Package org.apache.cxf.ws.security.wss4j

Class WSS4JInInterceptor

java.lang.Object
org.apache.wss4j.dom.handler.WSHandler
org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
All Implemented Interfaces:
org.apache.cxf.binding.soap.interceptor.SoapInterceptor, org.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>
Direct Known Subclasses:
AbstractUsernameTokenAuthenticatingInterceptor, PolicyBasedWSS4JInInterceptor
public class WSS4JInInterceptor extends AbstractWSS4JInterceptor
Performs WS-Security inbound actions.

  • Field Details

    • SAML_ROLE_ATTRIBUTENAME_DEFAULT

      public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT
      This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
      See Also:

    • PROCESSOR_MAP

      public static final String PROCESSOR_MAP
      See Also:

    • VALIDATOR_MAP

      public static final String VALIDATOR_MAP
      See Also:

    • SECURITY_PROCESSED

      public static final String SECURITY_PROCESSED

  • Constructor Details

    • WSS4JInInterceptor

      public WSS4JInInterceptor()

    • WSS4JInInterceptor

      public WSS4JInInterceptor(boolean ignore)

    • WSS4JInInterceptor

      public WSS4JInInterceptor(Map<String,Object> properties)

  • Method Details

    • setIgnoreActions

      public void setIgnoreActions(boolean i)
      Setting this value to true means that WSS4J does not compare the "actions" that were processed against the list of actions that were configured. It also means that CXF/WSS4J does not throw an error if no actions were specified. Setting this to true could be a potential security risk, as there is then no guarantee that the message contains the desired security token.

    • getProperty

      public Object getProperty(Object msgContext, String key)
      Overrides:
      getProperty in class AbstractWSS4JInterceptor

    • isGET

      public final boolean isGET(org.apache.cxf.binding.soap.SoapMessage message)

    • handleMessage

      public void handleMessage(org.apache.cxf.binding.soap.SoapMessage msg) throws org.apache.cxf.interceptor.Fault
      Throws:
      org.apache.cxf.interceptor.Fault

    • checkActions

      protected void checkActions(org.apache.cxf.binding.soap.SoapMessage msg, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> wsResult, List<Integer> actions) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • computeAction

      protected void computeAction(org.apache.cxf.binding.soap.SoapMessage msg, org.apache.wss4j.dom.handler.RequestData reqData) throws org.apache.wss4j.common.ext.WSSecurityException
      Do whatever is necessary to determine the action for the incoming message and do whatever other setup work is necessary.
      Parameters:
      msg -
      reqData -
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • configureReplayCaches

      protected void configureReplayCaches(org.apache.wss4j.dom.handler.RequestData reqData, List<Integer> actions, org.apache.cxf.binding.soap.SoapMessage msg) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • isNonceCacheRequired

      protected boolean isNonceCacheRequired(List<Integer> actions, org.apache.cxf.binding.soap.SoapMessage msg)
      Is a Nonce Cache required, i.e. are we expecting a UsernameToken

    • isTimestampCacheRequired

      protected boolean isTimestampCacheRequired(List<Integer> actions, org.apache.cxf.binding.soap.SoapMessage msg)
      Is a Timestamp cache required, i.e. are we expecting a Timestamp

    • isSamlCacheRequired

      protected boolean isSamlCacheRequired(List<Integer> actions, org.apache.cxf.binding.soap.SoapMessage msg)
      Is a SAML Cache required, i.e. are we expecting a SAML Token

    • setAlgorithmSuites

      protected void setAlgorithmSuites(org.apache.cxf.binding.soap.SoapMessage message, org.apache.wss4j.dom.handler.RequestData data) throws org.apache.wss4j.common.ext.WSSecurityException
      Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the algorithms that are allowed for encryption, signature, etc.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • doResults

      protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg, String actor, Element soapHeader, Element soapBody, org.apache.wss4j.dom.handler.WSHandlerResult wsResult, boolean utWithCallbacks) throws jakarta.xml.soap.SOAPException, XMLStreamException, org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      jakarta.xml.soap.SOAPException
      XMLStreamException
      org.apache.wss4j.common.ext.WSSecurityException

    • advanceBody

      protected void advanceBody(org.apache.cxf.binding.soap.SoapMessage msg, Node body) throws jakarta.xml.soap.SOAPException, XMLStreamException, org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      jakarta.xml.soap.SOAPException
      XMLStreamException
      org.apache.wss4j.common.ext.WSSecurityException

    • getCallback

      protected CallbackHandler getCallback(org.apache.wss4j.dom.handler.RequestData reqData, boolean utWithCallbacks) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • getCallback

      protected CallbackHandler getCallback(org.apache.wss4j.dom.handler.RequestData reqData) throws org.apache.wss4j.common.ext.WSSecurityException, TokenStoreException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException
      TokenStoreException

    • getSecurityEngine

      protected org.apache.wss4j.dom.engine.WSSecurityEngine getSecurityEngine(boolean utWithCallbacks)
      Returns:
      the WSSecurityEngine in use by this interceptor.

    • getReplayCache

      protected org.apache.wss4j.common.cache.ReplayCache getReplayCache(org.apache.cxf.binding.soap.SoapMessage message, String booleanKey, String instanceKey) throws org.apache.wss4j.common.ext.WSSecurityException
      Get a ReplayCache instance. It first checks to see whether caching has been explicitly enabled or disabled via the booleanKey argument. If it has been set to false then no replay caching is done (for this booleanKey). If it has not been specified, then caching is enabled only if we are not the initiator of the exchange. If it has been specified, then caching is enabled. It tries to get an instance of ReplayCache via the instanceKey argument from a contextual property, and failing that the message exchange. If it can't find any, then it defaults to using an EH-Cache instance and stores that on the message exchange.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException