com.sun.xml.ws.security
Interface IssuedTokenContext

All Known Implementing Classes:
IssuedTokenContextImpl

@ManagedData
@Description(value="Information used by Trust and Security enforcement")
public interface IssuedTokenContext

This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation specific security interactions.

This interface represents a Context containing information populated and used by the Trust and the Security Enforcement Layers (for example the proof-token of an Issued token needs to be used by the SecurityEnforcement Layer to secure the message).


Field Summary
static String AUTHN_CONTEXT
           
static String CLAIMED_ATTRUBUTES
           
static String CONFIRMATION_KEY_INFO
           
static String CONFIRMATION_METHOD
           
static String KEY_WRAP_ALGORITHM
           
static String STATUS
           
static String STS_CERTIFICATE
           
static String STS_PRIVATE_KEY
           
static String TARGET_SERVICE_CERTIFICATE
           
static String WS_TRUST_VERSION
           
 
Method Summary
 void destroy()
          Destroy the IssuedTokenContext.
 String getAppliesTo()
           
 Token getAssociatedProofToken()
          get the Proof Token (if any) associated with the SecurityToken, null otherwise
 Token getAttachedSecurityTokenReference()
          If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example.
 String getAuthnContextClass()
           
 String getCanonicalizationAlgorithm()
           
 URI getComputedKeyAlgorithmFromProofToken()
          Return the URI if any inside the RSTR, null otherwise.
 Date getCreationTime()
           
 Key getDecipheredOtherPartyEntropy(Key privKey)
          Get the Entropy if any provided by the other party, null otherwise If the Entropy was specified as an then this method would return the decrypted secret
 String getEncryptionAlgorithm()
           
 String getEncryptWith()
           
 String getEndpointAddress()
          Get the endpoint address
 Date getExpirationTime()
          get the Expiration Time for this Token if any
 String getKeyType()
           
 Object getOtherPartyEntropy()
          Get the Entropy if any provided by the Other Party, null otherwise
 Map<String,Object> getOtherProperties()
           
 byte[] getProofKey()
          get the SecureConversation ProofToken as a byte[] array
 KeyPair getProofKeyPair()
           
 X509Certificate getRequestorCertificate()
          Requestor Certificate(s)
 Subject getRequestorSubject()
           
 String getRequestorUsername()
          Requestor username if any
 SecurityContextTokenInfo getSecurityContextTokenInfo()
          Get the SecurityContextTokenInfo for this Token if any.
 ArrayList<Object> getSecurityPolicy()
          get the SecurityPolicy to be applied for the request or response to which this SecurityContext corresponds to This allows the Client and/or the Service (WSP/STS) to dynamically inject policy to be applied.
 Token getSecurityToken()
          Depending on the policy get the Token to be used in Securing requests and/or responses.
 Object getSelfEntropy()
          Get self Entropy if set, null otherwise
 String getSignatureAlgorithm()
           
 String getSignWith()
           
 Token getTarget()
           
 String getTokenIssuer()
           
 String getTokenType()
           
 Token getUnAttachedSecurityTokenReference()
          If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example.
 void setAppliesTo(String appliesTo)
           
 void setAssociatedProofToken(Token token)
          Set the Proof Token Associated with the SecurityToken
 void setAttachedSecurityTokenReference(Token str)
          If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example
 void setAuthnContextClass(String authType)
           
 void setCanonicalizationAlgorithm(String canonicalizationAlgo)
           
 void setCreationTime(Date date)
          set the creation Time of the IssuedToken
 void setEncryptionAlgorithm(String encAlgo)
           
 void setEncryptWith(String encAlgo)
           
 void setEndpointAddress(String endPointAddress)
          set the endpointaddress
 void setExpirationTime(Date date)
          set the Expiration Time for this Token if any.
 void setKeyType(String keyType)
           
 void setOtherPartyEntropy(Object entropy)
          Set the Entropy information provided by the other Part (if any)
 void setProofKey(byte[] key)
          set the SecureConversation ProofToken as a byte[] array
 void setProofKeyPair(KeyPair keys)
           
 void setRequestorCertificate(X509Certificate cert)
          Append the Requestor Certificate that was used in an incoming message.
 void setRequestorSubject(Subject subject)
           
 void setRequestorUsername(String username)
          set requestor username
 void setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo)
          set the SecurityContextTokenInfo for this Token if any.
 void setSecurityToken(Token tok)
          Depending on the server policy, set the Token to be used in Securing requests and/or responses
 void setSelfEntropy(Object entropy)
          Set self Entropy
 void setSignatureAlgorithm(String sigAlgo)
           
 void setSignWith(String sigAlgo)
           
 void setTarget(Token target)
           
 void setTokenIssuer(String issuer)
           
 void setTokenType(String tokenType)
           
 void setUnAttachedSecurityTokenReference(Token str)
          If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example
 

