Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.ws.security.wss4j
Class WSS4JInInterceptor

java.lang.Object
  extended by org.apache.ws.security.handler.WSHandler
      extended by org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
          extended by org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
All Implemented Interfaces:
org.apache.cxf.binding.soap.interceptor.SoapInterceptor, org.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>
Direct Known Subclasses:
AbstractUsernameTokenAuthenticatingInterceptor, PolicyBasedWSS4JInInterceptor
public class WSS4JInInterceptor
extends AbstractWSS4JInterceptor

Performs WS-Security inbound actions.

Field Summary
static String PRINCIPAL_RESULT
           
static String PROCESSOR_MAP
           
static String SAML_ROLE_ATTRIBUTENAME_DEFAULT
          This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
static String SECURITY_PROCESSED
           
static String SIGNATURE_RESULT
           
static String TIMESTAMP_RESULT
           
static String VALIDATOR_MAP
           
 
Fields inherited from class org.apache.ws.security.handler.WSHandler
cryptos, secEngine
 
Constructor Summary
WSS4JInInterceptor()
           
WSS4JInInterceptor(boolean ignore)
           
WSS4JInInterceptor(Map<String,Object> properties)
           
 
Method Summary
protected  void advanceBody(org.apache.cxf.binding.soap.SoapMessage msg, Node body)
           
protected  void computeAction(org.apache.cxf.binding.soap.SoapMessage msg, org.apache.ws.security.handler.RequestData reqData)
          Do whatever is necessary to determine the action for the incoming message and do whatever other setup work is necessary.
protected  void configureReplayCaches(org.apache.ws.security.handler.RequestData reqData, int doAction, org.apache.cxf.binding.soap.SoapMessage msg)
           
protected  org.apache.cxf.security.SecurityContext createSecurityContext(Principal p)
           
protected  org.apache.cxf.interceptor.security.SAMLSecurityContext createSecurityContext(Principal p, List<String> roles)
           
protected  org.apache.cxf.security.SecurityContext createSecurityContext(org.apache.cxf.binding.soap.SoapMessage msg, Subject subject, Principal p, boolean useJAASSubject, org.apache.ws.security.WSSecurityEngineResult wsResult, boolean utWithCallbacks)
           
protected static org.apache.ws.security.WSSecurityEngine createSecurityEngine(Map<QName,Object> map)
           
protected  void doResults(org.apache.cxf.binding.soap.SoapMessage msg, String actor, Element soapHeader, Element soapBody, List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
           
protected  void doResults(org.apache.cxf.binding.soap.SoapMessage msg, String actor, Element soapHeader, Element soapBody, List<org.apache.ws.security.WSSecurityEngineResult> wsResult, boolean utWithCallbacks)
           
 Collection<org.apache.cxf.phase.PhaseInterceptor<? extends org.apache.cxf.message.Message>> getAdditionalInterceptors()
           
protected  CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData, int doAction)
           
protected  CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData, int doAction, boolean utWithCallbacks)
           
 Object getProperty(Object msgContext, String key)
           
protected  org.apache.ws.security.cache.ReplayCache getReplayCache(org.apache.cxf.binding.soap.SoapMessage message, String booleanKey, String instanceKey)
          Get a ReplayCache instance.
protected  org.apache.ws.security.WSSecurityEngine getSecurityEngine(boolean utWithCallbacks)
           
 void handleMessage(org.apache.cxf.binding.soap.SoapMessage msg)
           
 boolean isGET(org.apache.cxf.binding.soap.SoapMessage message)
           
protected  boolean isNonceCacheRequired(int doAction, org.apache.cxf.binding.soap.SoapMessage msg)
          Is a Nonce Cache required, i.e.
protected  boolean isSamlCacheRequired(int doAction, org.apache.cxf.binding.soap.SoapMessage msg)
          Is a SAML Cache required, i.e.
protected  boolean isTimestampCacheRequired(int doAction, org.apache.cxf.binding.soap.SoapMessage msg)
          Is a Timestamp cache required, i.e.
protected  void setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message, org.apache.ws.security.handler.RequestData data)
          Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the algorithms that are allowed for encryption, signature, etc.
 void setIgnoreActions(boolean i)
           
 
Methods inherited from class org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
getAfter, getBefore, getId, getOption, getPassword, getPhase, getProperties, getRoles, getUnderstoodHeaders, handleFault, isRequestor, loadCryptoFromPropertiesFile, postHandleMessage, setAfter, setBefore, setId, setPassword, setPhase, setProperties, setProperty, setProperty, translateProperties
 
Methods inherited from class org.apache.ws.security.handler.WSHandler
checkReceiverResults, checkReceiverResultsAnyOrder, checkSignatureConfirmation, decodeAlgorithmSuite, decodeAllowUsernameTokenNoPassword, decodeBooleanConfigValue, decodeBSPCompliance, decodeCustomPasswordTypes, decodeDecryptionParameter, decodeEnableSignatureConfirmation, decodeEncryptionParameter, decodeFutureTimeToLive, decodeMustUnderstand, decodeNamespaceQualifiedPasswordTypes, decodePasswordType, decodePasswordTypeStrict, decodeRequireSignedEncryptedDataElements, decodeSignatureParameter, decodeSignatureParameter2, decodeTimestampPrecision, decodeTimestampStrict, decodeTimeToLive, decodeUseEncodedPasswords, decodeUseSingleCertificate, decodeUTParameter, doReceiverAction, doSenderAction, getCallbackHandler, getClassLoader, getPasswordCallbackHandler, getPasswordCB, getString, getStringOption, loadCrypto, loadDecryptionCrypto, loadEncryptionCrypto, loadSignatureCrypto
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SAML_ROLE_ATTRIBUTENAME_DEFAULT

public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT
This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

See Also:
Constant Field Values

TIMESTAMP_RESULT

public static final String TIMESTAMP_RESULT
See Also:
Constant Field Values

SIGNATURE_RESULT

public static final String SIGNATURE_RESULT
See Also:
Constant Field Values

PRINCIPAL_RESULT

public static final String PRINCIPAL_RESULT
See Also:
Constant Field Values

PROCESSOR_MAP

public static final String PROCESSOR_MAP
See Also:
Constant Field Values

VALIDATOR_MAP

public static final String VALIDATOR_MAP
See Also:
Constant Field Values

SECURITY_PROCESSED

public static final String SECURITY_PROCESSED
Constructor Detail

WSS4JInInterceptor

public WSS4JInInterceptor()

WSS4JInInterceptor

public WSS4JInInterceptor(boolean ignore)

WSS4JInInterceptor

public WSS4JInInterceptor(Map<String,Object> properties)
Method Detail

getAdditionalInterceptors

public Collection<org.apache.cxf.phase.PhaseInterceptor<? extends org.apache.cxf.message.Message>> getAdditionalInterceptors()
Specified by:
getAdditionalInterceptors in interface org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>
Overrides:
getAdditionalInterceptors in class AbstractWSS4JInterceptor

setIgnoreActions

public void setIgnoreActions(boolean i)

getProperty

public Object getProperty(Object msgContext,
                          String key)
Overrides:
getProperty in class AbstractWSS4JInterceptor

isGET

public final boolean isGET(org.apache.cxf.binding.soap.SoapMessage message)

handleMessage

public void handleMessage(org.apache.cxf.binding.soap.SoapMessage msg)
                   throws org.apache.cxf.interceptor.Fault
Throws:
org.apache.cxf.interceptor.Fault

computeAction

protected void computeAction(org.apache.cxf.binding.soap.SoapMessage msg,
                             org.apache.ws.security.handler.RequestData reqData)
                      throws org.apache.ws.security.WSSecurityException
Do whatever is necessary to determine the action for the incoming message and do whatever other setup work is necessary.

