|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.ws.security.handler.WSHandlerConstants
public class WSHandlerConstants
This class defines the names, actions, and other string for the deployment data of the WSS handler. Both the Axis handler as well as the JAX-RPC handler use this class.
Field Summary | |
---|---|
static java.lang.String |
ACTION
The action parameter. |
static java.lang.String |
ACTOR
The actor name of the wsse:Security header. |
static java.lang.String |
ADD_UT_ELEMENTS
Parameter to generate additional elements in UsernameToken . |
static java.lang.String |
DEC_PROP_FILE
The name of the crypto propterty file to use for SOAP Decryption. |
static java.lang.String |
DEC_PROP_REF_ID
The key that hold the refernce of the java.util.Properties
object holding complete info about decryption Crypto implementation. |
static java.lang.String |
ENABLE_SIGNATURE_CONFIRMATION
Whether to enable signatureConfirmation or not By default signatureConfirmation is enabled |
static java.lang.String |
ENC_CALLBACK_CLASS
This parameter works in the same way as PW_CALLBACK_CLASS but
the Axis WSS4J handler uses it to get the key associated with a key name. |
static java.lang.String |
ENC_CALLBACK_REF
This parameter works in the same way as PW_CALLBACK_REF but
the Axis WSS4J handler uses it to get the key associated with a key name. |
static java.lang.String |
ENC_KEY_ID
Defines which key identifier type to use. |
static java.lang.String |
ENC_KEY_NAME
Text of the key name that needs to be sent |
static java.lang.String |
ENC_KEY_TRANSPORT
Defines which algorithm to use to encrypt the generated symmetric key. |
static java.lang.String |
ENC_PROP_FILE
The name of the crypto propterty file to use for SOAP Encryption. |
static java.lang.String |
ENC_PROP_REF_ID
The key that hold the refernce of the java.util.Properties object holding complete info about
encryption Crypto implementation. |
static java.lang.String |
ENC_SYM_ALGO
Defines which symmetric encryption algorithm to use. |
static java.lang.String |
ENCRYPT
Perform Encryption. |
static java.lang.String |
ENCRYPTION_PARTS
Parameter to define which parts of the request shall be encrypted. |
static java.lang.String |
ENCRYPTION_USER
The user's name for encryption. |
static java.util.Map |
keyIdentifier
Define the parameter values to set the key identifier types. |
static java.lang.String |
MUST_UNDERSTAND
Sets the mustUnderstand flag. |
static java.lang.String |
NO_SECURITY
Perform nothing. |
static java.lang.String |
NO_SERIALIZATION
Supress the serialization of the SOAP message. |
static java.lang.String |
PASSWORD_TYPE
Specific parameter for UsernameToken action to define the encoding of the passowrd. |
static java.lang.String |
PW_CALLBACK_CLASS
The Axis WSS4J handlers provide several ways to get the password required to construct a username token or to sign a message. |
static java.lang.String |
PW_CALLBACK_REF
An application may set an object reference to an object that implements the CallbackHandler interface. |
static java.lang.String |
RECEIVE
|
static java.lang.String |
RECV_RESULTS
The WSDoAllReceiver handler stores a result Vector
in this property. |
static java.lang.String |
ROLE
The role name of the wsse:Security header. |
static java.lang.String |
SAML_PROP_FILE
The name of the SAML Issuer factory property file. |
static java.lang.String |
SAML_TOKEN_SIGNED
|
static java.lang.String |
SAML_TOKEN_UNSIGNED
Perform a SAML Token identification. |
static java.lang.String |
SEND
|
static java.lang.String |
SEND_SIGV
|
static java.lang.String |
SIG_ALGO
Defines which signature algorithm to use. |
static java.lang.String |
SIG_CONF_DONE
|
static java.lang.String |
SIG_KEY_ID
Defines which key identifier type to use. |
static java.lang.String |
SIG_PROP_FILE
The name of the crypto propterty file to use for SOAP Signature. |
static java.lang.String |
SIG_PROP_REF_ID
The key that hold the refernce of the java.util.Properties
object holding complete info about signature Crypto implementation. |
static java.lang.String |
SIGN_WITH_UT_KEY
Use this to use a specific signature mechanism for .Net. |
static java.lang.String |
SIGNATURE
Perform Signature. |
static java.lang.String |
SIGNATURE_PARTS
Parameter to define which parts of the request shall be signed. |
static java.lang.String |
SND_SECURITY
This is an interal property name to support handler chaining. |
static java.lang.String |
TIMESTAMP
Add a timestamp to the security header. |
static java.lang.String |
TIMESTAMP_PRECISION
Should timestamps have precision in milliseconds |
static java.lang.String |
TIMESTAMP_STRICT
Set the value of this parameter to true to enable strict timestamp handling. |
static java.lang.String |
TTL_TIMESTAMP
Time-To-Live is the time difference between creation and expiry time in the WSS Timestamp. |
static java.lang.String |
USE_REQ_SIG_CERT
Specifying this name as ENCRYPTION_USER
triggers a special action to get the public key to use for encryption. |
static java.lang.String |
USER
The user's name. |
static java.lang.String |
USERNAME_TOKEN
Perform a UsernameToken identification only. |
Constructor Summary | |
---|---|
WSHandlerConstants()
|
Method Summary |
---|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String ACTION
<handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="UsernameToken"/> ...orders the handler to attach a
UsernameToken
to the SOAP
enevelope. It is a blank separated list of actions to perform.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting)
public static final java.lang.String SEND
public static final java.lang.String RECEIVE
public static final java.lang.String NO_SECURITY
public static final java.lang.String USERNAME_TOKEN
public static final java.lang.String SAML_TOKEN_UNSIGNED
public static final java.lang.String SAML_TOKEN_SIGNED
public static final java.lang.String SIGNATURE
public static final java.lang.String ENCRYPT
public static final java.lang.String TIMESTAMP
public static final java.lang.String NO_SERIALIZATION
Document
in the
Axis message context with the property name SND_SECURITY
.
A chained handler can retrieve the SOAP message and process it. The
last handler in the chain must set the processed SOAP message as
current message in Axis message context.
public static final java.lang.String SIGN_WITH_UT_KEY
public static final java.lang.String SND_SECURITY
public static final java.lang.String ACTOR
wsse:Security
header.
If this parameter is omitted, the actor name is not set. Please
refer to Constants.ATTR_ACTOR
and Constants.ATTR_ROLE
about the parameter names. They are set to "actor"
and "role"
respectively.
The value of the actor or role has to match the receiver's setting
or may contain standard values.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ACTOR, "ActorName");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
Constants.URI_SOAP11_NEXT_ACTOR
,
Constants.URI_SOAP12_NEXT_ROLE
,
Constant Field Valuespublic static final java.lang.String ROLE
wsse:Security
header.
This is used for SOAP 1.2. Refer also to ACTOR
.
public static final java.lang.String MUST_UNDERSTAND
mustUnderstand
flag.
If the parameter has the value 1
or true
the mustUnderstand
is set.
The values 0
or false
supress the
flag.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.MUST_UNDERSTAND, "false");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). The default setting is
true
Please refer to Constants.ATTR_MUST_UNDERSTAND
about the parameter name ("mustUnderstand"
).
public static final java.lang.String USER
UsernameToken
.
ENCRYPTION_USER
is not used.
... call.setUsername("name"); call.setPassword("WSS4Java"); ...The user parameter in the deployment descritor (WSDD) file overwrites the application's setting. For an additional way to set the password refer to
PW_CALLBACK_CLASS
and PW_CALLBACK_REF
.
If the security functions uses the username from the message context, it
clears the username from the message context
after they copied it. This prevents sending of the username in the
HTTP header.
In this case the HTTP authentication mechansisms do not work
anymore. User authentication shall be done via the username token or
the certificate verification of the signature certificate.
public static final java.lang.String PW_CALLBACK_CLASS
WSPasswordCallback
for more information
about this feature.
setPassword
function of the Call
.
CallbackHandler
interface.
The callback function
CallbackHandler.handle(javax.security.auth.callback.Callback[])
gets an array of WSPasswordCallback
objects. Only the first entry of the array is used. This object
contains the username/keyname as identifier. The callback handler must
set the password or key associated with this identifier before it returns.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, "PWCallbackClass");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). Refer also to comment in
USER
about HTTP authentication
functions.
public static final java.lang.String PW_CALLBACK_REF
CallbackHandler
interface.
Only the application can set this property using:
call.setProperty(WSHandlerConstants.PW_CALLBACK_REF, anPWCallbackObject);Refer to
PW_CALLBACK_CLASS
for further information about
password callback handling and the priority of the different
methods.
Note: every handler that preceeds this handler in the chain can set
this property too. This may be useful on the server side.
public static final java.lang.String ENCRYPTION_USER
USER
parameter to get the
certificate.
If only encryption of the SOAP body data is requested,
it is recommended to use this parameter to define the username.
The application can then use the standard user and password
functions (see example at USER
to enable HTTP authentication
functions.
Encryption only does not authenticate a user / sender, therefore it
does not need a password.
Placing the username of the encryption certficate in the WSDD is not
a security risk, because the public key of that certificate is used
only.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENCYRPTION_USER, "encryptionuser");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String USE_REQ_SIG_CERT
ENCRYPTION_USER
triggers a special action to get the public key to use for encryption.
The handler uses the public key of the sender's certificate. Using this
way to define an encryption key simplifies certificate management to
a large extend.
public static final java.lang.String ENC_CALLBACK_CLASS
PW_CALLBACK_CLASS
but
the Axis WSS4J handler uses it to get the key associated with a key name.
public static final java.lang.String ENC_CALLBACK_REF
PW_CALLBACK_REF
but
the Axis WSS4J handler uses it to get the key associated with a key name.
public static final java.lang.String ENC_KEY_NAME
public static final java.lang.String SIG_PROP_FILE
Crypto
interface implementation the property file must contain the property
org.apache.ws.security.crypto.provider
. The value of
this property is the classname of the implementation class.
The following line defines the standard implementation:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.MerlinThe other contents of the property file depend on the implementation of the
Crypto
interface implementation.
The property file of the standard implementation
Merlin
uses
the following properties:
org.apache.ws.security.crypto.provider org.apache.ws.security.crypto.merlin.file org.apache.ws.security.crypto.merlin.keystore.type org.apache.ws.security.crypto.merlin.keystore.provider org.apache.ws.security.crypto.merlin.keystore.password org.apache.ws.security.crypto.merlin.keystore.alias org.apache.ws.security.crypto.merlin.cert.providerThe entries are:
org.apache.ws.security.crypto.provider
see
description above
org.apache.ws.security.crypto.merlin.file
The path to the keystore file. At first the classloader tries to load
this file, if this fails the implementations performs a file system
lookup.
org.apache.ws.security.crypto.merlin.keystore.type
The keystore type, for example JKS
for the Java key store.
Other keystore type, such as pkcs12
are also possible but depend
on the actual Crypto
implementation.
org.apache.ws.security.crypto.merlin.keystore.password
The password to read the keystore. If this property is not set, then
the pwcallback
property must be defined.
call.setProperty(WSHandlerConstants.SIG_PROP_FILE, "myCrypto.properties");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). If a property file is not set and a signature is requested, the handler throws an
AxisFault
.
public static final java.lang.String SIG_PROP_REF_ID
java.util.Properties
object holding complete info about signature Crypto implementation.
This should contain all information that would contain in an equivalent
.properties file which includes the Crypto implementation class name.
Refer to documentation of SIG_PROP_FILE
.
public static final java.lang.String RECV_RESULTS
Vector
in this property.
The vector contains WSDoAllReceiverResult
objects
for each chained WSDoAllReceiver handler.
public static final java.lang.String DEC_PROP_FILE
SIG_PROP_FILE
.
Refer to SIG_PROP_FILE
for a detail description
about the format and how to use this property file.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.DEC_PROP_FILE, "myCrypto.properties");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). If this parameter is not used, but the signature crypto property file is defined (combined Encryption/Signature action), then the encryption function uses that file. Otherwise the handler throws an
AxisFault
.
public static final java.lang.String DEC_PROP_REF_ID
java.util.Properties
object holding complete info about decryption Crypto implementation. This
should contain all information that would contain in an equivalent
.properties file which includes the Crypto implementation class name.
Refer to documentation of DEC_PROP_FILE
.
public static final java.lang.String PASSWORD_TYPE
WSConstants.PW_DIGEST
or to WSConstants.PW_TEXT
.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). The default setting is PW_DIGEST.
public static final java.lang.String ADD_UT_ELEMENTS
UsernameToken
.
The value of this parameter is a list of element names that are added
to the UsernameToken. The names of the list a separated by spaces.
The list may containe the names nonce
and
created
only. Use this option if the password type is
passwordText
and the handler shall add the Nonce
and/or Created
elements.
public static final java.lang.String SIG_KEY_ID
IssuerSerial
. For
possible signature key identifier types refer to
keyIdentifier
. For signature IssuerSerial
and DirectReference
are valid only.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.SIG_KEY_ID, "DirectReference");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String SIG_ALGO
call.setProperty(WSHandlerConstants.SIG_ALGO, "SHA1RSA");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String SIGNATURE_PARTS
ENCRYPTION_PARTS
for a detailed description of
the format of the value string.