Field Detail

CLAIMED_ATTRUBUTES

static final String CLAIMED_ATTRUBUTES
See Also:
Constant Field Values

TARGET_SERVICE_CERTIFICATE

static final String TARGET_SERVICE_CERTIFICATE
See Also:
Constant Field Values

STS_CERTIFICATE

static final String STS_CERTIFICATE
See Also:
Constant Field Values

STS_PRIVATE_KEY

static final String STS_PRIVATE_KEY
See Also:
Constant Field Values

WS_TRUST_VERSION

static final String WS_TRUST_VERSION
See Also:
Constant Field Values

CONFIRMATION_METHOD

static final String CONFIRMATION_METHOD
See Also:
Constant Field Values

CONFIRMATION_KEY_INFO

static final String CONFIRMATION_KEY_INFO
See Also:
Constant Field Values

AUTHN_CONTEXT

static final String AUTHN_CONTEXT
See Also:
Constant Field Values

KEY_WRAP_ALGORITHM

static final String KEY_WRAP_ALGORITHM
See Also:
Constant Field Values

STATUS

static final String STATUS
See Also:
Constant Field Values
Method Detail

setTokenIssuer

void setTokenIssuer(String issuer)

getTokenIssuer

@ManagedAttribute
@Description(value="Token issuer")
String getTokenIssuer()

getRequestorCertificate

@ManagedAttribute
@Description(value="Requestor certificate")
X509Certificate getRequestorCertificate()
Requestor Certificate(s)

Returns:
the sender certificate, null otherwise

setRequestorCertificate

void setRequestorCertificate(X509Certificate cert)
Append the Requestor Certificate that was used in an incoming message.


getRequestorUsername

@ManagedAttribute
@Description(value="Requestor username")
String getRequestorUsername()
Requestor username if any

Returns:
the requestor username if provided

setRequestorUsername

void setRequestorUsername(String username)
set requestor username


getRequestorSubject

@ManagedAttribute
@Description(value="Requestor subject")
Subject getRequestorSubject()

setRequestorSubject

void setRequestorSubject(Subject subject)

setTokenType

void setTokenType(String tokenType)

getTokenType

@ManagedAttribute
@Description(value="Token type")
String getTokenType()

setKeyType

void setKeyType(String keyType)

getKeyType

@ManagedAttribute
@Description(value="Key type")
String getKeyType()

setAppliesTo

void setAppliesTo(String appliesTo)

getAppliesTo

@ManagedAttribute
@Description(value="appliesTo value")
String getAppliesTo()

setSecurityToken

void setSecurityToken(Token tok)
Depending on the server policy, set the Token to be used in Securing requests and/or responses


getSecurityToken

@ManagedAttribute
@Description(value="Security token")
Token getSecurityToken()
Depending on the policy get the Token to be used in Securing requests and/or responses. The token returned is to be used only for inserting into the SecurityHeader, if the getAssociatedProofToken is not null, and it should also be used for securing the message if there is no Proof Token associated.


setAssociatedProofToken

void setAssociatedProofToken(Token token)
Set the Proof Token Associated with the SecurityToken

when the SecurityToken is a SecurityContext token (as defined in WS-SecureConversation) and Derived Keys are being used then the Proof Token is the


getAssociatedProofToken

@ManagedAttribute
@Description(value="Proof token")
Token getAssociatedProofToken()
get the Proof Token (if any) associated with the SecurityToken, null otherwise


getAttachedSecurityTokenReference

@ManagedAttribute
@Description(value="Attached security token reference")
Token getAttachedSecurityTokenReference()
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example.

Returns:
STR if set, null otherwise

getUnAttachedSecurityTokenReference

@ManagedAttribute
@Description(value="Unattached security token reference")
Token getUnAttachedSecurityTokenReference()
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example.

Returns:
STR if set, null otherwise

setAttachedSecurityTokenReference

void setAttachedSecurityTokenReference(Token str)
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example


setUnAttachedSecurityTokenReference

void setUnAttachedSecurityTokenReference(Token str)
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as which needs to be inserted into a for example


getSecurityPolicy

ArrayList<Object> getSecurityPolicy()
get the SecurityPolicy to be applied for the request or response to which this SecurityContext corresponds to This allows the Client and/or the Service (WSP/STS) to dynamically inject policy to be applied. For example in the case of SignChallenge when the Initiator (client) has to sign a specific challenge.

Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as a policy and the subsequent requirement to sign the RSTR will also be expressed as a policy

TODO: There is no policy today to insert a specific element to a SOAP Header, we need to extend the policy definitions in XWS-Security.


setOtherPartyEntropy

void setOtherPartyEntropy(Object entropy)
Set the Entropy information provided by the other Part (if any)

WS-Trust allows requestor to provide input to key material in the request. The requestor might do this to satisfy itself as to the degree of entropy(cyrptographic randomness) of atleast some of the material used to generate the actual Key.

For composite Keys Entropy can be set by both parties, the concrete entropy element can be a instance but the argument here is generic to avoid a dependence of the SPI on WS-Trust packages


getDecipheredOtherPartyEntropy

Key getDecipheredOtherPartyEntropy(Key privKey)
                                   throws XWSSecurityException
Get the Entropy if any provided by the other party, null otherwise If the Entropy was specified as an then this method would return the decrypted secret

Throws:
XWSSecurityException

getOtherPartyEntropy

@ManagedAttribute
@Description(value="Other party entropy")
Object getOtherPartyEntropy()
Get the Entropy if any provided by the Other Party, null otherwise


setSelfEntropy

void setSelfEntropy(Object entropy)
Set self Entropy


getSelfEntropy

@ManagedAttribute
@Description(value="Self entropy")
Object getSelfEntropy()
Get self Entropy if set, null otherwise


getComputedKeyAlgorithmFromProofToken

URI getComputedKeyAlgorithmFromProofToken()
Return the URI if any inside the RSTR, null otherwise. The Security Enforcement Layer would compute the Key as P_SHA1(Ent(req), Ent(res))


setProofKey

void setProofKey(byte[] key)
set the SecureConversation ProofToken as a byte[] array


getProofKey

byte[] getProofKey()
get the SecureConversation ProofToken as a byte[] array


setProofKeyPair

void setProofKeyPair(KeyPair keys)

getProofKeyPair

KeyPair getProofKeyPair()

setAuthnContextClass

void setAuthnContextClass(String authType)

getAuthnContextClass

String getAuthnContextClass()

getCreationTime

Date getCreationTime()
Returns:
the creation Time of the IssuedToken

getExpirationTime

Date getExpirationTime()
get the Expiration Time for this Token if any


setCreationTime

void setCreationTime(Date date)
set the creation Time of the IssuedToken


setEndpointAddress

void setEndpointAddress(String endPointAddress)
set the endpointaddress


getEndpointAddress

String getEndpointAddress()
Get the endpoint address


setExpirationTime

void setExpirationTime(Date date)
set the Expiration Time for this Token if any.


getSignatureAlgorithm

String getSignatureAlgorithm()
Returns:
The signature algorithm to use to sign IssuedToken

setSignatureAlgorithm

void setSignatureAlgorithm(String sigAlgo)
Parameters:
sigAlgo - : signature algorithm to use to sign IssuedToken

getEncryptionAlgorithm

String getEncryptionAlgorithm()
Returns:
The encryption algorithm to use to encrypt IssuedToken

setEncryptionAlgorithm

void setEncryptionAlgorithm(String encAlgo)
Parameters:
encAlgo - : The encryption algorithm to use to encrypt IssuedToken

getCanonicalizationAlgorithm

String getCanonicalizationAlgorithm()
Returns:
The canonicalization algorithm to use when signing IssuedToken

setCanonicalizationAlgorithm

void setCanonicalizationAlgorithm(String canonicalizationAlgo)
Parameters:
canonicalizationAlgo - : The canonicalization algorithm to use when signing IssuedToken

getSignWith

String getSignWith()
Returns:
The signature algorithm the client intends to use when using ProofKey to sign the application message

setSignWith

void setSignWith(String sigAlgo)
Parameters:
sigAlgo - : The signature algorithm the client intends to use when using ProofKey to sign the application message

getEncryptWith

String getEncryptWith()
Returns:
The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

setEncryptWith

void setEncryptWith(String encAlgo)
Parameters:
encAlgo - The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

getSecurityContextTokenInfo

SecurityContextTokenInfo getSecurityContextTokenInfo()
Get the SecurityContextTokenInfo for this Token if any.


setTarget

void setTarget(Token target)

getTarget

Token getTarget()

setSecurityContextTokenInfo

void setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo)
set the SecurityContextTokenInfo for this Token if any.


destroy

void destroy()
Destroy the IssuedTokenContext.


getOtherProperties

Map<String,Object> getOtherProperties()


Copyright © 2005-2015 Oracle Corporation. All Rights Reserved.