| com.sun.xml.wss.SecurityEnvironment
All known Subclasses: com.sun.xml.wss.impl.WssProviderSecurityEnvironment, com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment, com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl,
SecurityEnvironment | public interface SecurityEnvironment (Code) | | The SecurityEnvironment interface links the XWS-Security runtime with the
environment/container in which it is running. The SecurityEnvironment interface
is invoked by the XWS-Security runtime to perform tasks such as retrieving keys,
validating tokens etc.
When using the XWS-Security configuration files with <xwss:JAXRPCSecurity> as
the root element, a default implementation of this interface wraps the supplied CallbackHandler.
The default implemenation of this interface bundled with XWS-Security invokes the CallbackHandler
to implement the methods of this interface.
This interface facilitates usage of XWS-Security in environments which do not necessarily have a
natural mapping to the XWS-Security defined callbacks.
There is generally a single SecurityEnvironment instance per-application, which is initialized at application startup.
Note: This interface is evolving and is subject to change in a later release
|
Method Summary | |
public boolean | authenticateUser(Map context, String username, String password) Authenticate the user against a list of known username-password
pairs. | public boolean | authenticateUser(Map context, String username, String passwordDigest, String nonce, String created) Authenticate the user given the password digest. | public CallbackHandler | getCallbackHandler() | public X509Certificate | getCertificate(Map context, String alias, boolean forSigning) | public X509Certificate | getCertificate(Map context, byte[] keyIdentifier) | public X509Certificate | getCertificate(Map context, byte[] identifier, String valueType) | public X509Certificate | getCertificate(Map context, PublicKey publicKey, boolean forSign) | public X509Certificate | getCertificate(Map context, BigInteger serialNumber, String issuerName) | public X509Certificate | getDefaultCertificate(Map context) Retrieves a reasonable default value for the current user's
X509Certificate if one exists. | public String | getPassword(Map context) | public PrivateKey | getPrivateKey(Map context, String alias) | public PrivateKey | getPrivateKey(Map context, X509Certificate cert) | public PrivateKey | getPrivateKey(Map context, BigInteger serialNumber, String issuerName) | public PrivateKey | getPrivateKey(Map context, byte[] keyIdentifier) | public PrivateKey | getPrivateKey(Map context, byte[] keyIdentifier, String valueType) | public PrivateKey | getPrivateKey(Map context, PublicKey publicKey, boolean forSign) | public PublicKey | getPublicKey(Map context, byte[] keyIdentifier) | public PublicKey | getPublicKey(Map context, byte[] keyIdentifier, String valueType) | public PublicKey | getPublicKey(Map context, BigInteger serialNumber, String issuerName) | public SecretKey | getSecretKey(Map context, String alias, boolean encryptMode) | public Subject | getSubject() | public String | getUsername(Map context) | public boolean | isSelfCertificate(X509Certificate cert) | public Element | locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc) | public AuthenticationTokenPolicy.SAMLAssertionBinding | populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy, DynamicApplicationContext context) Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding
and Assertion ID information. | public void | updateOtherPartySubject(Subject subject, String username, String password) Update the public/private credentials of the subject of the party
whose username password pair is given. | public void | updateOtherPartySubject(Subject subject, X509Certificate cert) Update the public credentials of the subject of the party
whose certificate is given. | public void | updateOtherPartySubject(Subject subject, Assertion assertion) Update the public credentials of the subject of the party
whose Assertion is given. | public void | updateOtherPartySubject(Subject subject, XMLStreamReader assertion) Update the public credentials of the subject of the party
whose Assertion is given. | public void | updateOtherPartySubject(Subject subject, Subject bootStrapSubject) | public boolean | validateAndCacheNonce(String nonce, String created, long maxNonceAge) Validate the given nonce. | public boolean | validateCertificate(X509Certificate cert) Validate an X509Certificate. | public void | validateCreationTime(Map context, String creationTime, long maxClockSkew, long timestampFreshnessLimit) Validate the creation time. | public void | validateSAMLAssertion(Map context, Element assertion) Validate the received SAML Assertion
Validations can include validating the Issuer and the Saml User, SAML Version etc. | public void | validateSAMLAssertion(Map context, XMLStreamReader assertion) Validate the received SAML Assertion
Validations can include validating the Issuer and the Saml User, SAML Version etc. | public void | validateTimestamp(Map context, Timestamp timestamp, long maxClockSkew, long freshnessLimit) Validate the creation time. | public void | validateTimestamp(Map context, String created, String expires, long maxClockSkew, long freshnessLimit) |
authenticateUser | public boolean authenticateUser(Map context, String username, String password) throws XWSSecurityException(Code) | | Authenticate the user against a list of known username-password
pairs.
