com.sun.xml.wss.impl.misc

Class DefaultSecurityEnvironmentImpl

java.lang.Object

com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl

All Implemented Interfaces:

SecurityEnvironment

public class DefaultSecurityEnvironmentImpl
extends Object
implements SecurityEnvironment

Field Summary

Fields

Modifier and Type	Field and Description
protected static Logger	log logger

Constructor Summary

Constructors

Constructor and Description
DefaultSecurityEnvironmentImpl(CallbackHandler cHandler)
DefaultSecurityEnvironmentImpl(CallbackHandler cHandler, Properties confAssertions)

Method Summary

Modifier and Type	Method and Description
String	authenticateUser(Map context, String username) Authenticate the user given the username and context.
boolean	authenticateUser(Map context, String username, String password) Authenticate the user against a list of known username-password pairs.
boolean	authenticateUser(Map context, String username, String passwordDigest, String nonce, String created) Authenticate the user given the password digest.
KerberosContext	doKerberosLogin() Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
KerberosContext	doKerberosLogin(byte[] tokenValue) Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc
SignatureKeyCallback.AliasPrivKeyCertRequest	getAliasPrivKeyCertRequest(String certIdentifier)
CallbackHandler	getCallbackHandler()
X509Certificate	getCertificate(Map context, BigInteger serialNumber, String issuerName)
X509Certificate	getCertificate(Map context, byte[] keyIdentifier)
X509Certificate	getCertificate(Map context, byte[] identifier, String valueType)
X509Certificate	getCertificate(Map context, PublicKey publicKey, boolean forSign)
X509Certificate	getCertificate(Map context, String alias, boolean forSigning)
X509Certificate	getDefaultCertificate(Map context) Retrieves a reasonable default value for the current user's X509Certificate if one exists.
PrivateKey	getDefaultPrivateKey(Map context)
SignatureKeyCallback.PrivKeyCertRequest	getDefaultPrivKeyCertRequest(Map context)
String	getPassword(Map context)
PrivateKey	getPrivateKey(Map context, BigInteger serialNumber, String issuerName)
PrivateKey	getPrivateKey(Map context, byte[] keyIdentifier)
PrivateKey	getPrivateKey(Map context, byte[] identifier, String valueType)
PrivateKey	getPrivateKey(Map context, PublicKey publicKey, boolean forSign)
PrivateKey	getPrivateKey(Map context, String alias)
PrivateKey	getPrivateKey(Map context, X509Certificate cert)
PublicKey	getPublicKey(Map context, BigInteger serialNumber, String issuerName)
PublicKey	getPublicKey(Map context, byte[] keyIdentifier)
PublicKey	getPublicKey(Map context, byte[] identifier, String valueType)
SecretKey	getSecretKey(Map context, String alias, boolean encryptMode)
Subject	getSubject()
static Subject	getSubject(FilterProcessingContext context)
static Subject	getSubject(Map context)
String	getUsername(Map context)
boolean	isSelfCertificate(X509Certificate cert)
Element	locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc) Locate and return a SAML Assertion, given the Authority binding and assertionId
static WssSoapFaultException	newSOAPFaultException(QName faultCode, String faultstring, Throwable th) Create and initialize a WssSoapFaultException.
AuthenticationTokenPolicy.SAMLAssertionBinding	populateSAMLPolicy(Map fpcontext, AuthenticationTokenPolicy.SAMLAssertionBinding policy, DynamicApplicationContext context) Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information.
void	updateOtherPartySubject(Subject subject, Assertion assertion) Update the public credentials of the subject of the party whose Assertion is given.
void	updateOtherPartySubject(Subject subject, GSSName clientCred, GSSCredential gssCred) Update the principal/credentials of the requesting party subject
void	updateOtherPartySubject(Subject subject, Key secretKey)
void	updateOtherPartySubject(Subject subject, String ek)
void	updateOtherPartySubject(Subject subject, String username, String password) Update the public/private credentials of the subject of the party whose username password pair is given.
void	updateOtherPartySubject(Subject subject, Subject bootStrapSubject) Update the principal/credentials of the requesting party subject
void	updateOtherPartySubject(Subject subject, X509Certificate cert) Update the public credentials of the subject of the party whose certificate is given.
void	updateOtherPartySubject(Subject subject, XMLStreamReader assertion) Update the public credentials of the subject of the party whose Assertion is given.
boolean	validateAndCacheNonce(Map context, String nonce, String created, long nonceAge) Validate the given nonce.
boolean	validateCertificate(X509Certificate cert, Map context) Validate an X509Certificate.
void	validateCreationTime(Map context, String creationTime, long maxClockSkew, long timestampFreshnessLimit) Validate the creation time.
void	validateSAMLAssertion(Map context, Element assertion) Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc.
void	validateSAMLAssertion(Map context, XMLStreamReader assertion) Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc.
boolean	validateSamlIssuer(String issuer)
boolean	validateSamlUser(String user, String domain, String format)
void	validateTimestamp(Map context, String created, String expires, long maxClockSkew, long freshnessLimit)
void	validateTimestamp(Map context, Timestamp timestamp, long maxClockSkew, long freshnessLimit) Validate the creation time.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

