Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.idoox.wasp
Class WaspSecurity

java.lang.Object
  extended byorg.idoox.wasp.WaspSecurity
public class WaspSecurity
extends java.lang.Object

This class allows integration of security to WSO2 SOA Enablement Server core, the functionality of WSO2 SOA Enablement Server security is covered by its WaspSecurity.SPI. All methods defined here are transient, i.e. all the settings applied through the instance of this class will disappear after restart of WSO2 SOA Enablement Server. The documentation of methods refers to execution context, this context is defined as:

Since:
4.5
Component:
Core

Nested Class Summary
static class WaspSecurity.SPI
          This class defines the Service Provider Interface (SPI) for the WaspSecurity class.
static class WaspSecurity.WaspSecurityImpl
          Default implementation of WaspSecurity SPI.
 
Field Summary
static java.lang.String AUTHENTICATION_SUPPORTED
          Key for the getInstalledSecurityInfo method.
static java.lang.String AUTHORIZATION_SUPPORTED
          Key for the getInstalledSecurityInfo method.
static java.lang.String HTTP_BASIC_PASSWORD
          The key associating with the password in the Properties object passed to lookup operation.
static java.lang.String HTTP_BASIC_USER_NAME
          The key associating with the userName in the Properties object passed to lookup operation.
static java.lang.String HTTPS_BASIC_PASSWORD
          The key associating with the password in the Properties object passed to lookup operation.
static java.lang.String HTTPS_BASIC_USER_NAME
          The key associating with the userName in the Properties object passed to lookup operation.
static java.lang.String HTTPS_PROXY_PASSWORD
          The key associating with the HTTPS proxy password is used to proxy authenticate.
static java.lang.String HTTPS_PROXY_USER_NAME
          The key associating with the HTTPS proxy username is used to proxy authenticate.
static java.lang.String HTTPS_REQUEST_CHUNKING
          The key associated with chunging of client requests in the Properties object passed to lookup operation.
static java.lang.String SEC_PROV_PREFS_CONF_NAME
          Name of security provider preferences element in the configuration file or in the DD.
static java.lang.String STUB_CONTEXT_CREDENTIALS
          Key into stubContext where the security credentials to be used when communicating using this stub.
static java.lang.String STUB_CONTEXT_SECURITY_PROVIDER
          Key into stubContext where the current security provider is stored as String.
static java.lang.String SYSTINET_KERBEROS_SERVICE_REALM
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_KRB_PRIVATE_STATE
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_KRB_QOP_VALUE
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_KRB_REQ_MIC
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_REQ_CONF
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_REQ_MUTUAL_AUTH
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_DIGEST_METHOD
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_KEYNAME
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_SIGNATURE_METHOD
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_SIGNATURE_TYPE
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
static java.lang.String SYSTINET_SOAPDSIG_TRANSFORMS
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.
 
Constructor Summary
WaspSecurity()
           
