Module org.glassfish.metro.wsit.impl
Package com.sun.xml.ws.security

Interface IssuedTokenContext

All Known Implementing Classes:
IssuedTokenContextImpl
@ManagedData @Description("Information used by Trust and Security enforcement") public interface IssuedTokenContext
This interface is the SPI defined by WS-Security to enable WS-Trust/SecureConversation specific security interactions.

This interface represents a Context containing information populated and used by the Trust and the Security Enforcement Layers (for example the proof-token of an Issued token needs to be used by the SecurityEnforcement Layer to secure the message).

  • Field Details

  • Method Details

    • setTokenIssuer

      void setTokenIssuer(String issuer)

    • getTokenIssuer

      @ManagedAttribute @Description("Token issuer") String getTokenIssuer()

    • getRequestorCertificate

      @ManagedAttribute @Description("Requestor certificate") X509Certificate getRequestorCertificate()
      Requestor Certificate(s)
      Returns:
      the sender certificate, null otherwise

    • setRequestorCertificate

      void setRequestorCertificate(X509Certificate cert)
      Append the Requestor Certificate that was used in an incoming message.

    • getRequestorUsername

      @ManagedAttribute @Description("Requestor username") String getRequestorUsername()
      Requestor username if any
      Returns:
      the requestor username if provided

    • setRequestorUsername

      void setRequestorUsername(String username)
      set requestor username

    • getRequestorSubject

      @ManagedAttribute @Description("Requestor subject") Subject getRequestorSubject()

    • setRequestorSubject

      void setRequestorSubject(Subject subject)

    • setTokenType

      void setTokenType(String tokenType)

    • getTokenType

      @ManagedAttribute @Description("Token type") String getTokenType()

    • setKeyType

      void setKeyType(String keyType)

    • getKeyType

      @ManagedAttribute @Description("Key type") String getKeyType()

    • setAppliesTo

      void setAppliesTo(String appliesTo)

    • getAppliesTo

      @ManagedAttribute @Description("appliesTo value") String getAppliesTo()

    • setSecurityToken

      void setSecurityToken(Token tok)
      Depending on the <sp:IncludeToken> server policy, set the Token to be used in Securing requests and/or responses

    • getSecurityToken

      @ManagedAttribute @Description("Security token") Token getSecurityToken()
      Depending on the <sp:IncludeToken> policy get the Token to be used in Securing requests and/or responses. The token returned is to be used only for inserting into the SecurityHeader, if the getAssociatedProofToken is not null, and it should also be used for securing the message if there is no Proof Token associated.

    • setAssociatedProofToken

      void setAssociatedProofToken(Token token)
      Set the Proof Token Associated with the SecurityToken

      when the SecurityToken is a SecurityContext token (as defined in WS-SecureConversation) and Derived Keys are being used then the Proof Token is the <wsc:DerivedKeyToken>

    • getAssociatedProofToken

      @ManagedAttribute @Description("Proof token") Token getAssociatedProofToken()
      get the Proof Token (if any) associated with the SecurityToken, null otherwise

    • getAttachedSecurityTokenReference

      @ManagedAttribute @Description("Attached security token reference") Token getAttachedSecurityTokenReference()
      If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
      Returns:
      STR if set, null otherwise

    • getUnAttachedSecurityTokenReference

      @ManagedAttribute @Description("Unattached security token reference") Token getUnAttachedSecurityTokenReference()
      If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example.
      Returns:
      STR if set, null otherwise

    • setAttachedSecurityTokenReference

      void setAttachedSecurityTokenReference(Token str)
      If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example

    • setUnAttachedSecurityTokenReference

      void setUnAttachedSecurityTokenReference(Token str)
      If the token returned doesnt allow use of wsu:id attribute then a STR is returned as <wst:RequestedUnAttachedReference> which needs to be inserted into a <ds:KeyInfo> for example

    • getSecurityPolicy

      ArrayList<Object> getSecurityPolicy()
      get the SecurityPolicy to be applied for the request or response to which this SecurityContext corresponds to This allows the Client and/or the Service (WSP/STS) to dynamically inject policy to be applied. For example in the case of SignChallenge when the Initiator (client) has to sign a specific challenge.

      Note: Inserting an un-solicited RSTR into a SOAP Header can also be expressed as a policy and the subsequent requirement to sign the RSTR will also be expressed as a policy

      TODO: There is no policy today to insert a specific element to a SOAP Header, we need to extend the policy definitions in XWS-Security.

    • setOtherPartyEntropy

      void setOtherPartyEntropy(Object entropy)
      Set the Entropy information provided by the other Part (if any)

      WS-Trust allows requestor to provide input to key material in the request. The requestor might do this to satisfy itself as to the degree of entropy(cyrptographic randomness) of atleast some of the material used to generate the actual Key.

      For composite Keys Entropy can be set by both parties, the concrete entropy element can be a <wst:Entropy> instance but the argument here is generic to avoid a dependence of the SPI on WS-Trust packages

    • getDecipheredOtherPartyEntropy

      Key getDecipheredOtherPartyEntropy(Key privKey) throws XWSSecurityException
      Get the Entropy if any provided by the other party, null otherwise If the Entropy was specified as an <xenc:EncryptedKey> then this method would return the decrypted secret
      Throws:
      XWSSecurityException

    • getOtherPartyEntropy

      @ManagedAttribute @Description("Other party entropy") Object getOtherPartyEntropy()
      Get the Entropy if any provided by the Other Party, null otherwise

    • setSelfEntropy

      void setSelfEntropy(Object entropy)
      Set self Entropy

    • getSelfEntropy

      @ManagedAttribute @Description("Self entropy") Object getSelfEntropy()
      Get self Entropy if set, null otherwise

    • getComputedKeyAlgorithmFromProofToken

      URI getComputedKeyAlgorithmFromProofToken()
      Return the <wst:ComputedKey> URI if any inside the RSTR, null otherwise. The Security Enforcement Layer would compute the Key as P_SHA1(Ent(req), Ent(res))

    • setProofKey

      void setProofKey(byte[] key)
      set the SecureConversation ProofToken as a byte[] array

    • getProofKey

      byte[] getProofKey()
      get the SecureConversation ProofToken as a byte[] array

    • setProofKeyPair

      void setProofKeyPair(KeyPair keys)

    • getProofKeyPair

      KeyPair getProofKeyPair()

    • setAuthnContextClass

      void setAuthnContextClass(String authType)

    • getAuthnContextClass

      String getAuthnContextClass()

    • getCreationTime

      Date getCreationTime()
      Returns:
      the creation Time of the IssuedToken

    • getExpirationTime

      Date getExpirationTime()
      get the Expiration Time for this Token if any

    • setCreationTime

      void setCreationTime(Date date)
      set the creation Time of the IssuedToken

    • setEndpointAddress

      void setEndpointAddress(String endPointAddress)
      set the endpointaddress

    • getEndpointAddress

      String getEndpointAddress()
      Get the endpoint address

    • setExpirationTime

      void setExpirationTime(Date date)
      set the Expiration Time for this Token if any.

    • getSignatureAlgorithm

      String getSignatureAlgorithm()
      Returns:
      The signature algorithm to use to sign IssuedToken

    • setSignatureAlgorithm

      void setSignatureAlgorithm(String sigAlgo)
      Parameters:
      sigAlgo - : signature algorithm to use to sign IssuedToken

    • getEncryptionAlgorithm

      String getEncryptionAlgorithm()
      Returns:
      The encryption algorithm to use to encrypt IssuedToken

    • setEncryptionAlgorithm

      void setEncryptionAlgorithm(String encAlgo)
      Parameters:
      encAlgo - : The encryption algorithm to use to encrypt IssuedToken

    • getCanonicalizationAlgorithm

      String getCanonicalizationAlgorithm()
      Returns:
      The canonicalization algorithm to use when signing IssuedToken

    • setCanonicalizationAlgorithm

      void setCanonicalizationAlgorithm(String canonicalizationAlgo)
      Parameters:
      canonicalizationAlgo - : The canonicalization algorithm to use when signing IssuedToken

    • getSignWith

      String getSignWith()
      Returns:
      The signature algorithm the client intends to use when using ProofKey to sign the application message

    • setSignWith

      void setSignWith(String sigAlgo)
      Parameters:
      sigAlgo - : The signature algorithm the client intends to use when using ProofKey to sign the application message

    • getEncryptWith

      String getEncryptWith()
      Returns:
      The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

    • setEncryptWith

      void setEncryptWith(String encAlgo)
      Parameters:
      encAlgo - The encryption algorithm the client intends to use when using ProofKey to encrypt the application message

    • getSecurityContextTokenInfo

      SecurityContextTokenInfo getSecurityContextTokenInfo()
      Get the SecurityContextTokenInfo for this Token if any.

    • setTarget

      void setTarget(Token target)

    • getTarget

      Token getTarget()

    • setSecurityContextTokenInfo

      void setSecurityContextTokenInfo(SecurityContextTokenInfo sctInfo)
      set the SecurityContextTokenInfo for this Token if any.

    • destroy

      void destroy()
      Destroy the IssuedTokenContext.

    • getOtherProperties

      Map<String,Object> getOtherProperties()