|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
@ManagedData @Description(value="Information used by Trust and Security enforcement") public interface IssuedTokenContext
This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation specific security interactions.
This interface represents a Context containing information populated and used by the Trust and the Security Enforcement Layers (for example the proof-token of an Issued token needs to be used by the SecurityEnforcement Layer to secure the message).
| Field Summary | |
|---|---|
static String |
AUTHN_CONTEXT
|
static String |
CLAIMED_ATTRUBUTES
|
static String |
CONFIRMATION_KEY_INFO
|
static String |
CONFIRMATION_METHOD
|
static String |
KEY_WRAP_ALGORITHM
|
static String |
STATUS
|
static String |
STS_CERTIFICATE
|
static String |
STS_PRIVATE_KEY
|
static String |
TARGET_SERVICE_CERTIFICATE
|
static String |
WS_TRUST_VERSION
|
| Method Summary | |
|---|---|
void |
destroy()
Destroy the IssuedTokenContext. |
String |
getAppliesTo()
|
Token |
getAssociatedProofToken()
get the Proof Token (if any) associated with the SecurityToken, null otherwise |
Token |
getAttachedSecurityTokenReference()
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as |
String |
getAuthnContextClass()
|
String |
getCanonicalizationAlgorithm()
|
URI |
getComputedKeyAlgorithmFromProofToken()
Return the |
Date |
getCreationTime()
|
Key |
getDecipheredOtherPartyEntropy(Key privKey)
Get the Entropy if any provided by the other party, null otherwise If the Entropy was specified as an |
String |
getEncryptionAlgorithm()
|
String |
getEncryptWith()
|
String |
getEndpointAddress()
Get the endpoint address |
Date |
getExpirationTime()
get the Expiration Time for this Token if any |
String |
getKeyType()
|
Object |
getOtherPartyEntropy()
Get the Entropy if any provided by the Other Party, null otherwise |
Map<String,Object> |
getOtherProperties()
|
byte[] |
getProofKey()
get the SecureConversation ProofToken as a byte[] array |
KeyPair |
getProofKeyPair()
|
X509Certificate |
getRequestorCertificate()
Requestor Certificate(s) |
Subject |
getRequestorSubject()
|
String |
getRequestorUsername()
Requestor username if any |
SecurityContextTokenInfo |
getSecurityContextTokenInfo()
Get the SecurityContextTokenInfo for this Token if any. |
ArrayList<Object> |
getSecurityPolicy()
get the SecurityPolicy to be applied for the request or response to which this SecurityContext corresponds to This allows the Client and/or the Service (WSP/STS) to dynamically inject policy to be applied. |
Token |
getSecurityToken()
Depending on the |
Object |
getSelfEntropy()
Get self Entropy if set, null otherwise |
String |
getSignatureAlgorithm()
|
String |
getSignWith()
|
Token |
getTarget()
|
String |
getTokenIssuer()
|
String |
getTokenType()
|
Token |
getUnAttachedSecurityTokenReference()
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as |
void |
setAppliesTo(String appliesTo)
|
void |
setAssociatedProofToken(Token token)
Set the Proof Token Associated with the SecurityToken |
void |
setAttachedSecurityTokenReference(Token str)
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as |
void |
setAuthnContextClass(String authType)
|
void |
setCanonicalizationAlgorithm(String canonicalizationAlgo)
|
void |
setCreationTime(Date date)
set the creation Time of the IssuedToken |
void |
setEncryptionAlgorithm(String encAlgo)
|
void |
setEncryptWith(String encAlgo)
|
void |
setEndpointAddress(String endPointAddress)
set the endpointaddress |
void |
setExpirationTime(Date date)
set the Expiration Time for this Token if any. |
void |
setKeyType(String keyType)
|
void |
setOtherPartyEntropy(Object entropy)
Set the Entropy information provided by the other Part (if any) |
void |
setProofKey(byte[] key)
set the SecureConversation ProofToken as a byte[] array |
void |
setProofKeyPair(KeyPair keys)
|
void |
setRequestorCertificate(X509Certificate cert)
Append the Requestor Certificate that was used in an incoming message. |
void |
setRequestorSubject(Subject subject)
|
void |
setRequestorUsername(String username)
set requestor username |
void |
setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo)
set the SecurityContextTokenInfo for this Token if any. |
void |
setSecurityToken(Token tok)
Depending on the |
void |
setSelfEntropy(Object entropy)
Set self Entropy |
void |
setSignatureAlgorithm(String sigAlgo)
|
void |
setSignWith(String sigAlgo)
|
void |
setTarget(Token target)
|
void |
setTokenIssuer(String issuer)
|
void |
setTokenType(String tokenType)
|
void |
setUnAttachedSecurityTokenReference(Token str)
If the token returned doesnt allow use of wsu:id attribute then a STR is returned as |
| Field Detail |
|---|
static final String CLAIMED_ATTRUBUTES
static final String TARGET_SERVICE_CERTIFICATE
static final String STS_CERTIFICATE
static final String STS_PRIVATE_KEY
static final String WS_TRUST_VERSION
static final String CONFIRMATION_METHOD
static final String CONFIRMATION_KEY_INFO
static final String AUTHN_CONTEXT
static final String KEY_WRAP_ALGORITHM
static final String STATUS
| Method Detail |
|---|
void setTokenIssuer(String issuer)
@ManagedAttribute @Description(value="Token issuer") String getTokenIssuer()
@ManagedAttribute @Description(value="Requestor certificate") X509Certificate getRequestorCertificate()
void setRequestorCertificate(X509Certificate cert)
@ManagedAttribute @Description(value="Requestor username") String getRequestorUsername()
void setRequestorUsername(String username)
@ManagedAttribute @Description(value="Requestor subject") Subject getRequestorSubject()
void setRequestorSubject(Subject subject)
void setTokenType(String tokenType)
@ManagedAttribute @Description(value="Token type") String getTokenType()
void setKeyType(String keyType)
@ManagedAttribute @Description(value="Key type") String getKeyType()
void setAppliesTo(String appliesTo)
@ManagedAttribute @Description(value="appliesTo value") String getAppliesTo()
void setSecurityToken(Token tok)
@ManagedAttribute @Description(value="Security token") Token getSecurityToken()
void setAssociatedProofToken(Token token)
when the SecurityToken is a SecurityContext token (as defined in
WS-SecureConversation) and Derived Keys are being used then
the Proof Token is the
@ManagedAttribute @Description(value="Proof token") Token getAssociatedProofToken()
@ManagedAttribute @Description(value="Attached security token reference") Token getAttachedSecurityTokenReference()
@ManagedAttribute @Description(value="Unattached security token reference") Token getUnAttachedSecurityTokenReference()
void setAttachedSecurityTokenReference(Token str)
void setUnAttachedSecurityTokenReference(Token str)
ArrayList<Object> getSecurityPolicy()
Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as a policy and the subsequent requirement to sign the RSTR will also be expressed as a policy
TODO: There is no policy today to insert a specific element to a SOAP Header, we need to extend the policy definitions in XWS-Security.
void setOtherPartyEntropy(Object entropy)
WS-Trust allows requestor to provide input to key material in the request. The requestor might do this to satisfy itself as to the degree of entropy(cyrptographic randomness) of atleast some of the material used to generate the actual Key.
For composite Keys Entropy can be set by both parties, the concrete entropy element can be a
Key getDecipheredOtherPartyEntropy(Key privKey)
throws XWSSecurityException
XWSSecurityException@ManagedAttribute @Description(value="Other party entropy") Object getOtherPartyEntropy()
void setSelfEntropy(Object entropy)
@ManagedAttribute @Description(value="Self entropy") Object getSelfEntropy()
URI getComputedKeyAlgorithmFromProofToken()
void setProofKey(byte[] key)
byte[] getProofKey()
void setProofKeyPair(KeyPair keys)
KeyPair getProofKeyPair()
void setAuthnContextClass(String authType)
String getAuthnContextClass()
Date getCreationTime()
Date getExpirationTime()
void setCreationTime(Date date)
void setEndpointAddress(String endPointAddress)
String getEndpointAddress()
void setExpirationTime(Date date)
String getSignatureAlgorithm()
void setSignatureAlgorithm(String sigAlgo)
sigAlgo - : signature algorithm to use to sign IssuedTokenString getEncryptionAlgorithm()
void setEncryptionAlgorithm(String encAlgo)
encAlgo - : The encryption algorithm to use to encrypt IssuedTokenString getCanonicalizationAlgorithm()
void setCanonicalizationAlgorithm(String canonicalizationAlgo)
canonicalizationAlgo - : The canonicalization algorithm to use when signing IssuedTokenString getSignWith()
void setSignWith(String sigAlgo)
sigAlgo - : The signature algorithm the client intends to use when using ProofKey to sign the application messageString getEncryptWith()
void setEncryptWith(String encAlgo)
encAlgo - The encryption algorithm the client intends to use when using ProofKey to encrypt the application messageSecurityContextTokenInfo getSecurityContextTokenInfo()
void setTarget(Token target)
Token getTarget()
void setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo)
void destroy()
Map<String,Object> getOtherProperties()
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||