 
Method Summary
static Credentials acquireClientCredentials(java.lang.String userName, java.lang.String authData, java.lang.String authenticationMechanism)
          Creates client credentials for given name, password and authentication mechanism.
static Credentials acquireServerCredentials(java.lang.String userName, java.lang.String authData, java.lang.String authenticationMechanism)
          Creates server credentials for given name, password and authentication mechanism.
static void checkPermission(java.security.Permission perm)
          Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security WSO2 SOA Enablement Server policy currently in effect.
static java.lang.String[] getAcceptingProviders(ServiceEndpointContext serviceEndpointContext)
          Returns names of the current service endpoint server accepting security providers or current execution context accepting security providers, if the parameter is null used for SOAP communication.
static java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL, java.lang.String serviceEndpointPath)
          Returns authentication requirements for specified service endpoint in the context of server URL.
static java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL, java.lang.String serviceEndpointPath, boolean isGetTransportMethod)
          Returns authentication requirements for specified web service endpoint in the context of server URL and transport method.
static Credentials[] getCredentials(ServiceClient serviceClient)
          Returns array of Credentials which were previously set on service client context or execution context, if the first parameter is null.
static java.security.PermissionCollection getDefaultPrincipalPermissions()
          Returns set of permissions for unauthenticated users; in other words, permissions for default principal.
static java.lang.String getInitiatingProvider(ServiceClient serviceClient)
          Returns initiating provider, which was previously set on ServiceClient instance or execution context, if the parameter is null.
static java.lang.String getInitiatingProvider(ServiceEndpointContext serviceEndpointContext)
          Returns initiating provider, which was previously set on ServiceClient or execution context, if the parameter is null.
static java.util.Map getInstalledSecurityInfo()
          Returns metadata information about installed security.
static java.security.Principal getInvokerFirstPrincipal()
          This method can be invoked on the service side to determine service invoker identified as his first principal.
static java.util.Iterator getInvokerPrincipals()
          This method can be on the service side to determine service invoker principals.
static javax.security.auth.Subject getInvokerSubject()
          Returns subject representing invoker.
static Configurable getProviderProperties(ServiceClient serviceClient, java.lang.String providerName)
          Returns properties of security providers that are determined by the given instance of Configurable.
static Configurable getProviderProperties(ServiceEndpointContext serviceEndpointContext, java.lang.String providerName)
          Returns properties of security providers that are determined by the given instance of Configurable.
static java.lang.Class getProviderPropertiesIface(java.lang.String providerName)
          Returns configuration class of the given provider.
static void init(WaspSecurity.SPI instance)
          This method is used to set SPI instance of this class.
static boolean isAppCredentialsSet()
          Returns true if the application code already sets credentials, false otherwise.
static boolean isAuthorizationRequired(ServiceEndpointContext serviceEndpointContext)
          It determines whether automatic authorization for given service endpoint context is on.
static boolean isInitialized()
          Tests if the singleton instance was initialized by custom implementation.
static java.util.Properties modifyLookupProperties(java.util.Properties lookupProperties)
          This method is usedto modify security properties for lookup, like HTTP proxy name and password.
static void resetCredentials()
          Resets client credentials in the current execution context.
static void setAcceptingProviders(ServiceEndpointContext serviceEndpointContext, java.lang.String[] providerNames)
          Sets accepting security providers for the given service endpoint context.
static void setAuthorizationRequired(ServiceEndpointContext serviceEndpointContext, boolean authorizationRequired)
          Turns on or off automatic authorization for given service endpoint context.
static void setCredentials(ServiceClient serviceClient, Credentials[] creds)
          Sets Credentials for given ServiceClient instance or whole execution context, if the first parameter is null.
static void setCredentials(ServiceEndpointContext serviceEndpointContext, Credentials[] creds)
          Sets credentials for service endpoint context or default service execution context.
static void setInitiatingProvider(ServiceClient serviceClient, java.lang.String providerName)
          Sets initiating provider to ServiceClient instance or to the execution context depending on the parameter value.
static void setInitiatingProvider(ServiceEndpointContext serviceEndpointContext, java.lang.String providerName)
          Sets initiating security provider for the given service endpoint context.
static void setProviderProperties(ServiceClient serviceClient, Configurable config, java.lang.String providerName)
          Sets properties of security providers that are determined by the given instance of Configurable.
static void setProviderProperties(ServiceClient serviceClient, java.util.Map properties)
          Deprecated. Use setProviderProperties(ServiceClient serviceClient, Configurable config, String providerName) instead.
static void setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, java.lang.String providerName)
          Sets properties of security providers that are determined by the given instance of Configurable.
static void setProviderProperties(ServiceEndpointContext serviceEndpointContext, java.util.Map properties)
          Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) instead.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HTTP_BASIC_USER_NAME

public static final java.lang.String HTTP_BASIC_USER_NAME
The key associating with the userName in the Properties object passed to lookup operation. If the pair HTTP_BASIC_USER_NAME and its value is presented for lookuping operation, the username value will be used for HTTP Basic authentication.

