com.sun.xml.wss.impl
Class WssProviderSecurityEnvironment

java.lang.Object
  extended by com.sun.xml.wss.impl.WssProviderSecurityEnvironment
All Implemented Interfaces:
SecurityEnvironment

public class WssProviderSecurityEnvironment
extends Object
implements SecurityEnvironment


Field Summary
protected  long MAX_CLOCK_SKEW
           
protected  long TIMESTAMP_FRESHNESS_LIMIT
           
 
Constructor Summary
WssProviderSecurityEnvironment(CallbackHandler handler, Map options)
           
 
Method Summary
 String authenticateUser(Map context, String username)
          Authenticate the user given the username and context.
 boolean authenticateUser(Map context, String username, String password)
          Authenticate the user against a list of known username-password pairs.
 boolean authenticateUser(Map context, String username, String passwordDigest, String nonce, String created)
          Authenticate the user given the password digest.
 KerberosContext doKerberosLogin()
          Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
 KerberosContext doKerberosLogin(byte[] tokenValue)
          Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
 CallbackHandler getCallbackHandler()
           
 X509Certificate getCertificate(Map context, BigInteger serialNumber, String issuerName)
           
 X509Certificate getCertificate(Map context, byte[] ski)
           
 X509Certificate getCertificate(Map context, byte[] identifier, String valueType)
           
 X509Certificate getCertificate(Map context, PublicKey publicKey, boolean forSign)
           
 X509Certificate getCertificate(Map context, String alias, boolean forSigning)
           
 X509Certificate getCertificate(String keyIdentifier)
           
 X509Certificate getDefaultCertificate(Map context)
          Retrieves a reasonable default value for the current user's X509Certificate if one exists.
 X509Certificate getMatchingCertificate(Map context, BigInteger serialNumber, String issuerName)
           
 X509Certificate getMatchingCertificate(Map context, byte[] keyIdMatch)
           
 X509Certificate getMatchingCertificate(Map context, byte[] keyIdMatch, String valueType)
           
 String getPassword(Map context)
          Not implemented: AuthModules use Callbacks internally
 PrivateKey getPrivateKey(Map context, BigInteger serialNumber, String issuerName)
           
 PrivateKey getPrivateKey(Map context, byte[] keyIdentifier)
           
 PrivateKey getPrivateKey(Map context, byte[] keyIdentifier, String valueType)
           
 PrivateKey getPrivateKey(Map context, PublicKey publicKey, boolean forSign)
           
 PrivateKey getPrivateKey(Map context, String alias)
           
 PrivateKey getPrivateKey(Map context, X509Certificate cert)
           
 PublicKey getPublicKey(Map context, BigInteger serialNumber, String issuerName)
           
 PublicKey getPublicKey(Map context, byte[] keyIdentifier)
           
 PublicKey getPublicKey(Map context, byte[] identifier, String valueType)
           
 PublicKey getPublicKey(String keyIdentifier)
           
 Subject getRequesterSubject(Map context)
           
 SecretKey getSecretKey(Map context, String alias, boolean encryptMode)
           
 Subject getSubject()
           
 Subject getSubject(Map context)
           
static byte[] getThumbprintIdentifier(X509Certificate cert)
           
 String getUsername(Map context)
          Not implemented: AuthModules use Callbacks internally
 boolean isSelfCertificate(X509Certificate cert)
           
 Element locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc)
          Locate and return a SAML Assertion, given the Authority binding and assertionId
 AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy, DynamicApplicationContext context)
          Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information.
 void setRequesterSubject(Subject subject, Map context)
           
 void setSubject(Subject subject, Map context)
           
 void updateOtherPartySubject(Subject subject, Assertion assertion)
          Update the public credentials of the subject of the party whose Assertion is given.
 void updateOtherPartySubject(Subject subject, GSSName clientCred, GSSCredential gssCred)
          Update the principal/credentials of the requesting party subject
 void updateOtherPartySubject(Subject subject, Key secretKey)
           
 void updateOtherPartySubject(Subject subj, String encryptedKey)
           
 void updateOtherPartySubject(Subject subject, String username, String password)
          Update the public/private credentials of the subject of the party whose username password pair is given.
 void updateOtherPartySubject(Subject subject, Subject bootStrapSubject)
          Update the principal/credentials of the requesting party subject
 void updateOtherPartySubject(Subject subject, X509Certificate cert)
          Update the public credentials of the subject of the party whose certificate is given.
 void updateOtherPartySubject(Subject subject, XMLStreamReader assertion)
          Update the public credentials of the subject of the party whose Assertion is given.
 boolean validateAndCacheNonce(Map context, String nonce, String created, long maxNonceAge)
          Validate the given nonce.
 boolean validateCertificate(X509Certificate cert, Map context)
          Validate an X509Certificate.
 void validateCreationTime(Map context, String creationTime, long maxClockSkew, long timestampFreshnessLimit)
          Validate the creation time.
 void validateSAMLAssertion(Map context, Element assertion)
          Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc.
 void validateSAMLAssertion(Map context, XMLStreamReader assertion)
          Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc.
 boolean validateSamlIssuer(String issuer)
           
 boolean validateSamlUser(String user, String domain, String format)
           
 void validateTimestamp(Map context, String created, String expires, long maxClockSkew, long freshnessLimit)
           
 void validateTimestamp(Map context, Timestamp timestamp, long maxClockSkew, long freshnessLimit)
          Validate the creation time.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MAX_CLOCK_SKEW

protected final long MAX_CLOCK_SKEW
See Also:
Constant Field Values

TIMESTAMP_FRESHNESS_LIMIT

protected final long TIMESTAMP_FRESHNESS_LIMIT
See Also:
Constant Field Values
Constructor Detail

WssProviderSecurityEnvironment

public WssProviderSecurityEnvironment(CallbackHandler handler,
                                      Map options)
                               throws XWSSecurityException
Throws:
XWSSecurityException
Method Detail

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                String alias)
                         throws XWSSecurityException
Specified by:
getPrivateKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
alias - the alias for identifying the PrivateKey
Returns:
the PrivateKey corresponding to the alias
Throws:
XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                byte[] keyIdentifier)
                         throws XWSSecurityException
Specified by:
getPrivateKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
keyIdentifier - an Opaque identifier indicating the X509 certificate.
Returns:
the PrivateKey corresponding to a KeyIdentifier
Throws:
XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                X509Certificate cert)
                         throws XWSSecurityException
Specified by:
getPrivateKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
cert - the X509Certificate
Returns:
the PrivateKey corresponding to the X509Certificate
Throws:
XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                BigInteger serialNumber,
                                String issuerName)
                         throws XWSSecurityException
Specified by:
getPrivateKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
serialNumber - the serialNumber of the certificate
issuerName - the issuerName of the certificate
Returns:
the PrivateKey corresponding to (serialNumber, issuerName)
Throws:
XWSSecurityException - if there was an error while trying to locate the PrivateKey

getDefaultCertificate

public X509Certificate getDefaultCertificate(Map context)
                                      throws XWSSecurityException
Retrieves a reasonable default value for the current user's X509Certificate if one exists.

Specified by:
getDefaultCertificate in interface SecurityEnvironment
Parameters:
keyIdentifier - an Opaque identifier indicating the X509 certificate.
Returns:
the default certificate for the current user
Throws:
XWSSecurityException

authenticateUser

public boolean authenticateUser(Map context,
                                String username,
                                String password)
                         throws XWSSecurityException
Authenticate the user against a list of known username-password pairs.

Specified by:
authenticateUser in interface SecurityEnvironment
Parameters:
username -
password -
context - a Map of application and integration-layer specific properties
Returns:
true if the username-password pair is valid
Throws:
XWSSecurityException - if there was an error while trying to authenticate the username

authenticateUser

public String authenticateUser(Map context,
                               String username)
                        throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Authenticate the user given the username and context.

Specified by:
authenticateUser in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
username - the username
Returns:
password if the username is valid
Throws:
XWSSecurityException - if there was an error while trying to authenticate the username

authenticateUser

public boolean authenticateUser(Map context,
                                String username,
                                String passwordDigest,
                                String nonce,
                                String created)
                         throws XWSSecurityException
Authenticate the user given the password digest.

Specified by:
authenticateUser in interface SecurityEnvironment
Parameters:
username -
passwordDigest -
nonce -
created -
context - a Map of application and integration-layer specific properties
Returns:
true if the password digest is valid
Throws:
XWSSecurityException - if there was an error while trying to authenticate the username

validateCertificate

public boolean validateCertificate(X509Certificate cert,
                                   Map context)
                            throws XWSSecurityException
Validate an X509Certificate.

Specified by:
validateCertificate in interface SecurityEnvironment
Parameters:
cert - the X509Certificate to be validated
context - Map of application and integration-layer specific properties
Returns:
true, if the cert is a valid one, false o/w.
Throws:
XWSSecurityException - if there is some problem during validation.

getMatchingCertificate

public X509Certificate getMatchingCertificate(Map context,
                                              byte[] keyIdMatch)
                                       throws XWSSecurityException
Parameters:
keyIdMatch - KeyIdentifier to search for
Returns:
the matching Certificate
Throws:
XWSSecurityException

getMatchingCertificate

public X509Certificate getMatchingCertificate(Map context,
                                              BigInteger serialNumber,
                                              String issuerName)
                                       throws XWSSecurityException
Throws:
XWSSecurityException

getMatchingCertificate

public X509Certificate getMatchingCertificate(Map context,
                                              byte[] keyIdMatch,
                                              String valueType)
                                       throws XWSSecurityException
Parameters:
keyIdMatch - KeyIdentifier to search for
Returns:
the matching Certificate
Throws:
XWSSecurityException

getSecretKey

public SecretKey getSecretKey(Map context,
                              String alias,
                              boolean encryptMode)
                       throws XWSSecurityException
Specified by:
getSecretKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
alias - the alias for identifying the SecretKey
encryptMode - whether this request is for an Encrypt or Decrypt operation
Returns:
the SecretKey corresponding to the alias
Throws:
XWSSecurityException - if there was an error while trying to locate the SecretKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      String alias,
                                      boolean forSigning)
                               throws XWSSecurityException
Specified by:
getCertificate in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
alias - the alias for identifying the certificate
forSigning - whether this request is for a Sign operation or Encrypt
Returns:
the certificate corresponding to the alias
Throws:
XWSSecurityException - if there was an error while trying to locate the Cerificate

getThumbprintIdentifier

public static byte[] getThumbprintIdentifier(X509Certificate cert)
                                      throws XWSSecurityException
Throws:
XWSSecurityException

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    String username,
                                    String password)
Description copied from interface: SecurityEnvironment
Update the public/private credentials of the subject of the party whose username password pair is given.

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
username - the username of the requesting party
password - the password of the requesting party

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    X509Certificate cert)
Description copied from interface: SecurityEnvironment
Update the public credentials of the subject of the party whose certificate is given.

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
cert - the X509Certificate of the requesting party

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Assertion assertion)
Description copied from interface: SecurityEnvironment
Update the public credentials of the subject of the party whose Assertion is given.

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
assertion - the SAML Assertion of the requesting party

getPublicKey

public PublicKey getPublicKey(Map context,
                              BigInteger serialNumber,
                              String issuerName)
                       throws XWSSecurityException
Specified by:
getPublicKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
serialNumber - the serialNumber of the certificate
issuerName - the issuerName of the certificate
Returns:
the PublicKey corresponding to (serialNumber, issuerName)
Throws:
XWSSecurityException - if there was an error while trying to locate the PublicKey

getPublicKey

public PublicKey getPublicKey(String keyIdentifier)
                       throws XWSSecurityException
Throws:
XWSSecurityException

getPublicKey

public PublicKey getPublicKey(Map context,
                              byte[] keyIdentifier)
                       throws XWSSecurityException
Specified by:
getPublicKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
keyIdentifier - an Opaque identifier indicating the X509 certificate.
Returns:
the PublicKey corresponding to a KeyIdentifier
Throws:
XWSSecurityException - if there was an error while trying to locate the PublicKey

getPublicKey

public PublicKey getPublicKey(Map context,
                              byte[] identifier,
                              String valueType)
                       throws XWSSecurityException
Specified by:
getPublicKey in interface SecurityEnvironment
Throws:
XWSSecurityException

getCertificate

public X509Certificate getCertificate(Map context,
                                      BigInteger serialNumber,
                                      String issuerName)
                               throws XWSSecurityException
Specified by:
getCertificate in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
serialNumber - the serialNumber of the certificate
issuerName - the issuerName of the certificate
Returns:
the X509Certificate corresponding to (serialNumber, issuerName)
Throws:
XWSSecurityException - if there was an error while trying to locate the X509Certificate

getCertificate

public X509Certificate getCertificate(String keyIdentifier)
                               throws XWSSecurityException
Throws:
XWSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                PublicKey publicKey,
                                boolean forSign)
Specified by:
getPrivateKey in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
publicKey - the publicKey
forSign - set to true if the purpose is Signature
Returns:
the PrivateKey corresponding to a PublicKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      byte[] ski)
Specified by:
getCertificate in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
ski - an Opaque identifier indicating the X509 certificate.
Returns:
the X509Certificate corresponding to a KeyIdentifier

getCertificate

public X509Certificate getCertificate(Map context,
                                      PublicKey publicKey,
                                      boolean forSign)
                               throws XWSSecurityException
Specified by:
getCertificate in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
publicKey - the publicKey
forSign - set to true if the public key is to be used for SignatureVerification
Returns:
the X509Certificate corresponding to a PublicKey
Throws:
XWSSecurityException - if there was an error while trying to locate the PublicKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      byte[] identifier,
                                      String valueType)
                               throws XWSSecurityException
Specified by:
getCertificate in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
identifier - an Opaque identifier indicating the X509 certificate.
Returns:
the X509Certificate corresponding to a KeyIdentifier
Throws:
XWSSecurityException - if there was an error while trying to locate the X509Certificate

validateSamlIssuer

public boolean validateSamlIssuer(String issuer)

validateSamlUser

public boolean validateSamlUser(String user,
                                String domain,
                                String format)

setSubject

public void setSubject(Subject subject,
                       Map context)

setRequesterSubject

public void setRequesterSubject(Subject subject,
                                Map context)

getSubject

public Subject getSubject()
Specified by:
getSubject in interface SecurityEnvironment
Returns:
the host/sender Subject, null if subject is not available/initialized

getSubject

public Subject getSubject(Map context)

getRequesterSubject

public Subject getRequesterSubject(Map context)

getUsername

public String getUsername(Map context)
                   throws XWSSecurityException
Not implemented: AuthModules use Callbacks internally

Specified by:
getUsername in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
Returns:
the username using UsernameCallback
Throws:
XWSSecurityException - if there was an error while trying obtain the username

getPassword

public String getPassword(Map context)
                   throws XWSSecurityException
Not implemented: AuthModules use Callbacks internally

Specified by:
getPassword in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
Returns:
the password using PasswordCallback
Throws:
XWSSecurityException - if there was an error while trying obtain the password

validateAndCacheNonce

public boolean validateAndCacheNonce(Map context,
                                     String nonce,
                                     String created,
                                     long maxNonceAge)
                              throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Validate the given nonce. It is an error if the nonce matches any stored nonce values on the server if there is no error then the nonce is Cached.

Specified by:
validateAndCacheNonce in interface SecurityEnvironment
Parameters:
context - a context containing runtime properties
nonce - the encoded nonce value
created - the creation time value
maxNonceAge - the time in milliseconds for which this nonce will be stored on the receiver.
Returns:
true if this nonce is valid
Throws:
XWSSecurityException - if there was an error while trying to validate the Nonce

validateTimestamp

public void validateTimestamp(Map context,
                              String created,
                              String expires,
                              long maxClockSkew,
                              long freshnessLimit)
                       throws XWSSecurityException
Specified by:
validateTimestamp in interface SecurityEnvironment
Throws:
XWSSecurityException

validateTimestamp

public void validateTimestamp(Map context,
                              Timestamp timestamp,
                              long maxClockSkew,
                              long freshnessLimit)
                       throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW

Specified by:
validateTimestamp in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
timestamp - the Timestamp element
maxClockSkew - (in milliseconds) the maximum clockskew
freshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh
Throws:
XWSSecurityException - if there was an error while trying validate the Timestamp

validateCreationTime

public void validateCreationTime(Map context,
                                 String creationTime,
                                 long maxClockSkew,
                                 long timestampFreshnessLimit)
                          throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW

Specified by:
validateCreationTime in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
creationTime - the creation-time value
maxClockSkew - (in milliseconds) the maximum clockskew
timestampFreshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh
Throws:
XWSSecurityException - if there was an error while trying to validate the creationTime

getCallbackHandler

public CallbackHandler getCallbackHandler()
                                   throws XWSSecurityException
Specified by:
getCallbackHandler in interface SecurityEnvironment
Returns:
any Callback Handler associated with this Environment, null otherwise
Throws:
XWSSecurityException - if there was an error while trying retrieve the CallbackHandler

validateSAMLAssertion

public void validateSAMLAssertion(Map context,
                                  Element assertion)
                           throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime

Specified by:
validateSAMLAssertion in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
assertion - the Assertion to be validated
Throws:
XWSSecurityException - if there was an error while validating the SAML Assertion

locateSAMLAssertion

public Element locateSAMLAssertion(Map context,
                                   Element binding,
                                   String assertionId,
                                   Document ownerDoc)
                            throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Locate and return a SAML Assertion, given the Authority binding and assertionId

Specified by:
locateSAMLAssertion in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
binding - an org.w3c.dom.Element representing the SAML AuthorityBinding
assertionId - the Assertion ID of the SAML Assertion
ownerDoc - the owner document into which the returned SAML Assertion should be imported to
Throws:
XWSSecurityException - if there was an error while trying to locate the SAML Assertion

populateSAMLPolicy

public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext,
                                                                         AuthenticationTokenPolicy.SAMLAssertionBinding policy,
                                                                         DynamicApplicationContext context)
                                                                  throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information. The DynamicApplicationContext may contain information to be used by the implementation to make its runtime decisions on how to obtaim the SAML Assertion

Specified by:
populateSAMLPolicy in interface SecurityEnvironment
Parameters:
fpcontext - a Map of application and integration-layer specific properties
policy - the SAML Assertion Policy to be populated
context - the DynamicApplicationContext
Returns:
populated SAML Assertion policy
Throws:
XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy

updateOtherPartySubject

public void updateOtherPartySubject(Subject subj,
                                    String encryptedKey)

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Key secretKey)

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                byte[] keyIdentifier,
                                String valueType)
                         throws XWSSecurityException
Specified by:
getPrivateKey in interface SecurityEnvironment
Throws:
XWSSecurityException

validateSAMLAssertion

public void validateSAMLAssertion(Map context,
                                  XMLStreamReader assertion)
                           throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime In case HOK SAML Assertion the enveloped signature is removed from this SAML Assertion and verified. (i,e one will not find Signature element under this SAMLAssertion)

Specified by:
validateSAMLAssertion in interface SecurityEnvironment
Parameters:
context - a Map of application and integration-layer specific properties
assertion - the Assertion to be validated
Throws:
XWSSecurityException - if there was an error while validating the SAML Assertion

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    XMLStreamReader assertion)
Description copied from interface: SecurityEnvironment
Update the public credentials of the subject of the party whose Assertion is given.

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
assertion - the SAML Assertion of the requesting party

isSelfCertificate

public boolean isSelfCertificate(X509Certificate cert)
Specified by:
isSelfCertificate in interface SecurityEnvironment
Returns:
true if the certificate is a self certificate, false otherwise

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Subject bootStrapSubject)
Description copied from interface: SecurityEnvironment
Update the principal/credentials of the requesting party subject

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
bootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party

doKerberosLogin

public KerberosContext doKerberosLogin()
                                throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc

Specified by:
doKerberosLogin in interface SecurityEnvironment
Throws:
XWSSecurityException

doKerberosLogin

public KerberosContext doKerberosLogin(byte[] tokenValue)
                                throws XWSSecurityException
Description copied from interface: SecurityEnvironment
Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc

Specified by:
doKerberosLogin in interface SecurityEnvironment
Throws:
XWSSecurityException

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    GSSName clientCred,
                                    GSSCredential gssCred)
Description copied from interface: SecurityEnvironment
Update the principal/credentials of the requesting party subject

Specified by:
updateOtherPartySubject in interface SecurityEnvironment
Parameters:
subject - the Subject of the requesting party
clientCred - the GSSName of the requesting party


Copyright © 2005-2015 Oracle Corporation. All Rights Reserved.