Package org.apache.cxf.ws.security.wss4j

Class CryptoCoverageChecker

java.lang.Object

org.apache.cxf.phase.AbstractPhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>

org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor

org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker

All Implemented Interfaces:

org.apache.cxf.binding.soap.interceptor.SoapInterceptor, org.apache.cxf.interceptor.Interceptor<org.apache.cxf.binding.soap.SoapMessage>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.binding.soap.SoapMessage>

Direct Known Subclasses:

DefaultCryptoCoverageChecker

public class CryptoCoverageChecker
extends org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor

Utility to enable the checking of WS-Security signature/encryption coverage based on the results of the WSS4J processors. This interceptor provides an alternative to using WS-Policy based configuration for crypto coverage enforcement.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CryptoCoverageChecker.XPathExpression	A simple wrapper for an XPath expression and coverage type / scope indicating how the XPath expression should be enforced as a cryptographic coverage requirement.

Field Summary

Fields

Modifier and Type	Field	Description
protected Map<String,String>	prefixMap	Mapping of namespace prefixes to namespace URIs.
protected List<CryptoCoverageChecker.XPathExpression>	xPaths	The XPath expressions for locating elements in SOAP messages that must be covered.

Constructor Summary

Constructors

Constructor	Description
CryptoCoverageChecker()	Creates a new instance.
CryptoCoverageChecker(Map<String,String> prefixes, List<CryptoCoverageChecker.XPathExpression> xPaths)	Creates a new instance that checks for signature coverage over matches to the provided XPath expressions making defensive copies of provided arguments.

Method Summary

Modifier and Type	Method	Description
void	addPrefixes(Map<String,String> prefixes)	Adds the mapping of namespace prefixes to namespace URIs, adding to any previously set mappings.
void	addXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)	Adds the XPath expressions to check for, adding to any previously set expressions.
void	handleMessage(org.apache.cxf.binding.soap.SoapMessage message)	Checks that the WSS4J results refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
boolean	isCheckFaults()
void	setCheckFaults(boolean checkFaults)
void	setPrefixes(Map<String,String> prefixes)	Sets the mapping of namespace prefixes to namespace URIs, clearing all previously set mappings.
void	setXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)	Sets the XPath expressions to check for, clearing all previously set expressions.

Methods inherited from class org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor

getFaultCodePrefix, getRoles, getUnderstoodHeaders, prepareStackTrace

Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor

addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cxf.interceptor.Interceptor

handleFault

Field Detail

xPaths

protected List<CryptoCoverageChecker.XPathExpression> xPaths

The XPath expressions for locating elements in SOAP messages that must be covered. See prefixMap for namespace prefixes available.

prefixMap

protected Map<String,String> prefixMap

Mapping of namespace prefixes to namespace URIs.

Constructor Detail

CryptoCoverageChecker

public CryptoCoverageChecker()

Creates a new instance. See #setPrefixes() and #setXpaths() for providing configuration options.

CryptoCoverageChecker

public CryptoCoverageChecker(Map<String,String> prefixes,
                             List<CryptoCoverageChecker.XPathExpression> xPaths)

Creates a new instance that checks for signature coverage over matches to the provided XPath expressions making defensive copies of provided arguments.

Parameters:

prefixes - mapping of namespace prefixes to namespace URIs

xPaths - a list of XPath expressions

Method Detail

handleMessage

public void handleMessage(org.apache.cxf.binding.soap.SoapMessage message)
                   throws org.apache.cxf.interceptor.Fault

Checks that the WSS4J results refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.

Parameters:

message - the SOAP message containing the signature

Throws:

org.apache.cxf.binding.soap.SoapFault - if there is an error evaluating an XPath or an element is not covered by the required cryptographic operation

org.apache.cxf.interceptor.Fault

setXPaths

public final void setXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)

Sets the XPath expressions to check for, clearing all previously set expressions.

Parameters:

xpaths - the XPath expressions to check for

addXPaths

public final void addXPaths(List<CryptoCoverageChecker.XPathExpression> xpaths)

Adds the XPath expressions to check for, adding to any previously set expressions.

Parameters:

xpaths - the XPath expressions to check for

setPrefixes

public final void setPrefixes(Map<String,String> prefixes)

Sets the mapping of namespace prefixes to namespace URIs, clearing all previously set mappings.

Parameters:

prefixes - the mapping of namespace prefixes to namespace URIs

addPrefixes

public final void addPrefixes(Map<String,String> prefixes)

Adds the mapping of namespace prefixes to namespace URIs, adding to any previously set mappings.

Parameters:

prefixes - the mapping of namespace prefixes to namespace URIs

isCheckFaults

public boolean isCheckFaults()

setCheckFaults

public void setCheckFaults(boolean checkFaults)