See Also:
Constant Field Values

HTTP_BASIC_PASSWORD

public static final java.lang.String HTTP_BASIC_PASSWORD
The key associating with the password in the Properties object passed to lookup operation. If the pair HTTP_BASIC_PASSWORD and its value is presented for lookuping operation, the password value will be used for HTTP Basic authentication.

See Also:
Constant Field Values

HTTPS_REQUEST_CHUNKING

public static final java.lang.String HTTPS_REQUEST_CHUNKING
The key associated with chunging of client requests in the Properties object passed to lookup operation. This property has string value equal to "true" if there is a request chunking required. The default value is "false", no request chunking.

See Also:
Constant Field Values

HTTPS_PROXY_USER_NAME

public static final java.lang.String HTTPS_PROXY_USER_NAME
The key associating with the HTTPS proxy username is used to proxy authenticate. This property has a string value. The value associated with this key can be also passed to the Registry in the map contextData which is paramenter of the operation Registry.lookup(String,Class,String,java.util.Map).

See Also:
Constant Field Values

HTTPS_PROXY_PASSWORD

public static final java.lang.String HTTPS_PROXY_PASSWORD
The key associating with the HTTPS proxy password is used to proxy authenticate. This property has a string value. The value associated with this key can be also passed to the Registry in the map contextData which is paramenter of the operation Registry.lookup(String,Class,String,java.util.Map).

See Also:
Constant Field Values

HTTPS_BASIC_USER_NAME

public static final java.lang.String HTTPS_BASIC_USER_NAME
The key associating with the userName in the Properties object passed to lookup operation. If the pair HTTPS_BASIC_USER_NAME and its value is presented for lookuping operation, the username value will be used to http basic authenticate.

See Also:
Constant Field Values

HTTPS_BASIC_PASSWORD

public static final java.lang.String HTTPS_BASIC_PASSWORD
The key associating with the password in the Properties object passed to lookup operation. If the pair HTTPS_BASIC_PASSWORD and its value is presented for lookuping operation, the password value will be used to basic authenticate.

See Also:
Constant Field Values

AUTHENTICATION_SUPPORTED

public static final java.lang.String AUTHENTICATION_SUPPORTED
Key for the getInstalledSecurityInfo method. You can test if authetntication is supported using this key.

See Also:
Constant Field Values

AUTHORIZATION_SUPPORTED

public static final java.lang.String AUTHORIZATION_SUPPORTED
Key for the getInstalledSecurityInfo method. You can test if authorization is supported using this key.

See Also:
Constant Field Values

SYSTINET_KRB_PRIVATE_STATE

public static final java.lang.String SYSTINET_KRB_PRIVATE_STATE
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_KRB_PRIVATE_STATE"
boolean value for creating GSS MessageProps object, default value is true

See Also:
Constant Field Values

SYSTINET_KRB_QOP_VALUE

public static final java.lang.String SYSTINET_KRB_QOP_VALUE
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_KRB_QOP_VALUE"
integer value for creating GSS MessageProps object, default value is 0

See Also:
Constant Field Values

SYSTINET_KRB_REQ_MIC

public static final java.lang.String SYSTINET_KRB_REQ_MIC
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_KRB_REQ_MIC"
boolean value for initiating client GSS Context, default value is false

See Also:
Constant Field Values

SYSTINET_REQ_MUTUAL_AUTH

public static final java.lang.String SYSTINET_REQ_MUTUAL_AUTH
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_REQ_MUTUAL_AUTH"
boolean value for initiating client GSS Context, default value is true

See Also:
Constant Field Values

SYSTINET_REQ_CONF

public static final java.lang.String SYSTINET_REQ_CONF
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_REQ_CONF"
boolean value for initiating client GSS Context, default value is true

See Also:
Constant Field Values

SYSTINET_KERBEROS_SERVICE_REALM

public static final java.lang.String SYSTINET_KERBEROS_SERVICE_REALM
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Properties for Kerberos provider.

