Package org.apache.cxf.ws.security.trust

Class STSTokenValidator

  • All Implemented Interfaces:
    org.apache.wss4j.dom.validate.Validator
    public class STSTokenValidator
extends Object
implements org.apache.wss4j.dom.validate.Validator
    A WSS4J-based Validator to validate a received WS-Security credential by dispatching it to a STS via WS-Trust. The default binding is "validate", but "issue" is also possible by setting the "useIssueBinding" property. In this case, the credentials are sent via "OnBehalfOf" unless the "useOnBehalfOf" property is set to "false", in which case the credentials are used depending on the security policy of the STS endpoint (e.g. in a UsernameToken if this is what the policy requires). Setting "useOnBehalfOf" to "false" + "useIssueBinding" to "true" only works for validating UsernameTokens.

    • Constructor Detail

      • STSTokenValidator

        public STSTokenValidator()

      • STSTokenValidator

        public STSTokenValidator​(boolean alwaysValidateToSts)
        Construct a new instance.
        Parameters:
        alwaysValidateToSts - whether to always validate the token to the STS

    • Method Detail

      • validate

        public org.apache.wss4j.dom.validate.Credential validate​(org.apache.wss4j.dom.validate.Credential credential,
                                                         org.apache.wss4j.dom.handler.RequestData data)
                                                  throws org.apache.wss4j.common.ext.WSSecurityException
        Specified by:
        validate in interface org.apache.wss4j.dom.validate.Validator
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • validateWithSTS

        public org.apache.wss4j.dom.validate.Credential validateWithSTS​(org.apache.wss4j.dom.validate.Credential credential,
                                                                org.apache.cxf.message.Message message)
                                                         throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • isValidatedLocally

        protected boolean isValidatedLocally​(org.apache.wss4j.dom.validate.Credential credential,
                                     org.apache.wss4j.dom.handler.RequestData data)
                              throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • isUseIssueBinding

        public boolean isUseIssueBinding()

      • setUseIssueBinding

        public void setUseIssueBinding​(boolean useIssueBinding)

      • isUseOnBehalfOf

        public boolean isUseOnBehalfOf()

      • setUseOnBehalfOf

        public void setUseOnBehalfOf​(boolean useOnBehalfOf)

      • getStsClient

        public STSClient getStsClient()

      • setStsClient

        public void setStsClient​(STSClient stsClient)

      • getTokenStore

        public TokenStore getTokenStore()

      • setTokenStore

        public void setTokenStore​(TokenStore tokenStore)

      • isDisableCaching

        public boolean isDisableCaching()

      • setDisableCaching

        public void setDisableCaching​(boolean disableCaching)