STSLoginModule (Apache CXF Runtime WS Security 3.0.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.ws.security.trust
Class STSLoginModule

java.lang.Object
  org.apache.cxf.ws.security.trust.STSLoginModule

All Implemented Interfaces:: LoginModule

public class STSLoginModule
extends Object
implements LoginModule
extends Object
implements LoginModule

A JAAS LoginModule for authenticating a Username/Password to the STS. It can be configured either by specifying the various options (documented below) in the JAAS configuration, or else by picking up a CXF STSClient from the CXF bus (either the default one, or else one that has the same QName as the service name).

Field Summary
`static String`	`CXF_SPRING_CFG` The location of a Spring configuration file that can be used to configure the STS client (for example, to configure the TrustStore if TLS is used).
`static String`	`DISABLE_ON_BEHALF_OF` Whether to disable passing Username + Password credentials via "OnBehalfOf".
`static String`	`ENDPOINT_NAME` The Endpoint QName of the STS
`static String`	`KEY_SIZE` The default key size to use if using the SymmetricKey KeyType.
`static String`	`KEY_TYPE` The key type to use.
`static String`	`REQUIRE_ROLES` Whether we require roles or not from the STS.
`static String`	`SERVICE_NAME` The Service QName of the STS
`static String`	`TOKEN_TYPE` The token type to use.
`static String`	`WS_TRUST_NAMESPACE` The WS-Trust namespace to use.
`static String`	`WSDL_LOCATION` The WSDL Location of the STS

Constructor Summary
`STSLoginModule()`

Method Summary
`boolean`	`abort()`
`boolean`	`commit()`
`void`	`initialize(Subject subj, CallbackHandler cbHandler, Map<String,?> sharedState, Map<String,?> options)`
`boolean`	`login()`
`boolean`	`logout()`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

REQUIRE_ROLES

public static final String REQUIRE_ROLES

Whether we require roles or not from the STS. If this is not set then the WS-Trust validate binding is used. If it is set then the issue binding is used, where the Username + Password credentials are passed via "OnBehalfOf" (unless the DISABLE_ON_BEHALF_OF property is set to "true", see below). In addition, claims are added to the request for the standard "role" ClaimType.

See Also:: Constant Field Values

DISABLE_ON_BEHALF_OF

public static final String DISABLE_ON_BEHALF_OF

Whether to disable passing Username + Password credentials via "OnBehalfOf". If the REQUIRE_ROLES property (see above) is set to "true", then the Issue Binding is used and the credentials are passed via OnBehalfOf. If this (DISABLE_ON_BEHALF_OF) property is set to "true", then the credentials instead are passed through to the WS-SecurityPolicy layer and used depending on the security policy of the STS endpoint. For example, if the STS endpoint requires a WS-Security UsernameToken, then the credentials are inserted here.

See Also:: Constant Field Values

WSDL_LOCATION

public static final String WSDL_LOCATION

The WSDL Location of the STS

See Also:: Constant Field Values

SERVICE_NAME

public static final String SERVICE_NAME

The Service QName of the STS

See Also:: Constant Field Values

ENDPOINT_NAME

public static final String ENDPOINT_NAME

The Endpoint QName of the STS

See Also:: Constant Field Values

KEY_SIZE

public static final String KEY_SIZE

The default key size to use if using the SymmetricKey KeyType. Defaults to 256.

See Also:: Constant Field Values

KEY_TYPE

public static final String KEY_TYPE

The key type to use. The default is the standard "Bearer" URI.

See Also:: Constant Field Values

TOKEN_TYPE

public static final String TOKEN_TYPE

The token type to use. The default is the standard SAML 2.0 URI.

See Also:: Constant Field Values

WS_TRUST_NAMESPACE

public static final String WS_TRUST_NAMESPACE

The WS-Trust namespace to use. The default is the WS-Trust 1.3 namespace.

See Also:: Constant Field Values

CXF_SPRING_CFG

public static final String CXF_SPRING_CFG

The location of a Spring configuration file that can be used to configure the STS client (for example, to configure the TrustStore if TLS is used). This is designed to be used if the service that is being secured is not CXF-based.

See Also:: Constant Field Values

Constructor Detail

STSLoginModule

public STSLoginModule()

Method Detail

initialize

public void initialize(Subject subj,
                       CallbackHandler cbHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Specified by:: initialize in interface LoginModule

login

public boolean login()
              throws LoginException

Specified by:: login in interface LoginModule

Throws:: LoginException

commit

public boolean commit()
               throws LoginException

Specified by:: commit in interface LoginModule

Throws:: LoginException

abort

public boolean abort()
              throws LoginException

Specified by:: abort in interface LoginModule

Throws:: LoginException

logout

public boolean logout()
               throws LoginException

Specified by:: logout in interface LoginModule

Throws:: LoginException