|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.sun.xml.wss.impl.SecurityRecipient
public class SecurityRecipient
This class exports a static Security Service for Verifying/Validating Security in an Inbound SOAPMessage. The policy to be applied for Verifying the Message and the SOAPMessage itself are supplied in an instance of a com.sun.xml.wss.ProcessingContext
ProcessingContext| Constructor Summary | |
|---|---|
SecurityRecipient()
|
|
| Method Summary | |
|---|---|
static void |
handleFault(ProcessingContext context)
|
static void |
validateMessage(ProcessingContext context)
Validate security in an Inbound SOAPMessage. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public SecurityRecipient()
| Method Detail |
|---|
public static void validateMessage(ProcessingContext context)
throws XWSSecurityException
Calling code should create com.sun.xml.wss.ProcessingContext object with runtime properties. Specifically, it should set SecurityPolicy, application CallbackHandler Or a SecurityEnvironment and static security policy context. The SecurityPolicy instance can be of the following types:
For cases when policy resolution does not happen accurately because the identification context was not available - for eg. operation name in the message is encrypted - resolution can happen to the enclosing container configuration.
Policy resolution can happen as follows:
(a). Constructed StaticPolicyContext - identifying context associated with configured security policies - is used for look-up of configured MessagePolicy/DynamicSecurityPolicy/WSSPolicy instances
(b). NOTE: Relevant only when the SecurityPolicy is an ApplicationSecurityConfiguration, or the root element of the Security Configuration file that was used to generate the SecurityPolicy is <xwss:JAXRPCSecurity>
In case an identifying context can not be constructed because such context has partly to be inferred from the message (for eg. operation name contained as the element name of SOAPBody), the resolved container configuration is used as follows:
If C = {p1, p2....pn} where pi belongs to collection of MessagePolicies held by the container.
an in-bound message is processed without application of a policy, whence a policy representation of the metadata contained in the security header is constructed as each header element is processed (iteration).
If P be such policy (MessagePolicy) that gets built upon each iteration, C is reduced as follows:
redux (P, C, M)
where M is the SOAPMessage and
redux:
(1). eliminate all pi that are not loosely semantically equivalent where the equivalence is checked as follows:
(a). SignaturePolicy: equivalence of FeatureBinding and KeyBinding excepting target bindings contained in its FeatureBinding
(b). EncryptionPolicy: equivalence of FeatureBinding and KeyBinding excepting target bindings contained in its FeatureBinding
(c). AuthenticationTokenPolicy: equivalence of Feature and Key Bindings
(2). eliminate all pi whose target bindings contained with the FeatureBindings are applicable to the message. Note that all required message parts should be apparent post-processing, therefore, equivalence of target bindings would be checked by comparison of Node sets of SOAPMessage constructed using the inferred and those contained in C.
After every such reduction, an attempt is made to resolve the policy identifier (operation name) that can be used for policy resolution, which should be contained in C and is used further for message processing.
context - an instance of com.sun.xml.wss.ProcessingContext
XWSSecurityException - if there was an unexpected error
while verifying the message. OR if the security in the incoming
message violates the Security policy that was applied to the message.
WssSoapFaultException - when security in the incoming message
is in direct violation of the OASIS WSS specification.
When a WssSoapFaultException is thrown the getFaultCode() method on the WssSoapFaultException
will return a QName which would correspond to the WSS defined fault.public static void handleFault(ProcessingContext context)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||