Package org.apache.wss4j.dom.validate

Class UsernameTokenValidator

java.lang.Object
org.apache.wss4j.dom.validate.UsernameTokenValidator
All Implemented Interfaces:
Validator
public class UsernameTokenValidator extends Object implements Validator
This class validates a processed UsernameToken, extracted from the Credential passed to the validate method.

  • Constructor Details

    • UsernameTokenValidator

      public UsernameTokenValidator()

  • Method Details

    • validate

      public Credential validate(Credential credential, RequestData data) throws WSSecurityException
      Validate the credential argument. It must contain a non-null UsernameToken. A CallbackHandler implementation is also required to be set. If the password type is either digest or plaintext, it extracts a password from the CallbackHandler and then compares the passwords appropriately. If the password is null it queries a hook to allow the user to validate UsernameTokens of this type.
      Specified by:
      validate in interface Validator
      Parameters:
      credential - the Credential to be validated
      data - the RequestData associated with the request
      Returns:
      a validated Credential
      Throws:
      WSSecurityException - on a failed validation

    • verifyCustomPassword

      protected void verifyCustomPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Verify a UsernameToken containing a password of some unknown (but specified) password type. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyPlaintextPassword case, but it in a separate protected method to allow users to override the validation of the custom password type specific case.
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyPlaintextPassword

      protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Verify a UsernameToken containing a plaintext password. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyDigestPassword case, but it in a separate protected method to allow users to override the validation of the plaintext password specific case.
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyDigestPassword

      protected void verifyDigestPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Verify a UsernameToken containing a password digest. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password.
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyUnknownPassword

      protected void verifyUnknownPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Verify a UsernameToken containing no password. An exception is thrown unless the user has explicitly allowed this use-case via WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.