File Doc Category Size Date Package
SecurityPolicyValidator.java API Doc Example 16086 Thu Jul 19 02:00:08 BST 2007 com.sun.xml.ws.security.impl.policy

SecurityPolicyValidator

java.lang.Object

public class SecurityPolicyValidator extends Object implements com.sun.xml.ws.policy.spi.PolicyAssertionValidator

author: K.Venugopal@sun.com

Fields Summary
private static final ArrayList
supportedAssertions
Constructors Summary
public SecurityPolicyValidator()
Creates a new instance of SecurityPolicyValidator. To be used by appropriate service finder
supportedAssertions.add(new QName(SECURITY_POLICY_NS,CanonicalizationAlgorithm)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic128)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,TripleDes)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,TripleDesRsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic256Sha256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192Sha256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic128Sha256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192Sha256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,TripleDesSha256)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic256Sha256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic192Sha256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Basic128Sha256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,TripleDesSha256Rsa15)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,InclusiveC14N)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,InclusiveC14NWithComments)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,ExclusiveC14NWithComments)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,InclusiveC14NWithComments)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,ExclusiveC14NWithComments)); // supportedAssertions.add(new QName(SECURITY_POLICY_NS,SoapNormalization10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,STRTransform10)); //supportedAssertions.add(new QName(SECURITY_POLICY_NS,XPath10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,XPathFilter20)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Strict)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Lax)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,LaxTsFirst)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,LaxTsLast)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,IncludeTimestamp)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,EncryptBeforeSigning)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,EncryptSignature)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,ProtectTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,OnlySignEntireHeadersAndBody)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Body)); //supportedAssertions.add(new QName(SECURITY_POLICY_NS,Header)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,XPath)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssUsernameToken10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssUsernameToken11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,Issuer)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequestSecurityTokenTemplate)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireDerivedKeys)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireExternalReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireInternalReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireKeyIdentifierReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireIssuerSerialReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireEmbeddedTokenReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireThumbprintReference)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509V1Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509V3Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509Pkcs7Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509PkiPathV1Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509V1Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509V3Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509Pkcs7Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssX509PkiPathV1Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssKerberosV5ApReqToken11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssGssKerberosV5ApReqToken11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,SC10SecurityContextToken)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssSamlV10Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssSamlV11Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssSamlV10Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssSamlV11Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssSamlV20Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssRelV10Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssRelV20Token10)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssRelV10Token11)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,WssRelV20Token11)); //supportedAssertions.add(new QName(SECURITY_POLICY_NS,X509V3Token)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,SupportingTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,SignedSupportingTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,EndorsingSupportingTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,SignedEndorsingSupportingTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefKeyIdentifier)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefIssuerSerial)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefExternalURI)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefEmbeddedToken)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefKeyIdentifier)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefIssuerSerial)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefExternalURI)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefEmbeddedToken)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefThumbprint)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportRefEncryptedKey)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportClientChallenge)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportServerChallenge)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireClientEntropy)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,RequireServerEntropy)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,MustSupportIssuedTokens)); supportedAssertions.add(new QName(SECURITY_POLICY_NS,NoPassword)); supportedAssertions.add(new QName(TRUST_NS,RequestSecurityToken)); supportedAssertions.add(new QName(TRUST_NS,RequestType)); supportedAssertions.add(new QName(TRUST_NS,TokenType)); supportedAssertions.add(new QName(TRUST_NS,AuthenticationType)); supportedAssertions.add(new QName(TRUST_NS,OnBehalfOf)); supportedAssertions.add(new QName(TRUST_NS,KeyType)); supportedAssertions.add(new QName(TRUST_NS,KeySize)); supportedAssertions.add(new QName(TRUST_NS,SignatureAlgorithm)); supportedAssertions.add(new QName(TRUST_NS,EncryptionAlgorithm)); supportedAssertions.add(new QName(TRUST_NS,CanonicalizationAlgorithm)); supportedAssertions.add(new QName(TRUST_NS,ComputedKeyAlgorithm)); supportedAssertions.add(new QName(TRUST_NS,Encryption)); supportedAssertions.add(new QName(TRUST_NS,ProofEncryption)); supportedAssertions.add(new QName(TRUST_NS,UseKey)); supportedAssertions.add(new QName(TRUST_NS,SignWith)); supportedAssertions.add(new QName(TRUST_NS,EncryptWith)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"DisableStreamingSecurity")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"DisableStreamingSecurity")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"EncryptHeaderContent")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"EncryptHeaderContent")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"DisableInclusivePrefixList")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"DisableInclusivePrefixList")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"DisablePayloadBuffering")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"DisablePayloadBuffering")); // newly added by M.P. supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"KeyStore")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,"TrustStore")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"KeyStore")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,"TrustStore")); supportedAssertions.add(new QName(SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS,"SCClientConfiguration")); supportedAssertions.add(new QName(SUN_TRUST_CLIENT_SECURITY_POLICY_NS,"PreconfiguredSTS")); supportedAssertions.add(new QName(SUN_TRUST_SERVER_SECURITY_POLICY_NS,"STSConfiguration")); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,Constants.CertStore)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,Constants.CertStore)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,Constants.BSP10)); supportedAssertions.add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,Constants.BSP10));
Methods Summary
public java.lang.String[] declareSupportedDomains()
return new String[] { SECURITY_POLICY_NS, TRUST_NS, SUN_WSS_SECURITY_CLIENT_POLICY_NS, SUN_WSS_SECURITY_SERVER_POLICY_NS, SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS, };
public Fitness validateClientSide(com.sun.xml.ws.policy.PolicyAssertion policyAssertion)
String uri = policyAssertion.getName().getNamespaceURI(); if(uri.equals(SUN_WSS_SECURITY_SERVER_POLICY_NS) || uri.equals(SUN_TRUST_SERVER_SECURITY_POLICY_NS)){ return Fitness.UNSUPPORTED; } if (policyAssertion instanceof SecurityAssertionValidator) { SecurityAssertionValidator.AssertionFitness fitness =((SecurityAssertionValidator)policyAssertion).validate(false); if(fitness == fitness.IS_VALID){ return Fitness.SUPPORTED; }else { return Fitness.UNSUPPORTED; } //return ((SecurityAssertionValidator)policyAssertion).validate() ? Fitness.SUPPORTED : Fitness.UNSUPPORTED; } else if (supportedAssertions.contains(policyAssertion.getName())) { return Fitness.SUPPORTED; } else { return Fitness.UNKNOWN; }
public Fitness validateServerSide(com.sun.xml.ws.policy.PolicyAssertion policyAssertion)
String uri = policyAssertion.getName().getNamespaceURI(); if(uri.equals(SUN_WSS_SECURITY_CLIENT_POLICY_NS) || uri.equals(SUN_WSS_SECURITY_CLIENT_POLICY_NS) || uri.equals(SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS) || uri.equals(SUN_TRUST_CLIENT_SECURITY_POLICY_NS)){ return Fitness.UNSUPPORTED; } if (policyAssertion instanceof SecurityAssertionValidator) { return (((SecurityAssertionValidator)policyAssertion).validate(true) == SecurityAssertionValidator.AssertionFitness.IS_VALID )? Fitness.SUPPORTED : Fitness.UNSUPPORTED; } else if (supportedAssertions.contains(policyAssertion.getName())) { return Fitness.SUPPORTED; } else { return Fitness.UNKNOWN; }