Package org.apache.cxf.ws.security.wss4j
Class AbstractUsernameTokenAuthenticatingInterceptor
- java.lang.Object
-
- org.apache.wss4j.dom.handler.WSHandler
-
- org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
-
- org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
-
- org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor
-
- All Implemented Interfaces:
org.apache.cxf.binding.soap.interceptor.SoapInterceptor,org.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>,org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>
public abstract class AbstractUsernameTokenAuthenticatingInterceptor extends WSS4JInInterceptor
Base class providing an extensibility point for populating javax.security.auth.Subject from a current UsernameToken. WSS4J requires a password for validating digests which may not be available when external security systems provide for the authentication. This class implements WSS4J Processor interface so that it can delegate a UsernameToken validation to an external system. In order to handle digests, this class currently creates a new WSS4J Security Engine for every request. If clear text passwords are expected then a supportDigestPasswords boolean property with a false value can be used to disable creating security engines. Note that if a UsernameToken containing a clear text password has been encrypted then an application is expected to provide a password callback handler for decrypting the token only.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected classAbstractUsernameTokenAuthenticatingInterceptor.CustomValidator
-
Field Summary
-
Fields inherited from class org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
PROCESSOR_MAP, SAML_ROLE_ATTRIBUTENAME_DEFAULT, SECURITY_PROCESSED, VALIDATOR_MAP
-
-
Constructor Summary
Constructors Constructor Description AbstractUsernameTokenAuthenticatingInterceptor()AbstractUsernameTokenAuthenticatingInterceptor(Map<String,Object> properties)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract SubjectcreateSubject(String name, String password, boolean isDigest, String nonce, String created)Create a Subject representing a current user and its roles.protected org.apache.cxf.security.SecurityContextdoCreateSecurityContext(Principal p, Subject subject)Creates default SecurityContext which implements isUserInRole using the following approach : skip the first Subject principal, and then check optional Groups the principal is a member of.protected voiddoResults(org.apache.cxf.binding.soap.SoapMessage msg, String actor, Element soapHeader, Element soapBody, org.apache.wss4j.dom.handler.WSHandlerResult wsResult, boolean utWithCallbacks)protected org.apache.wss4j.dom.engine.WSSecurityEnginegetSecurityEngine(boolean utNoCallbacks)booleangetSupportDigestPasswords()voidhandleMessage(org.apache.cxf.binding.soap.SoapMessage msg)protected voidsetSubject(String name, String password, boolean isDigest, String nonce, String created)voidsetSupportDigestPasswords(boolean support)-
Methods inherited from class org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
advanceBody, checkActions, computeAction, configureReplayCaches, getCallback, getCallback, getProperty, getReplayCache, isGET, isNonceCacheRequired, isSamlCacheRequired, isTimestampCacheRequired, setAlgorithmSuites, setIgnoreActions
-
Methods inherited from class org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor
getAdditionalInterceptors, getAfter, getBefore, getId, getOption, getPassword, getPhase, getProperties, getRoles, getUnderstoodHeaders, handleFault, isRequestor, loadCryptoFromPropertiesFile, postHandleMessage, setId, setPassword, setPhase, setProperties, setProperty, setProperty, translateProperties
-
Methods inherited from class org.apache.wss4j.dom.handler.WSHandler
checkReceiverResults, checkReceiverResultsAnyOrder, checkSignatureConfirmation, decodeAlgorithmSuite, decodeBooleanConfigValue, decodeDecryptionParameter, decodeEncryptionParameter, decodeFutureTimeToLive, decodePasswordType, decodeSignatureParameter, decodeSignatureParameter2, decodeTimeToLive, decodeUTParameter, doReceiverAction, doSenderAction, getCallbackHandler, getClassLoader, getPasswordCallbackHandler, getPasswordCB, getPasswordEncryptor, getString, getStringOption, loadCrypto, loadDecryptionCrypto, loadEncryptionCrypto, loadSignatureCrypto, loadSignatureVerificationCrypto
-
-
-
-
Method Detail
-
setSupportDigestPasswords
public void setSupportDigestPasswords(boolean support)
-
getSupportDigestPasswords
public boolean getSupportDigestPasswords()
-
handleMessage
public void handleMessage(org.apache.cxf.binding.soap.SoapMessage msg) throws org.apache.cxf.interceptor.Fault- Specified by:
handleMessagein interfaceorg.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>- Overrides:
handleMessagein classWSS4JInInterceptor- Throws:
org.apache.cxf.interceptor.Fault
-
doResults
protected void doResults(org.apache.cxf.binding.soap.SoapMessage msg, String actor, Element soapHeader, Element soapBody, org.apache.wss4j.dom.handler.WSHandlerResult wsResult, boolean utWithCallbacks) throws javax.xml.soap.SOAPException, XMLStreamException, org.apache.wss4j.common.ext.WSSecurityException- Overrides:
doResultsin classWSS4JInInterceptor- Throws:
javax.xml.soap.SOAPExceptionXMLStreamExceptionorg.apache.wss4j.common.ext.WSSecurityException
-
doCreateSecurityContext
protected org.apache.cxf.security.SecurityContext doCreateSecurityContext(Principal p, Subject subject)
Creates default SecurityContext which implements isUserInRole using the following approach : skip the first Subject principal, and then check optional Groups the principal is a member of. Subclasses can override this method and implement a custom strategy instead- Parameters:
p- principalsubject- subject- Returns:
- security context
-
setSubject
protected void setSubject(String name, String password, boolean isDigest, String nonce, String created) throws org.apache.wss4j.common.ext.WSSecurityException
- Throws:
org.apache.wss4j.common.ext.WSSecurityException
-
createSubject
protected abstract Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException
Create a Subject representing a current user and its roles. This Subject is expected to contain at least one Principal representing a user and optionally followed by one or more principal Groups this user is a member of. It will also be available in doCreateSecurityContext.- Parameters:
name- usernamepassword- passwordisDigest- true if a password digest is usednonce- optional noncecreated- optional timestamp- Returns:
- subject
- Throws:
SecurityException
-
getSecurityEngine
protected org.apache.wss4j.dom.engine.WSSecurityEngine getSecurityEngine(boolean utNoCallbacks)
- Overrides:
getSecurityEnginein classWSS4JInInterceptor- Returns:
- the WSSecurityEngine in use by this interceptor.
-
-