org.idoox.wasp
Class SecurityHelper

java.lang.Object
  org.idoox.wasp.SecurityHelper

public final class SecurityHelper

extends java.lang.Object

Contains static methods that simplify authentication actions. It is strongly recommended that WaspSecurity is used for authentication purposes instead.

You should follow these instructions to set up authentication of a client:

WASP 4.5 Actions:

1. Invoke the authenticateClient method with user name, password and authentication mechanism.
2. Create service client, see org.systinet.wasp.webservice.ServiceClient create method.
3. Lookup your service using org.systinet.wasp.webservice.Registry lookup method.
4. Optionally, store current credentials in the proxy.

WASP 4.5 Code:

  import org.systinet.wasp.Wasp org.systinet.wasp.Wasp;
  import org.systinet.wasp.webservice.ServiceClient;
  import org.systinet.wasp.webservice.Registry;
  import demo.ServiceInterface;  // interface of service you would like to connect

    ...

  // acquire credentials and set initiating provider to execution context
  SecurityHelper.authenticateClient("test", "test", SecurityHelper.HttpBasic);

  // create service client
  ServiceClient sc = ServiceClient.create("http://yourhost:port/serviceURI", ServiceInterface.class);
  ServiceInterface serviceProxy =  = (ServiceInterface)Registry.lookup(sc);

  // optional step - store current authentication result in your proxy (it is not thread aware
  // for thread aware API see WaspSecurity
  SecurityHelper.setAuthenticationSecurity(serviceProxy);
 

WASP 4.0 Actions:

1. Obtain WebServiceLookup using (WebServiceLookup)Context.getInstance(Context.WEBSERVICE_LOOKUP)
2. Invoke the authenticateClient method with user name, password and authentication mechanism.
3. Lookup your service using WebServiceLookup instance.
4. Optionally, store current credentials in the proxy.

WASP 4.0 Code:

  import org.idoox.wasp.client.SecurityHelper;
  import org.idoox.webservice.client.WebServiceLookup;
  import org.idoox.wasp.Context;
  import demo.ServiceInterface;  // interface of service you would like to connect

    ...

  // obtain lookup instance
  WebServiceLookup lookup = (WebServiceLookup)Context.getInstance(Context.WEBSERVICE_LOOKUP);

  // authenticate
  SecurityHelper.authenticateClient("test", "test", SecurityHelper.HttpBasic);

  // get service stub
  ServiceInterface serviceProxy = (ServiceInterface)
      lookup.lookup("http://yourhost/serviceURI", ServiceInterface.class);

  // optional step - store current authentication result in your proxy (it
  // simplifies your work if you are invoking more services)
  SecurityHelper.setAuthenticationSecurity(serviceProxy);
 

If your service requires mutual authentication, you can invoke the authenticateClient to associate an identity with your service. You can also ask for web service endpoint authentication requirements using the getAnRequirementsForEndpoint static method. Note also that SecurityHelper methods are not thread-aware. Use underlying WaspSecurity that allows to work in multi-thread environment (authentication mechanisms and credentials can be set to proxies and service endpoints independetly on execution context).

Since:

4.0

Component:

Core

Field Summary

static java.lang.String	HttpBasic Http basic authentication mechanism, its value is "HttpBasic".
static java.lang.String	HttpDigest Http digest authentication mechanism, its value is "HttpDigest".
static java.lang.String	Kerberos Kerberos authentication mechanism, its value is "Kerberos".
static java.lang.String	SoapDSig SOAP Digital Signature authentication mechanism, its value is "SoapDSig".
static java.lang.String	SPKM SPKM authentication mechanism, its value is "SPKM".
static java.lang.String	SSL SSL authentication mechanism (client certificate) , its value is "SSL".

Constructor Summary

SecurityHelper()

Method Summary

static void	authenticateClient(java.lang.Object stub, Credentials[] creds) Authenticates client with given credentials and sets the security provider for the stub using provider obtained from first credentials.
static boolean	authenticateClient(java.lang.String userName, java.lang.String password, java.lang.String authenticationMechanism) Authenticates the client using user name, password and authentication mechanism.
static boolean	authenticateServer(java.lang.String userName, java.lang.String password, java.lang.String authenticationMechanism) Authenticates the service using user name, password and authentication mechanism.
static Credentials	createCredentials(java.lang.String userName, java.lang.String password, java.lang.String authenticationMechanism) Creates client credentials for given name, password and authentication mechanism.
static java.lang.String[]	getAnRequirementsForEndpoint(java.lang.String serverURL, java.lang.String serviceEndpointPath) Returns authentication requirements for specified web service endpoint in the context of server URL.
static void	resetAuthentication() Resets client credentials for all working threads.
static void	setAuthenticationSecurity(java.lang.Object stub) Applies current authentication settings permanently for stub.
static void	setAuthenticationSecurity(java.lang.Object stub, java.lang.String authenticationMechanism) Gets current credentials, set them to the stub, and configures the stub to use given authentication mechanism.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HttpBasic

public static final java.lang.String HttpBasic

Http basic authentication mechanism, its value is "HttpBasic".

See Also:

Constant Field Values

HttpDigest

public static final java.lang.String HttpDigest

Http digest authentication mechanism, its value is "HttpDigest".

See Also:

Constant Field Values

SSL

public static final java.lang.String SSL

SSL authentication mechanism (client certificate) , its value is "SSL".

See Also:

Constant Field Values

SPKM

public static final java.lang.String SPKM

SPKM authentication mechanism, its value is "SPKM".

See Also:

Constant Field Values

SoapDSig

public static final java.lang.String SoapDSig

SOAP Digital Signature authentication mechanism, its value is "SoapDSig".

See Also:

Constant Field Values

Kerberos

public static final java.lang.String Kerberos

Kerberos authentication mechanism, its value is "Kerberos".

See Also:

Constant Field Values

Constructor Detail

SecurityHelper

public SecurityHelper()

Method Detail

authenticateClient

public static boolean authenticateClient(java.lang.String userName,
                                         java.lang.String password,
                                         java.lang.String authenticationMechanism)
                                  throws java.security.NoSuchProviderException

Authenticates the client using user name, password and authentication mechanism. It creates credentials, sets them to the all threads and sets authentication provider, unless the last parameter is null.

Parameters:

userName - user name

password - password of the user

authenticationMechanism - authentication mechanism (e.g. SSL, HttpBasic, HttpDigest, SPKM, SoapDSig, Kerberos), it can be null to use default authentication mechanism

Returns:

true if the credentials can be created for given authentication mechanism, user name and password, false otherwise

Throws:

java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

createCredentials

public static Credentials createCredentials(java.lang.String userName,
                                            java.lang.String password,
                                            java.lang.String authenticationMechanism)
                                     throws java.security.NoSuchProviderException

Creates client credentials for given name, password and authentication mechanism. Credentials being created may then be used for authentication using authenticateClient(java.lang.String, java.lang.String, java.lang.String) method.

Parameters:

userName - user name

password - password of the user

authenticationMechanism - authentication mechanism (e.g. SSL, HttpBasic, HttpDigest, SPKM, SoapDSig, Kerberos),

Returns:

true if the credentials can be created for given authentication mechanism, user name and password, false otherwise

Throws:

java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

authenticateClient

public static void authenticateClient(java.lang.Object stub,
                                      Credentials[] creds)
                               throws java.security.NoSuchProviderException

Authenticates client with given credentials and sets the security provider for the stub using provider obtained from first credentials. If the creds parameter is null or empty, credentials are removed from the stub and no security provider ise set to it. Otherwise array of credentials is set to the stub and the first credentials are used set security provider for it.

Parameters:

stub - web service stub

creds - information about principal, can be null to reset credentials.

Throws:

java.security.NoSuchProviderException - if there is no provider for authentication mechanism specified in the first credentials

authenticateServer

public static boolean authenticateServer(java.lang.String userName,
                                         java.lang.String password,
                                         java.lang.String authenticationMechanism)
                                  throws java.security.NoSuchProviderException

Authenticates the service using user name, password and authentication mechanism. Unlike the authenticateClient(java.lang.String, java.lang.String, java.lang.String) method, this one does not set security providers. This methods is especially useful for authentication mechanism that allows mutual authentication on per service basis (e.g. SPKM).

Parameters:

userName - user name

password - password of the user

authenticationMechanism - authentication mechanism (e.g. SSL, HttpBasic, HttpDigest, SPKM), it can be null to use default authentication mechanism

Throws:

java.security.NoSuchProviderException - if there is no provider for authentication mechanism specified

setAuthenticationSecurity

public static void setAuthenticationSecurity(java.lang.Object stub)

Applies current authentication settings permanently for stub. More precisely, it

1. gets credentials from client using client WaspSecurity.getInstance().getCredentials(null) method and sets these credentials to the given stub,
2. intitializes security mechanism on the given stub using execurtion context provider settings.

Parameters:

stub - web service stub

setAuthenticationSecurity

public static void setAuthenticationSecurity(java.lang.Object stub,
                                             java.lang.String authenticationMechanism)
                                      throws java.security.NoSuchProviderException

Gets current credentials, set them to the stub, and configures the stub to use given authentication mechanism.

Parameters:

stub - web service stub

Throws:

java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

resetAuthentication

public static void resetAuthentication()

Resets client credentials for all working threads. This method should be invoked to prevent access to credentials by another thread and / or if you want to lookup another service using different credentials and this SecurityHelper.

getAnRequirementsForEndpoint

public static java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL,
                                                              java.lang.String serviceEndpointPath)
                                                       throws WebServiceLookupException

Returns authentication requirements for specified web service endpoint in the context of server URL.

Parameters:

serverURL - server URL (e.g. "http://localhost:6060")

serviceEndpointPath - service endpoint path (e.g. "/admin/DeployService")

Returns:

accepting providers for the given web service endpoint, empty array can be also returned

Throws:

WebServiceLookupException - if unable to lookup the service