Parameters: context - a Map of application and integration-layer specific properties Parameters: username - the username Parameters: password - the password true if the username-password pair is valid, false otherwise throws: XWSSecurityException - if there was an error while trying to authenticate the username |
authenticateUser | public boolean authenticateUser(Map context, String username, String passwordDigest, String nonce, String created) throws XWSSecurityException(Code) | | Authenticate the user given the password digest.
Parameters: context - a Map of application and integration-layer specific properties Parameters: username - the username Parameters: passwordDigest - the digested password Parameters: nonce - the nonce which was part of the digest Parameters: created - the creation time which was part of the digest true if the password digest is valid, false otherwise throws: XWSSecurityException - if there was an error while trying to authenticate the username |
getCertificate | public X509Certificate getCertificate(Map context, String alias, boolean forSigning) throws XWSSecurityException(Code) | | the certificate corresponding to the alias Parameters: context - a Map of application and integration-layer specific properties Parameters: alias - the alias for identifying the certificate Parameters: forSigning - whether this request is for a Sign operation or Encrypt exception: XWSSecurityException - if there was an error while trying to locate the Cerificate |
getCertificate | public X509Certificate getCertificate(Map context, byte[] keyIdentifier) throws XWSSecurityException(Code) | | the X509Certificate corresponding to a KeyIdentifier Parameters: context - a Map of application and integration-layer specific properties Parameters: keyIdentifier - an Opaque identifier indicatingthe X509 certificate. exception: XWSSecurityException - if there was an error while trying to locate the X509Certificate |
getCertificate | public X509Certificate getCertificate(Map context, byte[] identifier, String valueType) throws XWSSecurityException(Code) | | the X509Certificate corresponding to a KeyIdentifier Parameters: context - a Map of application and integration-layer specific properties Parameters: identifier - an Opaque identifier indicating the X509 certificate. Parameters: valueType - exception: XWSSecurityException - if there was an error while trying to locate the X509Certificate |
getCertificate | public X509Certificate getCertificate(Map context, PublicKey publicKey, boolean forSign) throws XWSSecurityException(Code) | | the X509Certificate corresponding to a PublicKey Parameters: context - a Map of application and integration-layer specific properties Parameters: publicKey - the publicKey Parameters: forSign - set to true if the public key is to be used for SignatureVerification throws: XWSSecurityException - if there was an error while trying to locate the PublicKey |
getCertificate | public X509Certificate getCertificate(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException(Code) | | the X509Certificate corresponding to (serialNumber, issuerName) Parameters: context - a Map of application and integration-layer specific properties Parameters: serialNumber - the serialNumber of the certificate Parameters: issuerName - the issuerName of the certificate throws: XWSSecurityException - if there was an error while trying to locate the X509Certificate |
getDefaultCertificate | public X509Certificate getDefaultCertificate(Map context) throws XWSSecurityException(Code) | | Retrieves a reasonable default value for the current user's
X509Certificate if one exists.
Parameters: context - a Map of application and integration-layer specific properties the default certificate for the current user throws: XWSSecurityException - |
getPassword | public String getPassword(Map context) throws XWSSecurityException(Code) | | Parameters: context - a Map of application and integration-layer specific properties the password using PasswordCallback throws: XWSSecurityException - if there was an error while trying obtain the password |
getPrivateKey | public PrivateKey getPrivateKey(Map context, String alias) throws XWSSecurityException(Code) | | the PrivateKey corresponding to the alias Parameters: context - a Map of application and integration-layer specific properties Parameters: alias - the alias for identifying the PrivateKey exception: XWSSecurityException - if there was an error while trying to locate the PrivateKey |
getPrivateKey | public PrivateKey getPrivateKey(Map context, X509Certificate cert) throws XWSSecurityException(Code) | | the PrivateKey corresponding to the X509Certificate Parameters: context - a Map of application and integration-layer specific properties Parameters: cert - the X509Certificate throws: XWSSecurityException - if there was an error while trying to locate the PrivateKey |
getPrivateKey | public PrivateKey getPrivateKey(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException(Code) | | the PrivateKey corresponding to (serialNumber, issuerName) Parameters: context - a Map of application and integration-layer specific properties Parameters: serialNumber - the serialNumber of the certificate Parameters: issuerName - the issuerName of the certificate throws: XWSSecurityException - if there was an error while trying to locate the PrivateKey |
getPrivateKey | public PrivateKey getPrivateKey(Map context, byte[] keyIdentifier) throws XWSSecurityException(Code) | | the PrivateKey corresponding to a KeyIdentifier Parameters: context - a Map of application and integration-layer specific properties Parameters: keyIdentifier - an Opaque identifier indicatingthe X509 certificate. throws: XWSSecurityException - if there was an error while trying to locate the PrivateKey |
getPrivateKey | public PrivateKey getPrivateKey(Map context, PublicKey publicKey, boolean forSign) throws XWSSecurityException(Code) | | the PrivateKey corresponding to a PublicKey Parameters: context - a Map of application and integration-layer specific properties Parameters: publicKey - the publicKey Parameters: forSign - set to true if the purpose is Signature throws: XWSSecurityException - if there was an error while trying to locate the PrivateKey |
getPublicKey | public PublicKey getPublicKey(Map context, byte[] keyIdentifier) throws XWSSecurityException(Code) | | the PublicKey corresponding to a KeyIdentifier Parameters: context - a Map of application and integration-layer specific properties Parameters: keyIdentifier - an Opaque identifier indicatingthe X509 certificate. exception: XWSSecurityException - if there was an error while trying to locate the PublicKey |
getPublicKey | public PublicKey getPublicKey(Map context, BigInteger serialNumber, String issuerName) throws XWSSecurityException(Code) | | the PublicKey corresponding to (serialNumber, issuerName) Parameters: context - a Map of application and integration-layer specific properties Parameters: serialNumber - the serialNumber of the certificate Parameters: issuerName - the issuerName of the certificate throws: XWSSecurityException - if there was an error while trying to locate the PublicKey |
getSecretKey | public SecretKey getSecretKey(Map context, String alias, boolean encryptMode) throws XWSSecurityException(Code) | | the SecretKey corresponding to the alias Parameters: context - a Map of application and integration-layer specific properties Parameters: alias - the alias for identifying the SecretKey Parameters: encryptMode - whether this request is for an Encrypt or Decrypt operation exception: XWSSecurityException - if there was an error while trying to locate the SecretKey |
getSubject | public Subject getSubject()(Code) | | the host/sender Subject,null if subject is not available/initialized |
getUsername | public String getUsername(Map context) throws XWSSecurityException(Code) | | Parameters: context - a Map of application and integration-layer specific properties the username using UsernameCallback throws: XWSSecurityException - if there was an error while trying obtain the username |
isSelfCertificate | public boolean isSelfCertificate(X509Certificate cert)(Code) | | true if the certificate is a self certificate, false otherwise |
locateSAMLAssertion | public Element locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc) throws XWSSecurityException(Code) | | Locate and return a SAML Assertion, given the Authority binding and assertionId
Parameters: context - a Map of application and integration-layer specific properties Parameters: binding - an org.w3c.dom.Element representing the SAML AuthorityBinding Parameters: assertionId - the Assertion ID of the SAML Assertion Parameters: ownerDoc - the owner document into which the returned SAML Assertion should be imported to throws: XWSSecurityException - if there was an error while trying to locate the SAML Assertion |
populateSAMLPolicy | public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy, DynamicApplicationContext context) throws XWSSecurityException(Code) | | Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding
and Assertion ID information.
The DynamicApplicationContext may contain information to be used by the implementation to make
its runtime decisions on how to obtaim the SAML Assertion
Parameters: fpcontext - a Map of application and integration-layer specific properties Parameters: policy - the SAML Assertion Policy to be populated Parameters: context - the DynamicApplicationContext populated SAML Assertion policy throws: XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy |
updateOtherPartySubject | public void updateOtherPartySubject(Subject subject, String username, String password)(Code) | | Update the public/private credentials of the subject of the party
whose username password pair is given.