Parameters:
msg -
reqData -
Throws:
org.apache.ws.security.WSSecurityException

configureReplayCaches

protected void configureReplayCaches(org.apache.ws.security.handler.RequestData reqData,
                                     int doAction,
                                     org.apache.cxf.binding.soap.SoapMessage msg)
                              throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

isNonceCacheRequired

protected boolean isNonceCacheRequired(int doAction,
                                       org.apache.cxf.binding.soap.SoapMessage msg)
Is a Nonce Cache required, i.e. are we expecting a UsernameToken

isTimestampCacheRequired

protected boolean isTimestampCacheRequired(int doAction,
                                           org.apache.cxf.binding.soap.SoapMessage msg)
Is a Timestamp cache required, i.e. are we expecting a Timestamp

isSamlCacheRequired

protected boolean isSamlCacheRequired(int doAction,
                                      org.apache.cxf.binding.soap.SoapMessage msg)
Is a SAML Cache required, i.e. are we expecting a SAML Token

setAlgorithmSuites

protected void setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message,
                                  org.apache.ws.security.handler.RequestData data)
                           throws org.apache.ws.security.WSSecurityException
Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the algorithms that are allowed for encryption, signature, etc.

Throws:
org.apache.ws.security.WSSecurityException

doResults

protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg,
                         String actor,
                         Element soapHeader,
                         Element soapBody,
                         List<org.apache.ws.security.WSSecurityEngineResult> wsResult)
                  throws SOAPException,
                         XMLStreamException,
                         org.apache.ws.security.WSSecurityException
Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException

doResults

protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg,
                         String actor,
                         Element soapHeader,
                         Element soapBody,
                         List<org.apache.ws.security.WSSecurityEngineResult> wsResult,
                         boolean utWithCallbacks)
                  throws SOAPException,
                         XMLStreamException,
                         org.apache.ws.security.WSSecurityException
Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException

createSecurityContext

protected org.apache.cxf.security.SecurityContext createSecurityContext(org.apache.cxf.binding.soap.SoapMessage msg,
                                                                        Subject subject,
                                                                        Principal p,
                                                                        boolean useJAASSubject,
                                                                        org.apache.ws.security.WSSecurityEngineResult wsResult,
                                                                        boolean utWithCallbacks)

advanceBody

protected void advanceBody(org.apache.cxf.binding.soap.SoapMessage msg,
                           Node body)
                    throws SOAPException,
                           XMLStreamException,
                           org.apache.ws.security.WSSecurityException
Throws:
SOAPException
XMLStreamException
org.apache.ws.security.WSSecurityException

createSecurityContext

protected org.apache.cxf.security.SecurityContext createSecurityContext(Principal p)

createSecurityContext

protected org.apache.cxf.interceptor.security.SAMLSecurityContext createSecurityContext(Principal p,
                                                                                        List<String> roles)

getCallback

protected CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData,
                                      int doAction,
                                      boolean utWithCallbacks)
                               throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getCallback

protected CallbackHandler getCallback(org.apache.ws.security.handler.RequestData reqData,
                                      int doAction)
                               throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getSecurityEngine

protected org.apache.ws.security.WSSecurityEngine getSecurityEngine(boolean utWithCallbacks)
Returns:
the WSSecurityEngine in use by this interceptor. This engine is defined to be the secEngineOverride instance, if defined in this class (and supplied through construction); otherwise, it is taken to be the default WSSecEngine instance (currently defined in the WSHandler base class).

createSecurityEngine

protected static org.apache.ws.security.WSSecurityEngine createSecurityEngine(Map<QName,Object> map)
Returns:
a freshly minted WSSecurityEngine instance, using the (non-null) processor map, to be used to initialize the WSSecurityEngine instance.

getReplayCache

protected org.apache.ws.security.cache.ReplayCache getReplayCache(org.apache.cxf.binding.soap.SoapMessage message,
                                                                  String booleanKey,
                                                                  String instanceKey)
Get a ReplayCache instance. It first checks to see whether caching has been explicitly enabled or disabled via the booleanKey argument. If it has been set to false then no replay caching is done (for this booleanKey). If it has not been specified, then caching is enabled only if we are not the initiator of the exchange. If it has been specified, then caching is enabled. It tries to get an instance of ReplayCache via the instanceKey argument from a contextual property, and failing that the message exchange. If it can't find any, then it defaults to using an EH-Cache instance and stores that on the message exchange.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Apache CXF