|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface SecurityEnvironment
The SecurityEnvironment interface links the XWS-Security runtime with the environment/container in which it is running. The SecurityEnvironment interface is invoked by the XWS-Security runtime to perform tasks such as retrieving keys, validating tokens etc.
When using the XWS-Security configuration files with <xwss:JAXRPCSecurity> as the root element, a default implementation of this interface wraps the supplied CallbackHandler. The default implemenation of this interface bundled with XWS-Security invokes the CallbackHandler to implement the methods of this interface.
This interface facilitates usage of XWS-Security in environments which do not necessarily have a natural mapping to the XWS-Security defined callbacks.
There is generally a single SecurityEnvironment instance per-application, which is initialized at application startup.
Note: This interface is evolving and is subject to change in a later release
| Method Summary | |
|---|---|
String |
authenticateUser(Map context,
String username)
Authenticate the user given the username and context. |
boolean |
authenticateUser(Map context,
String username,
String password)
Authenticate the user against a list of known username-password pairs. |
boolean |
authenticateUser(Map context,
String username,
String passwordDigest,
String nonce,
String created)
Authenticate the user given the password digest. |
KerberosContext |
doKerberosLogin()
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc |
KerberosContext |
doKerberosLogin(byte[] tokenValue)
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc |
CallbackHandler |
getCallbackHandler()
|
X509Certificate |
getCertificate(Map context,
BigInteger serialNumber,
String issuerName)
|
X509Certificate |
getCertificate(Map context,
byte[] keyIdentifier)
|
X509Certificate |
getCertificate(Map context,
byte[] identifier,
String valueType)
|
X509Certificate |
getCertificate(Map context,
PublicKey publicKey,
boolean forSign)
|
X509Certificate |
getCertificate(Map context,
String alias,
boolean forSigning)
|
X509Certificate |
getDefaultCertificate(Map context)
Retrieves a reasonable default value for the current user's X509Certificate if one exists. |
String |
getPassword(Map context)
|
PrivateKey |
getPrivateKey(Map context,
BigInteger serialNumber,
String issuerName)
|
PrivateKey |
getPrivateKey(Map context,
byte[] keyIdentifier)
|
PrivateKey |
getPrivateKey(Map context,
byte[] keyIdentifier,
String valueType)
|
PrivateKey |
getPrivateKey(Map context,
PublicKey publicKey,
boolean forSign)
|
PrivateKey |
getPrivateKey(Map context,
String alias)
|
PrivateKey |
getPrivateKey(Map context,
X509Certificate cert)
|
PublicKey |
getPublicKey(Map context,
BigInteger serialNumber,
String issuerName)
|
PublicKey |
getPublicKey(Map context,
byte[] keyIdentifier)
|
PublicKey |
getPublicKey(Map context,
byte[] keyIdentifier,
String valueType)
|
SecretKey |
getSecretKey(Map context,
String alias,
boolean encryptMode)
|
Subject |
getSubject()
|
String |
getUsername(Map context)
|
boolean |
isSelfCertificate(X509Certificate cert)
|
Element |
locateSAMLAssertion(Map context,
Element binding,
String assertionId,
Document ownerDoc)
Locate and return a SAML Assertion, given the Authority binding and assertionId |
AuthenticationTokenPolicy.SAMLAssertionBinding |
populateSAMLPolicy(Map fpcontext,
AuthenticationTokenPolicy.SAMLAssertionBinding policy,
DynamicApplicationContext context)
Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information. |
void |
updateOtherPartySubject(Subject subject,
Assertion assertion)
Update the public credentials of the subject of the party whose Assertion is given. |
void |
updateOtherPartySubject(Subject subject,
GSSName clientCred,
GSSCredential gssCred)
Update the principal/credentials of the requesting party subject |
void |
updateOtherPartySubject(Subject subject,
String username,
String password)
Update the public/private credentials of the subject of the party whose username password pair is given. |
void |
updateOtherPartySubject(Subject subject,
Subject bootStrapSubject)
Update the principal/credentials of the requesting party subject |
void |
updateOtherPartySubject(Subject subject,
X509Certificate cert)
Update the public credentials of the subject of the party whose certificate is given. |
void |
updateOtherPartySubject(Subject subject,
XMLStreamReader assertion)
Update the public credentials of the subject of the party whose Assertion is given. |
boolean |
validateAndCacheNonce(Map context,
String nonce,
String created,
long maxNonceAge)
Validate the given nonce. |
boolean |
validateCertificate(X509Certificate cert,
Map context)
Validate an X509Certificate. |
void |
validateCreationTime(Map context,
String creationTime,
long maxClockSkew,
long timestampFreshnessLimit)
Validate the creation time. |
void |
validateSAMLAssertion(Map context,
Element assertion)
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. |
void |
validateSAMLAssertion(Map context,
XMLStreamReader assertion)
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. |
void |
validateTimestamp(Map context,
String created,
String expires,
long maxClockSkew,
long freshnessLimit)
|
void |
validateTimestamp(Map context,
Timestamp timestamp,
long maxClockSkew,
long freshnessLimit)
