WaspSecurity.SPI (WSO2 SOA Enablement Server for Java 6.6 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.idoox.wasp
Class WaspSecurity.SPI

java.lang.Object
  org.idoox.wasp.WaspSecurity.SPI

Direct Known Subclasses:: WaspSecurity.WaspSecurityImpl

Enclosing class:: WaspSecurity

public abstract static class WaspSecurity.SPI
extends java.lang.Object

This class defines the Service Provider Interface (SPI) for the WaspSecurity class. All the abstract methods in this class must be implemented by each WaspSecurity provider.

Since:: 4.5

Field Summary
`protected static java.lang.String[]`	`STRAR_0` String array of length 0, it can be safely reused and returned by extenders.

Constructor Summary
`protected`	`WaspSecurity.SPI()` Does nothing.

Method Summary
`protected abstract Credentials`	`acquireClientCredentials(java.lang.String userName, java.lang.String authData, java.lang.String authenticationMechanism)` Creates client credentials for given name, password and authentication mechanism.
`protected abstract Credentials`	`acquireServerCredentials(java.lang.String userName, java.lang.String authData, java.lang.String authenticationMechanism)` Creates server credentials for given name, password and authentication mechanism.
`protected abstract void`	`checkPermission(java.security.Permission perm)` Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security WSO2 SOA Enablement Server policy currently in effect.
`protected abstract java.lang.String[]`	`getAcceptingProviders(ServiceEndpointContext serviceEndpointContext)` Returns names of the current service endpoint accepting security providers or current execution context accepting security providers, if the parameter is `null`.
`protected java.lang.String[]`	`getAnRequirementsForEndpoint(java.lang.String serverURL, java.lang.String serviceEndpointPath)` Returns authentication requirements for specified web service endpoint in the context of server URL.
`protected abstract java.lang.String[]`	`getAnRequirementsForEndpoint(java.lang.String serverURL, java.lang.String serviceEndpointPath, boolean isGetTransportMethod)` Returns authentication requirements for specified web service endpoint in the context of server URL and transport method.
`protected abstract Credentials[]`	`getCredentials(ServiceClient serviceClient)` Returns array of Credentials which were previously set on service client or execution context, if the parameter is `null`.
`protected abstract java.security.PermissionCollection`	`getDefaultPrincipalPermissions()` Returns set of permissions for unauthenticated users, using another words, permissions for default principal.
`protected abstract java.lang.String`	`getInitiatingProvider(ServiceClient serviceClient)` Returns initiating provider, which was previously set on service client or execution context, if the first parameter is `null`.
`protected abstract java.lang.String`	`getInitiatingProvider(ServiceEndpointContext serviceEndpointContext)` Returns initiating provider, which was previously set on service endpoint context or execution context, if the first parameter is `null`.
`protected abstract java.util.Map`	`getInstalledSecurityInfo()` Gets metadata information about installed security.
`protected java.security.Principal`	`getInvokerFirstPrincipal()` This method can be invoked on the service side to determine service invoker identified as his first principal.
`protected java.util.Iterator`	`getInvokerPrincipals()` This method can be on the service side to determine service invoker principals.
`protected abstract javax.security.auth.Subject`	`getInvokerSubject()` Returns subject representing invoker.
`protected abstract Configurable`	`getProviderProperties(ServiceClient serviceClient, java.lang.String providerName)` Returns properties of security providers that are determined by the given instance of Configurable.
`protected abstract Configurable`	`getProviderProperties(ServiceEndpointContext serviceEndpointContext, java.lang.String providerName)` Returns properties of security providers that are determined by the given instance of Configurable.
`protected abstract java.lang.Class`	`getProviderPropertiesIface(java.lang.String providerName)` Returns configuration class of the given provider.
`protected boolean`	`isAppCredentialsSet()` Returns `true` if the application code already sets credentials, `false` otherwise.
`protected abstract boolean`	`isAuthorizationRequired(ServiceEndpointContext serviceEndpointContext)` It determines whether automatic authorization for given service endpoint context is on.
`protected abstract java.util.Properties`	`modifyLookupProperties(java.util.Properties lookupProperties)` This method is used to modify security properties for lookup, like HTTP proxy name and password.
`protected abstract void`	`resetCredentials()` Resets client credentials in the current execution context.
`protected abstract void`	`setAcceptingProviders(ServiceEndpointContext serviceEndpointContext, java.lang.String[] providerNames)` Sets accepting security providers for the given web service context.
`protected abstract void`	`setAuthorizationRequired(ServiceEndpointContext serviceEndpointContext, boolean authorizationRequired)` Turns on or off automatic authorization for given service endpoint context.
`protected abstract void`	`setCredentials(ServiceClient serviceClient, Credentials[] creds)` Sets Credentials for given service client instance or the whole execution context, if the first parameter is `null`.
`protected abstract void`	`setCredentials(ServiceEndpointContext serviceEndpointContext, Credentials[] creds)` Set credentials for the given service endpoint context or default service execution context.
`protected abstract void`	`setInitiatingProvider(ServiceClient serviceClient, java.lang.String providerName)` Sets initiating provider for service client or to the execution context depending on the first parameter value.
`protected abstract void`	`setInitiatingProvider(ServiceEndpointContext serviceEndpointContext, java.lang.String providerName)` Sets initiating security provider for the given service endpoint context.
`protected abstract void`	`setProviderProperties(ServiceClient serviceClient, Configurable config, java.lang.String providerName)` Sets properties of security providers that are determined by the given instance of Configurable.
`protected abstract void`	`setProviderProperties(ServiceClient serviceClient, java.util.Map properties)` Sets properties for security providers, these properties are provider specific and they are applied only for given service client.
`protected abstract void`	`setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, java.lang.String providerName)` Sets properties of security providers that are determined by the given instance of Configurable.
`protected abstract void`	`setProviderProperties(ServiceEndpointContext serviceEndpointContext, java.util.Map properties)` Sets properties for security providers, these properties are provider specific and they are applied only for service endpoint context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

STRAR_0

protected static final java.lang.String[] STRAR_0

String array of length 0, it can be safely reused and returned by extenders.

Constructor Detail

WaspSecurity.SPI

protected WaspSecurity.SPI()

Does nothing.

Method Detail

getInstalledSecurityInfo

protected abstract java.util.Map getInstalledSecurityInfo()

Gets metadata information about installed security. Following keys must be contained in the Map:

"AUTHENTICATION_SUPPORTED": String value: "true" means that authentication is supported.
"AUTHORIZATION_SUPPORTED": String value: "true" means that authorization is supported.

Returns:: unmodifiable metadata information, keys are defined by public static final constants defined in WaspSecurity class

getDefaultPrincipalPermissions

protected abstract java.security.PermissionCollection getDefaultPrincipalPermissions()
                                                                              throws java.security.AccessControlException

Returns set of permissions for unauthenticated users, using another words, permissions for default principal.

Returns:: permission collection for unauthenticated invokers
Throws:: java.security.AccessControlException - security policy disallows to get default principal permissions

getInitiatingProvider

protected abstract java.lang.String getInitiatingProvider(ServiceClient serviceClient)

Returns initiating provider, which was previously set on service client or execution context, if the first parameter is null. It none was set, this method returns null.

Parameters:: serviceClient - service client, or null to use execution context
Returns:: initiating provider name, or null if no provider is used

getInitiatingProvider

protected abstract java.lang.String getInitiatingProvider(ServiceEndpointContext serviceEndpointContext)

Returns initiating provider, which was previously set on service endpoint context or execution context, if the first parameter is null. It none was set, this method returns null.

Parameters:: serviceEndpointContext - service endpoint context, or null to use execution context
Returns:: initiating provider name, or null if no provider is used

getAcceptingProviders

protected abstract java.lang.String[] getAcceptingProviders(ServiceEndpointContext serviceEndpointContext)

Returns names of the current service endpoint accepting security providers or current execution context accepting security providers, if the parameter is null.

Parameters:: serviceEndpointContext - service context or null to use execution context
Returns:: names of the current accepting security providers, empty array can be returned if no security provider is used.

modifyLookupProperties

protected abstract java.util.Properties modifyLookupProperties(java.util.Properties lookupProperties)

This method is used to modify security properties for lookup, like HTTP proxy name and password. The implementation SHOULD support following properties:

HTTP_BASIC_USER_NAME: User name used for Http Basic Authentication
HTTP_BASIC_PASSWORD: Password used for Http Basic Authentication

Parameters:: lookupProperties - current lookup properties, can be null
Returns:: modified lookup properties, can be null

getInvokerSubject

protected abstract javax.security.auth.Subject getInvokerSubject()

Returns subject representing invoker.

Returns:: invoker's subject or null, if the invoker is unknown
See Also:: getInvokerFirstPrincipal(), getInvokerPrincipals()

setAuthorizationRequired

protected abstract void setAuthorizationRequired(ServiceEndpointContext serviceEndpointContext,
                                                 boolean authorizationRequired)
                                          throws java.security.NoSuchProviderException

Turns on or off automatic authorization for given service endpoint context.

Parameters:: serviceEndpointContext - service endpoint context; authorizationRequired - true, if authorization is required, false if it is not
Throws:: java.security.NoSuchProviderException - authorization settings cannot be set

isAuthorizationRequired

protected abstract boolean isAuthorizationRequired(ServiceEndpointContext serviceEndpointContext)
                                            throws java.security.NoSuchProviderException

It determines whether automatic authorization for given service endpoint context is on.

Parameters:: serviceEndpointContext - service context
Returns:: true, if authorization is required, false is it is not
Throws:: java.security.NoSuchProviderException - authorization settings cannot be determined

setAcceptingProviders

protected abstract void setAcceptingProviders(ServiceEndpointContext serviceEndpointContext,
                                              java.lang.String[] providerNames)
                                       throws java.security.NoSuchProviderException

Sets accepting security providers for the given web service context. Accepting providers are set to service endpoint context or to the current service execution context, if the first parameter is null.

Parameters:: serviceEndpointContext - service endpoint context, it can be null to set them to current service execution context; providerNames - names of security providers, empty array and null value can be accepted to set no providers
Throws:: java.security.NoSuchProviderException - if there is some provider, which is not configured or not accessible

setInitiatingProvider

protected abstract void setInitiatingProvider(ServiceEndpointContext serviceEndpointContext,
                                              java.lang.String providerName)
                                       throws java.security.NoSuchProviderException

Sets initiating security provider for the given service endpoint context. Initiating provider is set to service endpoint context or to the current service execution context, if the first parameter is null.

Parameters:: serviceEndpointContext - web service context, it can be null to set them to current webservice endpoint context; providerName - provider name or null to set no provider
Throws:: java.security.NoSuchProviderException - the provider, identified by providerName, is not configured or not accessible

setCredentials

protected abstract void setCredentials(ServiceEndpointContext serviceEndpointContext,
                                       Credentials[] creds)

Set credentials for the given service endpoint context or default service execution context.

Parameters:: serviceEndpointContext - service endpoint context, or null to use current service execution context; creds - credentials to set to endpoint context, empty array or null value can be used to reset credentials associated with service context

acquireClientCredentials

protected abstract Credentials acquireClientCredentials(java.lang.String userName,
                                                        java.lang.String authData,
                                                        java.lang.String authenticationMechanism)
                                                 throws java.security.NoSuchProviderException

Creates client credentials for given name, password and authentication mechanism. Created credentials can be then set using the setCredentials(Object,Credentials[]) method.

Parameters:: userName - user name, can be null; authData - authentication data, e.g. password of the user, can be null; authenticationMechanism - authentication mechanism (e.g. "SSL" or "HttpBasic")
Returns:: trueif the credentials can be created for given authentication mechanism, user name and password, false otherwise
Throws:: java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

acquireServerCredentials

protected abstract Credentials acquireServerCredentials(java.lang.String userName,
                                                        java.lang.String authData,
                                                        java.lang.String authenticationMechanism)
                                                 throws java.security.NoSuchProviderException

Creates server credentials for given name, password and authentication mechanism. Credentials being created may then associated with web service context using the setCredentials(WSContext,Credentials[]) method.

Parameters:: userName - user name or alias, can be null; authData - authentication data, e.g. password of the user, can be null; authenticationMechanism - authentication mechanism (e.g. "SSL" or "HttpBasic")
Returns:: credentials created with given authentication mechanism, user name and password
Throws:: java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

getCredentials

protected abstract Credentials[] getCredentials(ServiceClient serviceClient)

Returns array of Credentials which were previously set on service client or execution context, if the parameter is null. If none were set, this method returns null.

Parameters:: serviceClient - service client, or null to to use execution context
Returns:: array of Credentials for given service client, it may return null.

setCredentials

protected abstract void setCredentials(ServiceClient serviceClient,
                                       Credentials[] creds)

Sets Credentials for given service client instance or the whole execution context, if the first parameter is null. This method only sets credentials.

