|
PicketLink Federation Core 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.picketlink.identity.federation.core.wstrust.handlers.STSSecurityHandler
public abstract class STSSecurityHandler
STSSecurityHandler is a server-side JAX-WS SOAP Protocol handler that will extract a Security Token from the SOAP Security Header and validate the token with the configured Security Token Service (STS).
This class is abstract to simpify is usage as the intention is for a handler to be specified in a server side handler chain. Here different Security Header specifications and security token specifications can be specified using class names instead of using properties which would force users to finding and setting the correct namespaces. Hopefully this will be easier and less error prone.getSecurityElementQName()
This should return the qualified name of the security header. This lets us support
different versions.getTokenElementQName()
This should return the qualified name of the security token element that should exist in
the security header. This lets us support different tokens that can be validated with the configured STS.
<?xml version="1.0" encoding="UTF-8"?>
<jws:handler-config xmlns:jws="http://java.sun.com/xml/ns/javaee">
<jws:handler-chains>
<jws:handler-chain>
<jws:handler>
<jws:handler-class>org.picketlink.identity.federation.core.wstrust.handlers.STSSaml20Handler</jws:handler-class>
</jws:handler>
</jws:handler-chain>
</jws:handler-chains>
</jws:handler-config>
This class uses STSClient
to interact with an STS. By default the configuration properties are set in a file named
STSClientConfig.DEFAULT_CONFIG_FILE
. This can be overridden by specifying environment entries in a deployment
descriptor.
For example in web.xml:
<env-entry>
<env-entry-name>STSClientConfig</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>/sts-client.properties</env-entry-value>
</env-entry>
Username and password for the STS can be configured as shown above in the sts-client.properties file. But it may also be
specified by a handler earlier in the handlerchain. Such a handler is expected to extract the username and password for the
desired location and put these values into the SOAPMessageContext using: USERNAME_MSG_CONTEXT_PROPERTY
PASSWORD_MSG_CONTEXT_PROPERTY
Field Summary | |
---|---|
protected static PicketLinkLogger |
logger
|
static String |
PASSWORD_MSG_CONTEXT_PROPERTY
Constant that can be used by handlers to set the password in the SOAPMessageContext. |
static String |
USERNAME_MSG_CONTEXT_PROPERTY
Constant that can be used by handlers to set the username in the SOAPMessageContext. |
Constructor Summary | |
---|---|
STSSecurityHandler()
|
Method Summary | |
---|---|
void |
close(MessageContext messageContext)
|
Set<QName> |
getHeaders()
|
abstract QName |
getSecurityElementQName()
Subclasses can return the QName of the Security header element in usage. |
abstract QName |
getTokenElementQName()
Subclasses can return the QName of the Security Element that should be used as the token for validation. |
boolean |
handleFault(SOAPMessageContext messageContext)
|
boolean |
handleMessage(SOAPMessageContext messageContext)
Will process in-bound messages and extract a security token from the SOAP Header. |
void |
parseSTSConfig()
Post construct will be called when the handler is deployed. |
void |
setConfigFile(String configFile)
This setter enables the injection of the jboss-sts-client.properties file path. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final PicketLinkLogger logger
public static final String USERNAME_MSG_CONTEXT_PROPERTY
public static final String PASSWORD_MSG_CONTEXT_PROPERTY
Constructor Detail |
---|
public STSSecurityHandler()
Method Detail |
---|
public abstract QName getSecurityElementQName()
public abstract QName getTokenElementQName()
@PostConstruct public void parseSTSConfig()
WebServiceException
public boolean handleMessage(SOAPMessageContext messageContext)
handleMessage
in interface Handler<SOAPMessageContext>
messageContext
- The messageContext
.
WebServiceException
- If the security token could not be validated.public Set<QName> getHeaders()
getHeaders
in interface SOAPHandler<SOAPMessageContext>
public boolean handleFault(SOAPMessageContext messageContext)
handleFault
in interface Handler<SOAPMessageContext>
public void close(MessageContext messageContext)
close
in interface Handler<SOAPMessageContext>
public void setConfigFile(String configFile)
configFile
-
|
PicketLink Federation Core 2.1.6.Final-redhat-2 | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |