Package org.apache.wss4j.dom.engine

Class WSSecurityEngine

java.lang.Object
org.apache.wss4j.dom.engine.WSSecurityEngine
public class WSSecurityEngine extends Object
WS-Security Engine.

  • Constructor Details

    • WSSecurityEngine

      public WSSecurityEngine()

  • Method Details

    • getWssConfig

      public final WSSConfig getWssConfig()
      Returns:
      the WSSConfig object set on this instance

    • setWssConfig

      public final WSSConfig setWssConfig(WSSConfig cfg)
      Parameters:
      cfg - the WSSConfig instance for this WSSecurityEngine to use
      Returns:
      the WSSConfig instance previously set on this WSSecurityEngine instance

    • setCallbackLookup

      public void setCallbackLookup(CallbackLookup callbackLookup)
      Set the CallbackLookup object to use to locate elements
      Parameters:
      callbackLookup - the CallbackLookup object to use to locate elements

    • getCallbackLookup

      public CallbackLookup getCallbackLookup()
      Get the CallbackLookup object to use to locate elements
      Returns:
      the CallbackLookup object to use to locate elements

    • processSecurityHeader

      public WSHandlerResult processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto crypto) throws WSSecurityException
      Process the security header given the soap envelope as W3C document.

      This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

      Parameters:
      doc - the SOAP envelope as Document
      actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
      crypto - the object that implements the access to the keystore and the handling of certificates.
      Returns:
      a WSHandlerResult Object containing the results of processing the security header
      Throws:
      WSSecurityException
      See Also:
      • WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto)

    • processSecurityHeader

      public WSHandlerResult processSecurityHeader(Document doc, String actor, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto) throws WSSecurityException
      Process the security header given the soap envelope as W3C document.

      This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

      Parameters:
      doc - the SOAP envelope as Document
      actor - the engine works on behalf of this actor. Refer to the SOAP specification about actor or role
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
      sigVerCrypto - the object that implements the access to the keystore and the handling of certificates for Signature verification
      decCrypto - the object that implements the access to the keystore and the handling of certificates for Decryption
      Returns:
      a WSHandlerResult Object containing the results of processing the security header
      Throws:
      WSSecurityException
      See Also:
      • WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto)

    • processSecurityHeader

      public WSHandlerResult processSecurityHeader(Element securityHeader, String actor, CallbackHandler cb, Crypto sigVerCrypto, Crypto decCrypto) throws WSSecurityException
      Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

      Currently the functions can handle the following child elements:

      • ds:Signature
      • xenc:EncryptedKey
      • xenc:ReferenceList
      • wsse:UsernameToken
      • wsu:Timestamp
      Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.
      Parameters:
      securityHeader - the wsse:Security header element
      cb - a callback hander to the caller to resolve passwords during encryption and UsernameToken handling
      sigVerCrypto - the object that implements the access to the keystore and the handling of certificates used for Signature verification
      decCrypto - the object that implements the access to the keystore and the handling of certificates used for Decryption
      Returns:
      a WSHandlerResult Object containing the results of processing the security header
      Throws:
      WSSecurityException

    • processSecurityHeader

      public WSHandlerResult processSecurityHeader(Document doc, RequestData requestData) throws WSSecurityException
      Process the security header given the soap envelope as W3C document.

      This is the main entry point to verify or decrypt a SOAP envelope. First check if a wsse:Security is available with the defined actor.

      Parameters:
      doc - the SOAP envelope as Document
      requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing
      Returns:
      a WSHandlerResult Object containing the results of processing the security header
      Throws:
      WSSecurityException

    • processSecurityHeader

      public WSHandlerResult processSecurityHeader(Element securityHeader, RequestData requestData) throws WSSecurityException
      Process the security header given the wsse:Security DOM Element. This function loops over all direct child elements of the wsse:Security header. If it finds a known element, it transfers control to the appropriate handling function. The method processes the known child elements in the same order as they appear in the wsse:Security element. This is in accordance to the WS Security specification.

      Currently the functions can handle the following child elements:

      • ds:Signature
      • xenc:EncryptedKey
      • xenc:ReferenceList
      • wsse:UsernameToken
      • wsu:Timestamp
      Note that additional child elements can be processed if appropriate Processors have been registered with the WSSCondig instance set on this class.
      Parameters:
      securityHeader - the wsse:Security header element
      requestData - the RequestData associated with the request. It should be able to provide the callback handler, cryptos, etc... as needed by the processing
      Returns:
      a WSHandlerResult Object containing the results of processing the security header
      Throws:
      WSSecurityException