public class WSSecurityManager extends java.lang.Object implements org.springframework.context.ApplicationContextAware, WSSecurityManager
Defines WS-Security parameters to the UltraESB configuration, and serves as the central point of control for securing and verifying of messages
See sample # 204
Constructor and Description |
---|
WSSecurityManager(java.lang.String keystorePath,
java.lang.String keystorePassword,
java.util.Map passwordMap)
Constructor to use when identity and trust credentials are on the same keystore
|
WSSecurityManager(java.lang.String identityStorePath,
java.lang.String identityStorePassword,
java.lang.String trustStorePath,
java.lang.String trustStorePassword,
java.util.Map passwordMap)
Standard constructor that uses separate keystores for identity and trust credentials
|
Modifier and Type | Method and Description |
---|---|
void |
addDigestUsernameTokenAuthentication(Message msg,
java.lang.String username,
java.lang.String password)
Add a WS-Security Username Token authentication element to the request, with a nonce, created and hashed password
|
void |
addDigestUsernameTokenAuthenticationWithTimestamp(Message msg,
java.lang.String username,
java.lang.String password)
Add a WS-Security Username Token authentication element and a Timestamp element to the request,
with a nonce, created and hashed password
|
void |
addPlainUsernameTokenAuthenticationWithTimestamp(Message msg,
java.lang.String username,
java.lang.String password)
Add a WS-Security Username Token authentication element and a Timestamp elemtn to the request,
with a nonce, created and hashed password
|
void |
addUsernameTokenAuthentication(Message msg,
java.lang.String username,
java.lang.String password,
boolean hashed,
boolean addNonceAndCreated,
boolean includeTimestamp)
Add a WS-Security Username Token authentication element to the request
|
void |
removeSecurityHeader(Message msg)
Remove the WS-Security header from a message
|
void |
setNonceCacheSize(int nonceCacheSize)
Set cache size for detection of replay attacks when using UT authentication (default 1000)
|
void |
setRequireNonceAndCreated(boolean requireNonceAndCreated)
Require or disable nonce and created values for UT authentication (default required)
|
void |
setTimeStampFreshness(int timeStampFreshness)
Set timestamp freshness in ms for UT authentication (default 5 minutes)
|
void |
setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
Reference to UserDetailsService to resolve user information
|
void |
signMessage(Message msg,
java.lang.String signAlias,
java.lang.String signAlgo,
java.lang.String digestAlgo)
Secure message with a signature
|
void |
timestampAndEncryptMessage(Message msg,
java.lang.String encryptionAlias)
Secure message with a timestamp and encrypt - using default timestamp TTL of 5 minutes and key size of 256
|
void |
timestampAndEncryptMessage(Message msg,
java.lang.String encryptionAlias,
long millis,
java.lang.String algo)
Secure message with a timestamp and encrypt - using specified timestamp TTL
|
void |
timestampAndSignMessage(Message msg,
java.lang.String signatureAlias)
Secure message with a timestamp and signature - using default timestamp TTL of 5 minutes
|
void |
timestampAndSignMessage(Message msg,
java.lang.String signatureAlias,
long millis)
Secure message with a timestamp and signature - using specified timestamp TTL
|
void |
timestampMessage(Message msg)
Secure message with a timestamp - using default timestamp TTL of 5 minutes
|
void |
timestampMessage(Message msg,
long millis)
Secure message with a timestamp - using specified timestamp TTL
|
void |
timestampSignAndEncryptMessage(Message msg,
java.lang.String encryptionAlias,
java.lang.String signatureAlias)
Secure message with a timestamp, signature and encrypt body - using default timestamp TTL of 5 minutes and keysize of 256
|
void |
timestampSignAndEncryptMessage(Message msg,
java.lang.String encryptionAlias,
java.lang.String signatureAlias,
long millis,
java.lang.String algo)
Secure message with a timestamp, signature and encrypt body - using specified timestamp TTL
|
void |
verifySignedMessage(Message msg,
boolean remove)
Verify that the message is valid
|
void |
verifyTimestampedAndEncryptedMessage(Message msg,
boolean remove)
Verify that the message is timestamped and encrypted
|
void |
verifyTimestampedAndSignedMessage(Message msg,
boolean remove)
Verify that the message is timestamped and signed
|
void |
verifyTimestampedEncryptedAndSignedMessage(Message msg,
boolean remove)
Verify that the message is timestamped, encrypted and signed
|
void |
verifyTimestampedMessage(Message msg,
boolean remove)
Verify that the message is timestamped and the timestamp valid
|
void |
verifyUsernameTokenAuthentication(Message msg)
Verify that the message contains UsernameToken authentication information, and that its valid
|
void |
verifyUsernameTokenAuthentication(Message msg,
boolean remove)
Verify that the message contains UsernameToken authentication information, and that its valid
|
public WSSecurityManager(java.lang.String keystorePath, java.lang.String keystorePassword, java.util.Map passwordMap)
keystorePath
- path to the keystorekeystorePassword
- keystore passwordpasswordMap
- A Map of alias and password for credentials for the keystorepublic WSSecurityManager(java.lang.String identityStorePath, java.lang.String identityStorePassword, java.lang.String trustStorePath, java.lang.String trustStorePassword, java.util.Map passwordMap)
identityStorePath
- the identity credential keystore (Can be a URL specified as file: or classpath: prefix)identityStorePassword
- password to the identity credential keystoretrustStorePath
- the trust credential keystore (Can be a URL specified as file: or classpath: prefix)trustStorePassword
- password to the trust credential keystorepasswordMap
- A Map of alias and password for credentials in the keystorepublic void removeSecurityHeader(Message msg)
removeSecurityHeader
in interface WSSecurityManager
msg
- the message from which the WS-Security header should be removedpublic void setRequireNonceAndCreated(boolean requireNonceAndCreated)
requireNonceAndCreated
- require nonce and created values for UT authentication if truepublic void setNonceCacheSize(int nonceCacheSize)
nonceCacheSize
- size of cachepublic void setTimeStampFreshness(int timeStampFreshness)
timeStampFreshness
- delay in millisecondspublic void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
userDetailsService
- reference to the UserDetailsServicepublic void timestampMessage(Message msg, long millis)
timestampMessage
in interface WSSecurityManager
msg
- message to timestampmillis
- timestamp TTLpublic void timestampMessage(Message msg)
timestampMessage
in interface WSSecurityManager
msg
- message to timestamppublic void timestampAndSignMessage(Message msg, java.lang.String signatureAlias, long millis)
timestampAndSignMessage
in interface WSSecurityManager
msg
- message to securesignatureAlias
- alias of credentials for signaturemillis
- timestamp TTLpublic void timestampAndSignMessage(Message msg, java.lang.String signatureAlias)
timestampAndSignMessage
in interface WSSecurityManager
msg
- message to securesignatureAlias
- alias of credentials for signaturepublic void timestampAndEncryptMessage(Message msg, java.lang.String encryptionAlias, long millis, java.lang.String algo)
timestampAndEncryptMessage
in interface WSSecurityManager
msg
- message to secureencryptionAlias
- alias of credentials for encryptionalgo
- encryption algorithm URI or prefixpublic void timestampAndEncryptMessage(Message msg, java.lang.String encryptionAlias)
timestampAndEncryptMessage
in interface WSSecurityManager
msg
- message to secureencryptionAlias
- alias of credentials for encryptionpublic void timestampSignAndEncryptMessage(Message msg, java.lang.String encryptionAlias, java.lang.String signatureAlias, long millis, java.lang.String algo)
timestampSignAndEncryptMessage
in interface WSSecurityManager
msg
- message to secureencryptionAlias
- alias of credentials for encryptionsignatureAlias
- alias of credentials for signaturemillis
- timestamp TTLalgo
- encryption algorithmpublic void timestampSignAndEncryptMessage(Message msg, java.lang.String encryptionAlias, java.lang.String signatureAlias)
timestampSignAndEncryptMessage
in interface WSSecurityManager
msg
- message to secureencryptionAlias
- alias of credentials for encryptionsignatureAlias
- alias of credentials for signaturepublic void signMessage(Message msg, java.lang.String signAlias, java.lang.String signAlgo, java.lang.String digestAlgo)
signMessage
in interface WSSecurityManager
msg
- message to securesignAlias
- alias of credentials for signaturesignAlgo
- signing algorithm to be useddigestAlgo
- digest algorithm to be used to generate the hashpublic void addUsernameTokenAuthentication(Message msg, java.lang.String username, java.lang.String password, boolean hashed, boolean addNonceAndCreated, boolean includeTimestamp)
addUsernameTokenAuthentication
in interface WSSecurityManager
msg
- message to secureusername
- username to addpassword
- password to addhashed
- true if password is a digestaddNonceAndCreated
- true if a nonce and digest should be added (true of hashed)includeTimestamp
- should a Timestamp element be included?public void addDigestUsernameTokenAuthentication(Message msg, java.lang.String username, java.lang.String password)
addDigestUsernameTokenAuthentication
in interface WSSecurityManager
msg
- message to secureusername
- username to addpassword
- password to addpublic void addDigestUsernameTokenAuthenticationWithTimestamp(Message msg, java.lang.String username, java.lang.String password)
addDigestUsernameTokenAuthenticationWithTimestamp
in interface WSSecurityManager
msg
- message to secureusername
- username to addpassword
- password to addpublic void addPlainUsernameTokenAuthenticationWithTimestamp(Message msg, java.lang.String username, java.lang.String password)
addPlainUsernameTokenAuthenticationWithTimestamp
in interface WSSecurityManager
msg
- message to secureusername
- username to addpassword
- password to addpublic void verifyTimestampedMessage(Message msg, boolean remove)
verifyTimestampedMessage
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifySignedMessage(Message msg, boolean remove)
verifySignedMessage
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifyTimestampedAndSignedMessage(Message msg, boolean remove)
verifyTimestampedAndSignedMessage
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifyTimestampedAndEncryptedMessage(Message msg, boolean remove)
verifyTimestampedAndEncryptedMessage
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifyTimestampedEncryptedAndSignedMessage(Message msg, boolean remove)
verifyTimestampedEncryptedAndSignedMessage
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifyUsernameTokenAuthentication(Message msg, boolean remove)
verifyUsernameTokenAuthentication
in interface WSSecurityManager
msg
- message to validateremove
- remove security header after processingpublic void verifyUsernameTokenAuthentication(Message msg)
verifyUsernameTokenAuthentication
in interface WSSecurityManager
msg
- message to validate