Parameters:: serviceClient - service client, or null to set them to execution context; creds - array of Credentials to be set for service client, can be null
See Also:: setInitiatingProvider(ServiceClient,String)

setInitiatingProvider

protected abstract void setInitiatingProvider(ServiceClient serviceClient,
                                              java.lang.String providerName)
                                       throws java.security.NoSuchProviderException

Sets initiating provider for service client or to the execution context depending on the first parameter value.

Parameters:: serviceClient - service client, can be null to set default client security provider; providerName - provider name or null to set no provider
Throws:: java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

setProviderProperties

protected abstract void setProviderProperties(ServiceClient serviceClient,
                                              java.util.Map properties)

Sets properties for security providers, these properties are provider specific and they are applied only for given service client. Available properties for Kerberos provider are:

"SYSTINET_KRB_PRIVATE_STATE": boolean value for creating GSS MessageProps object, default value is true
"SYSTINET_KRB_QOP_VALUE": integer value for creating GSS MessageProps object, default value is 0
"SYSTINET_KRB_REQ_MIC": boolean value for initiating client GSS Context, default value is false
"SYSTINET_REQ_MUTUAL_AUTH": boolean value for initiating client GSS Context, default value is true
"SYSTINET_REQ_CONF": boolean value for initiating client GSS Context, default value is true

Parameters:: serviceClient - service client, cannot be null; properties - properties to set

setProviderProperties

protected abstract void setProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                              java.util.Map properties)

Sets properties for security providers, these properties are provider specific and they are applied only for service endpoint context. Available properties for Kerberos provider are:

"SYSTINET_KRB_PRIVATE_STATE": boolean value for creating GSS MessageProps object, default value is true
"SYSTINET_KRB_QOP_VALUE": integer value for creating GSS MessageProps object, default value is 0
"SYSTINET_KRB_REQ_MIC": boolean value for initiating client GSS Context, default value is false
"SYSTINET_REQ_MUTUAL_AUTH": boolean value for initiating client GSS Context, default value is true
"SYSTINET_REQ_CONF": boolean value for initiating client GSS Context, default value is true

Parameters:: serviceEndpointContext - service endpoint context, cannot be null; properties - properties to set

setProviderProperties

protected abstract void setProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                              Configurable config,
                                              java.lang.String providerName)
                                       throws java.security.NoSuchProviderException

Sets properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:: serviceEndpointContext - service endpoint context, cannot be null; config - the configurable object that determines provider properties; providerName - name of the security provider to set the properties
Throws:: java.security.NoSuchProviderException

getProviderProperties

protected abstract Configurable getProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                                      java.lang.String providerName)

Returns properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:: serviceEndpointContext - service endpoint context, cannot be null; providerName - name of the security provider to get the properties
Returns:: Configurable instance

setProviderProperties

protected abstract void setProviderProperties(ServiceClient serviceClient,
                                              Configurable config,
                                              java.lang.String providerName)
                                       throws java.security.NoSuchProviderException

Parameters:: serviceClient - service client, cannot be null; config - the configurable object that determines provider properties; providerName - name of the security provider to set the properties
Throws:: java.security.NoSuchProviderException

getProviderProperties

protected abstract Configurable getProviderProperties(ServiceClient serviceClient,
                                                      java.lang.String providerName)

Parameters:: serviceClient - service client, cannot be null; providerName - name of the security provider to get the properties
Returns:: Configurable instance

resetCredentials

protected abstract void resetCredentials()

Resets client credentials in the current execution context. This method should be invoked to prevent access to credentials by another thread and / or if you want to lookup another service using different default credentials.

getAnRequirementsForEndpoint

protected java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL,
                                                          java.lang.String serviceEndpointPath)
                                                   throws WebServiceLookupException

Returns authentication requirements for specified web service endpoint in the context of server URL. The return value depends on WaspSecurity implementation. For example, it can be read using some handshake against some service in the scope of serverURL or simply solved by configuration. If the implementation uses such handshake, the WebServiceLookupException can be thrown. The getAnRequirementsForEndpoint(String,String,false) method is invoked by default.

Parameters:: serverURL - server URL (e.g. "http://localhost:6060"), can be null to use local server; serviceEndpointPath - service endpoint path (e.g. "/admin/DeployService"), can be null to query default authentication requirements
Returns:: accepting providers for the given web service endpoint, empty array can be also returned
Throws:: WebServiceLookupException - unable to lookup the service providing endpoint security information

getAnRequirementsForEndpoint

protected abstract java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL,
                                                                   java.lang.String serviceEndpointPath,
                                                                   boolean isGetTransportMethod)
                                                            throws WebServiceLookupException

Returns authentication requirements for specified web service endpoint in the context of server URL and transport method. The return value depends on WaspSecurity implementation. For example, it can be read using some handshake against some service in the scope of serverURL or simply solved by configuration. If the implementation uses such handshake, the WebServiceLookupException can be thrown.

Parameters:: serverURL - server URL (e.g. "http://localhost:6060"), can be null to use local server; serviceEndpointPath - service endpoint path (e.g. "/admin/DeployService"), can be null to query default authentication requirements; isGetTransportMethod - true in the case that it must consider GET transport, false otherwise
Returns:: accepting providers for the given web service endpoint, empty array can be also returned
Throws:: WebServiceLookupException - unable to lookup the service providing endpoint security information

checkPermission

protected abstract void checkPermission(java.security.Permission perm)
                                 throws java.security.AccessControlException

Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security WSO2 SOA Enablement Server policy currently in effect. This method quietly returns if the access request is permitted, or throws AccessControlException otherwise. Default implementation allows every permission.

Parameters:: perm - the requested permission (should not be null)
Throws:: java.security.AccessControlException - if the specified permission is not permitted, based on the current security policy

getProviderPropertiesIface

protected abstract java.lang.Class getProviderPropertiesIface(java.lang.String providerName)
                                                       throws java.security.NoSuchProviderException

Returns configuration class of the given provider. If the provider hasn't any configuration class, this method returns null. This class is used mainly by management services.

Parameters:: providerName - provider name
Returns:: configuration class of the given provider
Throws:: java.security.NoSuchProviderException

isAppCredentialsSet

protected boolean isAppCredentialsSet()

Returns true if the application code already sets credentials, false otherwise. This method is used by WSO2 SOA Enablement Server Core to determine, whether default credentials should be obtained. So this code is neccessary according to priorities of credential obtaining. Credentials set by application MUST be used first, if no credentials were set, WSO2 SOA Enablement Server is allowed to create and set default credentials using the aquireCredentials and setCredentials((Object)null, Credentials[]) methods. The aquireCredentials is invoked using System properties wasp.username, wasp.password and wasp.securityMechanism.

Note, that WSO2 SOA Enablement Server invokes this method only in the case that wasp.username System property is set. The implemenation provided inside this methods checks if the getCredentials(null) returns some credentials (array of length greater than zero) to determine return value.

Returns:: true if application were set already client credentials, false otherwise

getInvokerFirstPrincipal

protected java.security.Principal getInvokerFirstPrincipal()

This method can be invoked on the service side to determine service invoker identified as his first principal. Note, that invoker can be identified by more than one principal, but he is typically identified by only one.

Returns:: the first principal of invoker, or null, if invoker identity is unknown
See Also:: getInvokerPrincipals(), getInvokerSubject()

getInvokerPrincipals

protected java.util.Iterator getInvokerPrincipals()

This method can be on the service side to determine service invoker principals.

Returns:: iterator containing at least one principal, or null if the invoker identity is unknown
See Also:: getInvokerFirstPrincipal(), getInvokerSubject()

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.idoox.wasp Class WaspSecurity.SPI

STRAR_0

WaspSecurity.SPI

getInstalledSecurityInfo

getDefaultPrincipalPermissions

getInitiatingProvider

getInitiatingProvider

getAcceptingProviders

modifyLookupProperties

getInvokerSubject

setAuthorizationRequired

isAuthorizationRequired

setAcceptingProviders

setInitiatingProvider

setCredentials

acquireClientCredentials

acquireServerCredentials

getCredentials

setCredentials

setInitiatingProvider

setProviderProperties

setProviderProperties

setProviderProperties

getProviderProperties

setProviderProperties

getProviderProperties

resetCredentials

getAnRequirementsForEndpoint

getAnRequirementsForEndpoint

checkPermission

getProviderPropertiesIface

isAppCredentialsSet

getInvokerFirstPrincipal

getInvokerPrincipals

org.idoox.wasp
Class WaspSecurity.SPI