If this parameter is not specified the handler signs the SOAP Body
by default.
The WS Security specifications define several formats to transfer the
signature tokens (certificates) or references to these tokens.
Thus, the plain element name Token
signs the token and takes care of the different format.
To sign the SOAP body and the signature token the value of this
parameter must contain:
<parameter name="signatureParts" value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body; Token" />To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If there is no other element in the request with a local name of
Body
then the SOAP namespace identifier can be empty
({}
).
public static final java.lang.String ENC_PROP_FILE
SIG_PROP_FILE
.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_PROP_FILE, "myCrypto.properties");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting). If this parameter is not used, but the signature crypto property file is defined (combined Encryption/Signature action), then the encryption function uses signature property file. Otherwise the handler throws an
AxisFault
.
public static final java.lang.String ENC_PROP_REF_ID
java.util.Properties
object holding complete info about
encryption Crypto implementation. This should contain all information
that would contain in an equivalent .properties file which includes the
Crypto implementation class name.
Refer to documentation of DEC_PROP_FILE
.
public static final java.lang.String ENC_KEY_ID
IssuerSerial
. For
possible encryption key identifier types refer to
keyIdentifier
. For encryption IssuerSerial
,
X509KeyIdentifier
, DirectReference
,
Thumbprint
, SKIKeyIdentifier
, and
EmbeddedKeyName
are valid only.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_KEY_ID, "X509KeyIdentifier");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String ENC_SYM_ALGO
WSConstants.TRIPLE_DES
,
WSConstants.AES_128
, WSConstants.AES_256
,
and WSConstants.AES_192
. Except for AES 192 all of these
algorithms are required by the XML Encryption specification.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_SYM_ALGO, WSConstants.AES_256);However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String ENC_KEY_TRANSPORT
WSConstants.KEYTRANSPORT_RSA15
only.
The application may set this parameter using the following method:
call.setProperty(WSHandlerConstants.ENC_KEY_TRANSPORT, "RSA15");However, the parameter in the WSDD deployment file overwrites the property setting (deployment setting overwrites application setting).
public static final java.lang.String ENCRYPTION_PARTS
{Content}
or
{Element}
. Please refer to the W3C XML Encryption
specification about the differences between Element and Content
encryption. The encryption mode defaults to Content
if it is omitted. Example of a list:
<parameter name="encryptionParts" value="{Content}{http://example.org/paymentv2}CreditCard; {Element}{}UserName" />The the first entry of the list identifies the element
CreditCard
in the namespace
http://example.org/paymentv2
, and will encrypt its content.
Be aware that the element name, the namespace identifier, and the
encryption modifier are case sensitive.
The encryption modifier and the namespace identifier can be ommited.
In this case the encryption mode defaults to Content
and
the namespace is set to the SOAP namespace.
An empty encryption mode defaults to Content
, an empty
namespace identifier defaults to the SOAP namespace.
The second line of the example defines Element
as
encryption mode for an UserName
element in the SOAP
namespace.
To specify an element without a namespace use the string
Null
as the namespace name (this is a case sensitive
string)
If no list is specified, the handler encrypts the SOAP Body in
Content
mode by default.
public static final java.lang.String SAML_PROP_FILE
public static final java.lang.String TTL_TIMESTAMP
public static final java.lang.String ENABLE_SIGNATURE_CONFIRMATION
public static final java.lang.String TIMESTAMP_PRECISION
public static final java.lang.String TIMESTAMP_STRICT
Expires
element and the semantics of the request are
expired, i.e. the current time at the receiver is past the expires time.
public static java.util.Map keyIdentifier
DirectReference
for WSConstants.BST_DIRECT_REFERENCE
IssuerSerial
for WSConstants.ISSUER_SERIAL
X509KeyIdentifier
for WSConstants.X509_KEY_IDENTIFIER
SKIKeyIdentifier
for WSConstants.SKI_KEY_IDENTIFIER
EmbeddedKeyName
for WSConstants.EMBEDDED_KEYNAME
Thumbprint
for WSConstants.THUMBPRINT
SIG_KEY_ID
ENC_KEY_ID
.
public static final java.lang.String SEND_SIGV
public static final java.lang.String SIG_CONF_DONE
Constructor Detail |
---|
public WSHandlerConstants()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |