BaseSTSImplpublic abstract class BaseSTSImpl extends Object implements com.sun.xml.ws.api.security.trust.BaseSTSThe Base class of an STS implementation. This could be used to implement
the actual STS. The sub class could override the methods of this class to
customize the implementation. |
Fields Summary |
---|
public static final int | DEFAULT_TIMEOUTThe default value of the timeout for the tokens issued by this STS | public static final String | DEFAULT_ISSUER | public static final String | STS_CONFIGURATIONThe xml element tag for STS Configuration | public static final String | DEFAULT_IMPLThe default implementation class for the Trust contract. This
class issues SAML tokens. | public static final String | DEFAULT_APPLIESTOThe default value for AppliesTo if appliesTo is not specified. | public static final String | APPLIES_TOThe String AppliesTo | public static final String | LIFETIMEThe String LifeTime that is used to specify lifetime of the tokens
issued by this STS. | public static final String | ALIASThe String CertAlias that is used in the configuration.
This identifies the alias of the Service that this STS serves. | public static final String | ENCRYPT_KEYThe String encrypt-issued-key | public static final String | ENCRYPT_TOKENThe String encrypt-issued-token | public static final String | CONTRACTThe String Contract. | public static final String | ISSUER | public static final String | TOKEN_TYPEThe String TokenType. | public static final String | KEY_TYPEThe String KeyType. | public static final String | SERVICE_PROVIDERSThe String ServiceProviders. | public static final String | END_POINTThe String endPoint. | private static final QName | Q_EK | private static final QName | Q_ET | private static final QName | Q_EP |
Methods Summary |
---|
private javax.xml.transform.Source | cancel(com.sun.xml.ws.api.security.trust.config.STSConfiguration config, java.lang.String appliesTo, com.sun.xml.ws.security.trust.WSTrustElementFactory eleFac, com.sun.xml.ws.security.trust.elements.RequestSecurityToken rst)
return null;
| com.sun.xml.ws.api.security.trust.config.STSConfiguration | getConfiguration()
final MessageContext msgCtx = getMessageContext();
//final CallbackHandler handler = (CallbackHandler)msgCtx.get(WSTrustConstants.STS_CALL_BACK_HANDLER);
final SecurityEnvironment secEnv = (SecurityEnvironment)msgCtx.get(WSTrustConstants.SECURITY_ENVIRONMENT);
//Get Runtime STSConfiguration
STSConfiguration rtConfig = WSTrustFactory.getRuntimeSTSConfiguration();
if (rtConfig != null){
if (rtConfig.getCallbackHandler() == null){
rtConfig.getOtherOptions().put(WSTrustConstants.SECURITY_ENVIRONMENT, secEnv);
}
return rtConfig;
}
// Get default STSConfiguration
DefaultSTSConfiguration config = new DefaultSTSConfiguration();
config.getOtherOptions().put(WSTrustConstants.SECURITY_ENVIRONMENT, secEnv);
//config.setCallbackHandler(handler);
final Iterator iterator = (Iterator)msgCtx.get(
Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS);
if (iterator == null){
throw new WebServiceException("STS configuration information is not available");
}
while(iterator.hasNext()) {
final PolicyAssertion assertion = (PolicyAssertion)iterator.next();
if (!STS_CONFIGURATION.equals(assertion.getName().getLocalPart())) {
continue;
}
config.setEncryptIssuedToken(Boolean.parseBoolean(assertion.getAttributeValue(Q_ET)));
config.setEncryptIssuedKey(Boolean.parseBoolean(assertion.getAttributeValue(Q_EK)));
final Iterator<PolicyAssertion> stsConfig =
assertion.getNestedAssertionsIterator();
while(stsConfig.hasNext()){
final PolicyAssertion serviceSTSPolicy = stsConfig.next();
if(LIFETIME.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setIssuedTokenTimeout(Integer.parseInt(serviceSTSPolicy.getValue()));
continue;
}
if(CONTRACT.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setType(serviceSTSPolicy.getValue());
continue;
}
if(ISSUER.equals(serviceSTSPolicy.getName().getLocalPart())){
config.setIssuer(serviceSTSPolicy.getValue());
continue;
}
if(SERVICE_PROVIDERS.equals(serviceSTSPolicy.getName().getLocalPart())){
final Iterator<PolicyAssertion> serviceProviders =
serviceSTSPolicy.getNestedAssertionsIterator();
String endpointUri = null;
while(serviceProviders.hasNext()){
final PolicyAssertion serviceProvider = serviceProviders.next();
endpointUri = serviceProvider.getAttributeValue(Q_EP);
if (endpointUri == null){
endpointUri = serviceProvider.getAttributeValue(new QName("", END_POINT.toLowerCase()));
}
final DefaultTrustSPMetadata data = new DefaultTrustSPMetadata(endpointUri);
final Iterator<PolicyAssertion> spConfig = serviceProvider.getNestedAssertionsIterator();
while(spConfig.hasNext()){
final PolicyAssertion policy = spConfig.next();
if(ALIAS.equals(policy.getName().getLocalPart())){
data.setCertAlias(policy.getValue());
}else if (TOKEN_TYPE.equals(policy.getName().getLocalPart())){
data.setTokenType(policy.getValue());
}else if (KEY_TYPE.equals(policy.getName().getLocalPart())){
data.setKeyType(policy.getValue());
}
}
config.addTrustSPMetadata(data, endpointUri);
}
}
}
}
return config;
| protected abstract javax.xml.ws.handler.MessageContext | getMessageContext()The actual STS class should override this method to return the
correct MessageContext
| public javax.xml.transform.Source | invoke(javax.xml.transform.Source rstElement)Implementation of the invoke method of the Provider interface
Source rstrEle = null;
try{
// Get RequestSecurityToken
final WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
final RequestSecurityToken rst = eleFac.createRSTFrom(rstElement);
//String tokenType = null;
String appliesTo = null;
final AppliesTo applTo = rst.getAppliesTo();
if(applTo != null){
appliesTo = WSTrustUtil.getAppliesToURI(applTo);
}
if (appliesTo == null){
appliesTo = DEFAULT_APPLIESTO;
}
// if(rst.getTokenType()!=null){
// tokenType = rst.getTokenType().toString();
// }
final STSConfiguration config = getConfiguration();
if(rst.getRequestType().toString().equals(WSTrustConstants.ISSUE_REQUEST)){
rstrEle = issue(config, appliesTo, eleFac, rst);
}else if(rst.getRequestType().toString().equals(WSTrustConstants.CANCEL_REQUEST)){
rstrEle = cancel(config, appliesTo, eleFac, rst);
}else if(rst.getRequestType().toString().equals(WSTrustConstants.RENEW_REQUEST)){
rstrEle = renew(config, appliesTo, eleFac, rst);
}else if(rst.getRequestType().toString().equals(WSTrustConstants.VALIDATE_REQUEST)){
rstrEle = validate(config, appliesTo, eleFac, rst);
}
} catch (Exception ex){
//ex.printStackTrace();
throw new WebServiceException(ex);
}
return rstrEle;
| private javax.xml.transform.Source | issue(com.sun.xml.ws.api.security.trust.config.STSConfiguration config, java.lang.String appliesTo, com.sun.xml.ws.security.trust.WSTrustElementFactory eleFac, com.sun.xml.ws.security.trust.elements.RequestSecurityToken rst)
// Create the RequestSecurityTokenResponse message
final WSTrustContract<RequestSecurityToken, RequestSecurityTokenResponse> contract = WSTrustFactory.newWSTrustContract(config,
appliesTo);
final IssuedTokenContext context = new IssuedTokenContextImpl();
try {
context.setRequestorSubject(SubjectAccessor.getRequesterSubject(getMessageContext()));
} catch (XWSSecurityException ex) {
throw new WSTrustException("error getting subject",ex);
}
final RequestSecurityTokenResponse rstr = contract.issue(rst, context);
/* Token samlToken = rstr.getRequestedSecurityToken().getToken();
rstr.getRequestedSecurityToken().setAny(null);
Element samlEle = (Element)samlToken.getTokenValue();
Element rstrEle = eleFac.toElement(rstr);
Document doc = rstrEle.getOwnerDocument();
samlEle = (Element)doc.importNode(samlEle, true);
NodeList list = rstrEle.getElementsByTagNameNS("*", "RequestedSecurityToken");
Element rdstEle = (Element)list.item(0);
rdstEle.appendChild(samlEle);
return new DOMSource(rstrEle);*/
return eleFac.toSource(rstr);
| private javax.xml.transform.Source | renew(com.sun.xml.ws.api.security.trust.config.STSConfiguration config, java.lang.String appliesTo, com.sun.xml.ws.security.trust.WSTrustElementFactory eleFac, com.sun.xml.ws.security.trust.elements.RequestSecurityToken rst)
Source rstrEle;
// Create the RequestSecurityTokenResponse message
final WSTrustContract<RequestSecurityToken, RequestSecurityTokenResponse> contract = WSTrustFactory.newWSTrustContract(config,
appliesTo);
final IssuedTokenContext context = new IssuedTokenContextImpl();
final RequestSecurityTokenResponse rstr = contract.renew(rst, context);
rstrEle = eleFac.toSource(rstr);
return rstrEle;
| private javax.xml.transform.Source | validate(com.sun.xml.ws.api.security.trust.config.STSConfiguration config, java.lang.String appliesTo, com.sun.xml.ws.security.trust.WSTrustElementFactory eleFac, com.sun.xml.ws.security.trust.elements.RequestSecurityToken rst)
Source rstrEle;
// Create the RequestSecurityTokenResponse message
final WSTrustContract<RequestSecurityToken, RequestSecurityTokenResponse> contract = WSTrustFactory.newWSTrustContract(config,
appliesTo);
final IssuedTokenContext context = new IssuedTokenContextImpl();
final RequestSecurityTokenResponse rstr = contract.validate(rst, context);
rstrEle = eleFac.toSource(rstr);
return rstrEle;
|
|