Parameters: subject - the Subject of the requesting party Parameters: username - the username of the requesting party Parameters: password - the password of the requesting party |
updateOtherPartySubject | public void updateOtherPartySubject(Subject subject, X509Certificate cert)(Code) | | Update the public credentials of the subject of the party
whose certificate is given.
Parameters: subject - the Subject of the requesting party Parameters: cert - the X509Certificate of the requesting party |
updateOtherPartySubject | public void updateOtherPartySubject(Subject subject, Assertion assertion)(Code) | | Update the public credentials of the subject of the party
whose Assertion is given.
Parameters: subject - the Subject of the requesting party Parameters: assertion - the SAML Assertion of the requesting party |
updateOtherPartySubject | public void updateOtherPartySubject(Subject subject, XMLStreamReader assertion)(Code) | | Update the public credentials of the subject of the party
whose Assertion is given.
Parameters: subject - the Subject of the requesting party Parameters: assertion - the SAML Assertion of the requesting party |
updateOtherPartySubject | public void updateOtherPartySubject(Subject subject, Subject bootStrapSubject)(Code) | | Update the principal/credentials of the requesting party subject
Parameters: subject - the Subject of the requesting party Parameters: bootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party |
validateAndCacheNonce | public boolean validateAndCacheNonce(String nonce, String created, long maxNonceAge) throws XWSSecurityException(Code) | | Validate the given nonce. It is an error if the nonce matches any
stored nonce values on the server
if there is no error then the nonce is Cached.
true if this nonce is valid Parameters: nonce - the encoded nonce value Parameters: created - the creation time value Parameters: maxNonceAge - the time in milliseconds for which this noncewill be stored on the receiver. throws: XWSSecurityException - if there was an error while trying to validate the Nonce |
validateCertificate | public boolean validateCertificate(X509Certificate cert) throws XWSSecurityException(Code) | | Validate an X509Certificate.
true, if the cert is a valid one, false otherwise. Parameters: cert - the X509Certificate to be validated throws: XWSSecurityException - if there is some problem during validation. |
validateCreationTime | public void validateCreationTime(Map context, String creationTime, long maxClockSkew, long timestampFreshnessLimit) throws XWSSecurityException(Code) | | Validate the creation time. It is an error if the
creation time is older than current local time minus
TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW
Parameters: context - a Map of application and integration-layer specific properties Parameters: creationTime - the creation-time value Parameters: maxClockSkew - (in milliseconds) the maximum clockskew Parameters: timestampFreshnessLimit - (in milliseconds) the limit for which timestampsare considered fresh throws: XWSSecurityException - if there was an error while trying to validate the creationTime |
validateSAMLAssertion | public void validateSAMLAssertion(Map context, Element assertion) throws XWSSecurityException(Code) | | Validate the received SAML Assertion
Validations can include validating the Issuer and the Saml User, SAML Version etc.
Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime
Parameters: context - a Map of application and integration-layer specific properties Parameters: assertion - the Assertion to be validated throws: XWSSecurityException - if there was an error while validating the SAML Assertion |
validateSAMLAssertion | public void validateSAMLAssertion(Map context, XMLStreamReader assertion) throws XWSSecurityException(Code) | | Validate the received SAML Assertion
Validations can include validating the Issuer and the Saml User, SAML Version etc.
Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime
In case HOK SAML Assertion the enveloped signature is removed from this SAML Assertion and verified.
(i,e one will not find Signature element under this SAMLAssertion)
Parameters: context - a Map of application and integration-layer specific properties Parameters: assertion - the Assertion to be validated throws: XWSSecurityException - if there was an error while validating the SAML Assertion |
validateTimestamp | public void validateTimestamp(Map context, Timestamp timestamp, long maxClockSkew, long freshnessLimit) throws XWSSecurityException(Code) | | Validate the creation time. It is an error if the
creation time is older than current local time minus
TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW
Parameters: context - a Map of application and integration-layer specific properties Parameters: timestamp - the Timestamp element Parameters: maxClockSkew - (in milliseconds) the maximum clockskew Parameters: freshnessLimit - (in milliseconds) the limit for which timestampsare considered fresh throws: XWSSecurityException - if there was an error while trying validate the Timestamp |
|
|