Validate the creation time. |
| Method Detail |
|---|
X509Certificate getDefaultCertificate(Map context)
throws XWSSecurityException
context - a Map of application and integration-layer specific properties
XWSSecurityException
X509Certificate getCertificate(Map context,
String alias,
boolean forSigning)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesalias - the alias for identifying the certificateforSigning - whether this request is for a Sign operation or Encrypt
XWSSecurityException - if there was an error while trying to locate the Cerificate
SecretKey getSecretKey(Map context,
String alias,
boolean encryptMode)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesalias - the alias for identifying the SecretKeyencryptMode - whether this request is for an Encrypt or Decrypt operation
XWSSecurityException - if there was an error while trying to locate the SecretKey
PrivateKey getPrivateKey(Map context,
String alias)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesalias - the alias for identifying the PrivateKey
XWSSecurityException - if there was an error while trying to locate the PrivateKey
PublicKey getPublicKey(Map context,
byte[] keyIdentifier)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertieskeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the PublicKey
PublicKey getPublicKey(Map context,
byte[] keyIdentifier,
String valueType)
throws XWSSecurityException
XWSSecurityException
X509Certificate getCertificate(Map context,
byte[] keyIdentifier)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertieskeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the X509Certificate
X509Certificate getCertificate(Map context,
byte[] identifier,
String valueType)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesidentifier - an Opaque identifier indicating the X509 certificate.valueType -
XWSSecurityException - if there was an error while trying to locate the X509Certificate
PrivateKey getPrivateKey(Map context,
X509Certificate cert)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiescert - the X509Certificate
XWSSecurityException - if there was an error while trying to locate the PrivateKey
PrivateKey getPrivateKey(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the PrivateKey
X509Certificate getCertificate(Map context,
PublicKey publicKey,
boolean forSign)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiespublicKey - the publicKeyforSign - set to true if the public key is to be used for SignatureVerification
XWSSecurityException - if there was an error while trying to locate the PublicKey
PrivateKey getPrivateKey(Map context,
byte[] keyIdentifier)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertieskeyIdentifier - an Opaque identifier indicating
the X509 certificate.
XWSSecurityException - if there was an error while trying to locate the PrivateKey
PrivateKey getPrivateKey(Map context,
byte[] keyIdentifier,
String valueType)
throws XWSSecurityException
XWSSecurityException
PrivateKey getPrivateKey(Map context,
PublicKey publicKey,
boolean forSign)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiespublicKey - the publicKeyforSign - set to true if the purpose is Signature
XWSSecurityException - if there was an error while trying to locate the PrivateKey
PublicKey getPublicKey(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the PublicKey
X509Certificate getCertificate(Map context,
BigInteger serialNumber,
String issuerName)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesserialNumber - the serialNumber of the certificateissuerName - the issuerName of the certificate
XWSSecurityException - if there was an error while trying to locate the X509Certificate
boolean authenticateUser(Map context,
String username,
String password)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesusername - the usernamepassword - the password
XWSSecurityException - if there was an error while trying to authenticate the username
boolean authenticateUser(Map context,
String username,
String passwordDigest,
String nonce,
String created)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesusername - the usernamepasswordDigest - the digested passwordnonce - the nonce which was part of the digestcreated - the creation time which was part of the digest
XWSSecurityException - if there was an error while trying to authenticate the username
String authenticateUser(Map context,
String username)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesusername - the username
XWSSecurityException - if there was an error while trying to authenticate the usernameSubject getSubject()
void validateCreationTime(Map context,
String creationTime,
long maxClockSkew,
long timestampFreshnessLimit)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiescreationTime - the creation-time valuemaxClockSkew - (in milliseconds) the maximum clockskewtimestampFreshnessLimit - (in milliseconds) the limit for which timestamps
are considered fresh
XWSSecurityException - if there was an error while trying to validate the creationTime
boolean validateCertificate(X509Certificate cert,
Map context)
throws XWSSecurityException
cert - the X509Certificate to be validatedcert - the X509Certificate to be validatedcontext - Map of application and integration-layer specific properties
XWSSecurityException - if there is some problem during validation.