protected static final Logger log

logger

Constructor Detail

DefaultSecurityEnvironmentImpl

public DefaultSecurityEnvironmentImpl(CallbackHandler cHandler)

DefaultSecurityEnvironmentImpl

public DefaultSecurityEnvironmentImpl(CallbackHandler cHandler,
                                      Properties confAssertions)

Method Detail

getDefaultCertificate

public X509Certificate getDefaultCertificate(Map context)
                                      throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Retrieves a reasonable default value for the current user's X509Certificate if one exists.

Specified by:

getDefaultCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

Returns:

the default certificate for the current user

Throws:

XWSSecurityException

getDefaultPrivKeyCertRequest

public SignatureKeyCallback.PrivKeyCertRequest getDefaultPrivKeyCertRequest(Map context)
                                                                     throws XWSSecurityException

Throws:

XWSSecurityException

getAliasPrivKeyCertRequest

public SignatureKeyCallback.AliasPrivKeyCertRequest getAliasPrivKeyCertRequest(String certIdentifier)
                                                                        throws XWSSecurityException

Throws:

XWSSecurityException

getDefaultPrivateKey

public PrivateKey getDefaultPrivateKey(Map context)
                                throws XWSSecurityException

Throws:

XWSSecurityException

getSecretKey

public SecretKey getSecretKey(Map context,
                              String alias,
                              boolean encryptMode)
                       throws XWSSecurityException

Specified by:

getSecretKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

alias - the alias for identifying the SecretKey

encryptMode - whether this request is for an Encrypt or Decrypt operation

Returns:

the SecretKey corresponding to the alias

Throws:

XWSSecurityException - if there was an error while trying to locate the SecretKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      String alias,
                                      boolean forSigning)
                               throws XWSSecurityException

Specified by:

getCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

alias - the alias for identifying the certificate

forSigning - whether this request is for a Sign operation or Encrypt

Returns:

the certificate corresponding to the alias

Throws:

XWSSecurityException - if there was an error while trying to locate the Cerificate

getCertificate

public X509Certificate getCertificate(Map context,
                                      PublicKey publicKey,
                                      boolean forSign)
                               throws XWSSecurityException

Specified by:

getCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

publicKey - the publicKey

forSign - set to true if the public key is to be used for SignatureVerification

Returns:

the X509Certificate corresponding to a PublicKey

Throws:

XWSSecurityException - if there was an error while trying to locate the PublicKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                String alias)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

alias - the alias for identifying the PrivateKey

Returns:

the PrivateKey corresponding to the alias

Throws:

XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                byte[] identifier,
                                String valueType)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Throws:

XWSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                byte[] keyIdentifier)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

keyIdentifier - an Opaque identifier indicating the X509 certificate.

Returns:

the PrivateKey corresponding to a KeyIdentifier

Throws:

XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                BigInteger serialNumber,
                                String issuerName)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

serialNumber - the serialNumber of the certificate

issuerName - the issuerName of the certificate

Returns:

the PrivateKey corresponding to (serialNumber, issuerName)

Throws:

XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPublicKey

public PublicKey getPublicKey(Map context,
                              byte[] identifier,
                              String valueType)
                       throws XWSSecurityException

Specified by:

getPublicKey in interface SecurityEnvironment

Throws:

XWSSecurityException

getPublicKey

public PublicKey getPublicKey(Map context,
                              byte[] keyIdentifier)
                       throws XWSSecurityException

Specified by:

getPublicKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

keyIdentifier - an Opaque identifier indicating the X509 certificate.

Returns:

the PublicKey corresponding to a KeyIdentifier

Throws:

XWSSecurityException - if there was an error while trying to locate the PublicKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      byte[] identifier,
                                      String valueType)
                               throws XWSSecurityException

Specified by:

getCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

identifier - an Opaque identifier indicating the X509 certificate.

Returns:

the X509Certificate corresponding to a KeyIdentifier

Throws:

XWSSecurityException - if there was an error while trying to locate the X509Certificate

getCertificate

public X509Certificate getCertificate(Map context,
                                      byte[] keyIdentifier)
                               throws XWSSecurityException

Specified by:

getCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

keyIdentifier - an Opaque identifier indicating the X509 certificate.

Returns:

the X509Certificate corresponding to a KeyIdentifier

Throws:

XWSSecurityException - if there was an error while trying to locate the X509Certificate

getPublicKey

public PublicKey getPublicKey(Map context,
                              BigInteger serialNumber,
                              String issuerName)
                       throws XWSSecurityException

Specified by:

getPublicKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

serialNumber - the serialNumber of the certificate

issuerName - the issuerName of the certificate

Returns:

the PublicKey corresponding to (serialNumber, issuerName)

Throws:

XWSSecurityException - if there was an error while trying to locate the PublicKey

getCertificate

public X509Certificate getCertificate(Map context,
                                      BigInteger serialNumber,
                                      String issuerName)
                               throws XWSSecurityException

Specified by:

getCertificate in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

serialNumber - the serialNumber of the certificate

issuerName - the issuerName of the certificate

Returns:

the X509Certificate corresponding to (serialNumber, issuerName)

Throws:

XWSSecurityException - if there was an error while trying to locate the X509Certificate

validateCertificate

public boolean validateCertificate(X509Certificate cert,
                                   Map context)
                            throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate an X509Certificate.

Specified by:

validateCertificate in interface SecurityEnvironment

Parameters:

cert - the X509Certificate to be validated

context - Map of application and integration-layer specific properties

Returns:

true, if the cert is a valid one, false otherwise.

Throws:

XWSSecurityException - if there is some problem during validation. public boolean validateCertificate(X509Certificate cert) throws XWSSecurityException; / /** Validate an X509Certificate.

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    String username,
                                    String password)

Description copied from interface: SecurityEnvironment

Update the public/private credentials of the subject of the party whose username password pair is given.

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

username - the username of the requesting party

password - the password of the requesting party

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    X509Certificate cert)

Description copied from interface: SecurityEnvironment

Update the public credentials of the subject of the party whose certificate is given.

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

cert - the X509Certificate of the requesting party

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Assertion assertion)

Description copied from interface: SecurityEnvironment

Update the public credentials of the subject of the party whose Assertion is given.

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

assertion - the SAML Assertion of the requesting party

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Key secretKey)

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    String ek)

getSubject

public static Subject getSubject(Map context)

getSubject

public static Subject getSubject(FilterProcessingContext context)

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                X509Certificate cert)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

cert - the X509Certificate

Returns:

the PrivateKey corresponding to the X509Certificate

Throws:

XWSSecurityException - if there was an error while trying to locate the PrivateKey

getPrivateKey

public PrivateKey getPrivateKey(Map context,
                                PublicKey publicKey,
                                boolean forSign)
                         throws XWSSecurityException

Specified by:

getPrivateKey in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

publicKey - the publicKey

forSign - set to true if the purpose is Signature

Returns:

the PrivateKey corresponding to a PublicKey

Throws:

XWSSecurityException - if there was an error while trying to locate the PrivateKey

getSubject

public Subject getSubject()

Specified by:

getSubject in interface SecurityEnvironment

Returns:

the host/sender Subject, null if subject is not available/initialized

authenticateUser

public boolean authenticateUser(Map context,
                                String username,
                                String passwordDigest,
                                String nonce,
                                String created)
                         throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Authenticate the user given the password digest.

Specified by:

authenticateUser in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

username - the username

passwordDigest - the digested password

nonce - the nonce which was part of the digest

created - the creation time which was part of the digest

Returns:

true if the password digest is valid, false otherwise

Throws:

XWSSecurityException - if there was an error while trying to authenticate the username

authenticateUser

public boolean authenticateUser(Map context,
                                String username,
                                String password)
                         throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Authenticate the user against a list of known username-password pairs.

Specified by:

authenticateUser in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

username - the username

password - the password

Returns:

true if the username-password pair is valid, false otherwise

Throws:

XWSSecurityException - if there was an error while trying to authenticate the username

authenticateUser

public String authenticateUser(Map context,
                               String username)
                        throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Authenticate the user given the username and context.

Specified by:

authenticateUser in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

username - the username

Returns:

password if the username is valid

Throws:

XWSSecurityException - if there was an error while trying to authenticate the username

validateCreationTime

public void validateCreationTime(Map context,
                                 String creationTime,
                                 long maxClockSkew,
                                 long timestampFreshnessLimit)
                          throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW

Specified by:

validateCreationTime in interface SecurityEnvironment

Parameters:

creationTime -

context - a Map of application and integration-layer specific properties

maxClockSkew - (in milliseconds) the maximum clockskew

timestampFreshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh

Throws:

XWSSecurityException

XWSSecurityException - if there was an error while trying to validate the creationTime

validateSamlIssuer

public boolean validateSamlIssuer(String issuer)

validateSamlUser

public boolean validateSamlUser(String user,
                                String domain,
                                String format)

getUsername

public String getUsername(Map context)
                   throws XWSSecurityException

Specified by:

getUsername in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

Returns:

the username using UsernameCallback

Throws:

XWSSecurityException - if there was an error while trying obtain the username

getPassword

public String getPassword(Map context)
                   throws XWSSecurityException

Specified by:

getPassword in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

Returns:

the password using PasswordCallback

Throws:

XWSSecurityException - if there was an error while trying obtain the password

validateTimestamp

public void validateTimestamp(Map context,
                              Timestamp timestamp,
                              long maxClockSkew,
                              long freshnessLimit)
                       throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate the creation time. It is an error if the creation time is older than current local time minus TIMESTAMP_FRESHNESS_LIMIT minus MAX_CLOCK_SKEW

Specified by:

validateTimestamp in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

timestamp - the Timestamp element

maxClockSkew - (in milliseconds) the maximum clockskew

freshnessLimit - (in milliseconds) the limit for which timestamps are considered fresh

Throws:

XWSSecurityException - if there was an error while trying validate the Timestamp

validateTimestamp

public void validateTimestamp(Map context,
                              String created,
                              String expires,
                              long maxClockSkew,
                              long freshnessLimit)
                       throws XWSSecurityException

Specified by:

validateTimestamp in interface SecurityEnvironment

Throws:

XWSSecurityException

newSOAPFaultException

public static WssSoapFaultException newSOAPFaultException(QName faultCode,
                                                          String faultstring,
                                                          Throwable th)

Create and initialize a WssSoapFaultException. This method is used in conjunction with generateClientFault.

validateSAMLAssertion

public void validateSAMLAssertion(Map context,
                                  Element assertion)
                           throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime

Specified by:

validateSAMLAssertion in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

assertion - the Assertion to be validated

Throws:

XWSSecurityException - if there was an error while validating the SAML Assertion

locateSAMLAssertion

public Element locateSAMLAssertion(Map context,
                                   Element binding,
                                   String assertionId,
                                   Document ownerDoc)
                            throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Locate and return a SAML Assertion, given the Authority binding and assertionId

Specified by:

locateSAMLAssertion in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

binding - an org.w3c.dom.Element representing the SAML AuthorityBinding

assertionId - the Assertion ID of the SAML Assertion

ownerDoc - the owner document into which the returned SAML Assertion should be imported to

Throws:

XWSSecurityException - if there was an error while trying to locate the SAML Assertion

populateSAMLPolicy

public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map fpcontext,
                                                                         AuthenticationTokenPolicy.SAMLAssertionBinding policy,
                                                                         DynamicApplicationContext context)
                                                                  throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Locate and update the Policy argument with the SAML Assertion and/or the AuthorityBinding and Assertion ID information. The DynamicApplicationContext may contain information to be used by the implementation to make its runtime decisions on how to obtaim the SAML Assertion

Specified by:

populateSAMLPolicy in interface SecurityEnvironment

Parameters:

fpcontext - a Map of application and integration-layer specific properties

policy - the SAML Assertion Policy to be populated

context - the DynamicApplicationContext

Returns:

populated SAML Assertion policy

Throws:

XWSSecurityException - if there was an error while trying to populate the SAML Assertion Policy

getCallbackHandler

public CallbackHandler getCallbackHandler()

Specified by:

getCallbackHandler in interface SecurityEnvironment

Returns:

any Callback Handler associated with this Environment, null otherwise

validateSAMLAssertion

public void validateSAMLAssertion(Map context,
                                  XMLStreamReader assertion)
                           throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate the received SAML Assertion Validations can include validating the Issuer and the Saml User, SAML Version etc. Note: The SAML Condition (notBefore, notOnOrAfter) is validated by the XWS runtime In case HOK SAML Assertion the enveloped signature is removed from this SAML Assertion and verified. (i,e one will not find Signature element under this SAMLAssertion)

Specified by:

validateSAMLAssertion in interface SecurityEnvironment

Parameters:

context - a Map of application and integration-layer specific properties

assertion - the Assertion to be validated

Throws:

XWSSecurityException - if there was an error while validating the SAML Assertion

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    XMLStreamReader assertion)

Description copied from interface: SecurityEnvironment

Update the public credentials of the subject of the party whose Assertion is given.

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

assertion - the SAML Assertion of the requesting party

isSelfCertificate

public boolean isSelfCertificate(X509Certificate cert)

Specified by:

isSelfCertificate in interface SecurityEnvironment

Returns:

true if the certificate is a self certificate, false otherwise

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    Subject bootStrapSubject)

Description copied from interface: SecurityEnvironment

Update the principal/credentials of the requesting party subject

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

bootStrapSubject - the bootstrap Credentials (during a SecureConversation Bootstrap) of the requesting party

doKerberosLogin

public KerberosContext doKerberosLogin()
                                throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc

Specified by:

doKerberosLogin in interface SecurityEnvironment

Throws:

XWSSecurityException

doKerberosLogin

public KerberosContext doKerberosLogin(byte[] tokenValue)
                                throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Perform a Kerberos Login and return a Kerberos Context KerberosContext stores the secretKey, GSSContext, kerberos BST etc

Specified by:

doKerberosLogin in interface SecurityEnvironment

Throws:

XWSSecurityException

updateOtherPartySubject

public void updateOtherPartySubject(Subject subject,
                                    GSSName clientCred,
                                    GSSCredential gssCred)

Description copied from interface: SecurityEnvironment

Update the principal/credentials of the requesting party subject

Specified by:

updateOtherPartySubject in interface SecurityEnvironment

Parameters:

subject - the Subject of the requesting party

clientCred - the GSSName of the requesting party

validateAndCacheNonce

public boolean validateAndCacheNonce(Map context,
                                     String nonce,
                                     String created,
                                     long nonceAge)
                              throws XWSSecurityException

Description copied from interface: SecurityEnvironment

Validate the given nonce. It is an error if the nonce matches any stored nonce values on the server if there is no error then the nonce is Cached.

Specified by:

validateAndCacheNonce in interface SecurityEnvironment

Parameters:

context - a context containing runtime properties

nonce - the encoded nonce value

created - the creation time value

nonceAge - the time in milliseconds for which this nonce will be stored on the receiver.

Returns:

true if this nonce is valid

Throws:

XWSSecurityException - if there was an error while trying to validate the Nonce