String getStringOption(java.lang.String key)
Returns the option on name.

Parameters:
key - the non-null key of the option.
Returns:
the option on key if key exists and is of type java.lang.String; otherwise null.

getClassLoader

public java.lang.ClassLoader getClassLoader(java.lang.Object msgCtx)
Returns the classloader to be used for loading the callback class

Parameters:
msgCtx - The MessageContext
Returns:
class loader

getOption

public abstract java.lang.Object getOption(java.lang.String key)

getProperty

public abstract java.lang.Object getProperty(java.lang.Object msgContext,
                                             java.lang.String key)

setProperty

public abstract void setProperty(java.lang.Object msgContext,
                                 java.lang.String key,
                                 java.lang.Object value)

getPassword

public abstract java.lang.String getPassword(java.lang.Object msgContext)

setPassword

public abstract void setPassword(java.lang.Object msgContext,
                                 java.lang.String password)


Copyright © 2004-2008 The Apache Software Foundation. All Rights Reserved.