public boolean validateCertificate(X509Certificate cert)
throws XWSSecurityException;
/
/**
Validate an X509Certificate.
XWSSecurityException - if there is some problem during validation.
void updateOtherPartySubject(Subject subject,
String username,
String password)
subject - the Subject of the requesting partyusername - the username of the requesting partypassword - the password of the requesting party
void updateOtherPartySubject(Subject subject,
X509Certificate cert)
subject - the Subject of the requesting partycert - the X509Certificate of the requesting party
void updateOtherPartySubject(Subject subject,
Assertion assertion)
subject - the Subject of the requesting partyassertion - the SAML Assertion of the requesting party
void updateOtherPartySubject(Subject subject,
XMLStreamReader assertion)
subject - the Subject of the requesting partyassertion - the SAML Assertion of the requesting party
void updateOtherPartySubject(Subject subject,
Subject bootStrapSubject)
subject - the Subject of the requesting partybootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party
void validateSAMLAssertion(Map context,
Element assertion)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesassertion - the Assertion to be validated
XWSSecurityException - if there was an error while validating the SAML Assertion
void validateSAMLAssertion(Map context,
XMLStreamReader assertion)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesassertion - the Assertion to be validated
XWSSecurityException - if there was an error while validating the SAML Assertion
Element locateSAMLAssertion(Map context,
Element binding,
String assertionId,
Document ownerDoc)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiesbinding - an org.w3c.dom.Element representing the SAML AuthorityBindingassertionId - the Assertion ID of the SAML AssertionownerDoc - the owner document into which the returned SAML Assertion should be imported to
XWSSecurityException - if there was an error while trying to locate the SAML Assertion
AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext,
AuthenticationTokenPolicy.SAMLAssertionBinding policy,
DynamicApplicationContext context)
throws XWSSecurityException
fpcontext - a Map of application and integration-layer specific propertiespolicy - the SAML Assertion Policy to be populatedcontext - the DynamicApplicationContext
XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy
String getUsername(Map context)
throws XWSSecurityException
context - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying obtain the username
String getPassword(Map context)
throws XWSSecurityException
context - a Map of application and integration-layer specific properties
XWSSecurityException - if there was an error while trying obtain the password
void validateTimestamp(Map context,
Timestamp timestamp,
long maxClockSkew,
long freshnessLimit)
throws XWSSecurityException
context - a Map of application and integration-layer specific propertiestimestamp - the Timestamp elementmaxClockSkew - (in milliseconds) the maximum clockskewfreshnessLimit - (in milliseconds) the limit for which timestamps
are considered fresh
XWSSecurityException - if there was an error while trying validate the Timestamp
void validateTimestamp(Map context,
String created,
String expires,
long maxClockSkew,
long freshnessLimit)
throws XWSSecurityException
XWSSecurityException
CallbackHandler getCallbackHandler()
throws XWSSecurityException
XWSSecurityException - if there was an error while trying retrieve the CallbackHandler
boolean validateAndCacheNonce(Map context,
String nonce,
String created,
long maxNonceAge)
throws XWSSecurityException
context - a context containing runtime propertiesnonce - the encoded nonce valuecreated - the creation time valuemaxNonceAge - the time in milliseconds for which this nonce
will be stored on the receiver.
XWSSecurityException - if there was an error while trying to validate the Nonceboolean isSelfCertificate(X509Certificate cert)
KerberosContext doKerberosLogin()
throws XWSSecurityException
XWSSecurityException
KerberosContext doKerberosLogin(byte[] tokenValue)
throws XWSSecurityException
XWSSecurityException
void updateOtherPartySubject(Subject subject,
GSSName clientCred,
GSSCredential gssCred)
subject - the Subject of the requesting partyclientCred - the GSSName of the requesting party
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||