"SYSTINET_KERBEROS_SERVICE_REALM"
realm of service that krb client will look up, for example KDC.WEST.COMPANY.COM.

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD

public static final java.lang.String SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD"
canonicalization method for creating signature, may be "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", default value is "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_DIGEST_METHOD

public static final java.lang.String SYSTINET_SOAPDSIG_DIGEST_METHOD
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_DIGEST_METHOD"
default value is "http://www.w3.org/2000/09/xmldsig#sha1"

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_SIGNATURE_METHOD

public static final java.lang.String SYSTINET_SOAPDSIG_SIGNATURE_METHOD
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_SIGNATURE_METHOD"
may be "http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", or "http://www.w3.org/2000/09/xmldsig#hmac-sha1", usually derived from given private key

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_TRANSFORMS

public static final java.lang.String SYSTINET_SOAPDSIG_TRANSFORMS
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_TRANSFORMS"

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_KEYNAME

public static final java.lang.String SYSTINET_SOAPDSIG_KEYNAME
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_KEYNAME"
any string

See Also:
Constant Field Values

SYSTINET_SOAPDSIG_SIGNATURE_TYPE

public static final java.lang.String SYSTINET_SOAPDSIG_SIGNATURE_TYPE
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) or setProviderProperties(org.systinet.wasp.webservice.ServiceClient, org.idoox.config.Configurable, java.lang.String) instead.

Property for SoapDSig provider.

"SYSTINET_SOAPDSIG_SIGNATURE_TYPE"
may be "MS", "W3", or "WS_SECURE_20020405". Default value is "WS_SECURE_20020405" that conforms with definition by WS-I by MS, IBM and Verisign 2002-04-05.

See Also:
Constant Field Values

STUB_CONTEXT_SECURITY_PROVIDER

public static final java.lang.String STUB_CONTEXT_SECURITY_PROVIDER
Key into stubContext where the current security provider is stored as String. Mostly for internal use.

See Also:
Constant Field Values

STUB_CONTEXT_CREDENTIALS

public static final java.lang.String STUB_CONTEXT_CREDENTIALS
Key into stubContext where the security credentials to be used when communicating using this stub. Mostly for internal use.

See Also:
Constant Field Values

SEC_PROV_PREFS_CONF_NAME

public static final java.lang.String SEC_PROV_PREFS_CONF_NAME
Name of security provider preferences element in the configuration file or in the DD.

See Also:
Constant Field Values
Constructor Detail

WaspSecurity

public WaspSecurity()
Method Detail

init

public static void init(WaspSecurity.SPI instance)
This method is used to set SPI instance of this class. It can be called at most once, typically during initialization of WSO2 SOA Enablement Server. If this method is not called, default implementation (without security) is used. If this method is called twice, RuntimeException is thrown.

Parameters:
instance - instace of WaspSecurity SPI
Throws:
java.lang.RuntimeException - WaspSecurity is already initialized

isInitialized

public static boolean isInitialized()
Tests if the singleton instance was initialized by custom implementation.

Returns:
true if custom implementation was used, false otherwise.

getInstalledSecurityInfo

public static java.util.Map getInstalledSecurityInfo()
Returns metadata information about installed security. Following keys must be contained in the map:

"AUTHENTICATION_SUPPORTED"
String value: "true" means that authentication is supported.
"AUTHORIZATION_SUPPORTED"
String value: "true" means that authorization is supported.

Returns:
unmodifiable metadata information, keys are defined by public static final constants defined herein

getDefaultPrincipalPermissions

public static java.security.PermissionCollection getDefaultPrincipalPermissions()
                                                                         throws java.security.AccessControlException
Returns set of permissions for unauthenticated users; in other words, permissions for default principal.

Returns:
permission collection for unauthenticated invokers
Throws:
java.security.AccessControlException - security policy disallows to get default principal permissions

getInitiatingProvider

public static java.lang.String getInitiatingProvider(ServiceClient serviceClient)
Returns initiating provider, which was previously set on ServiceClient instance or execution context, if the parameter is null. If none was set, this method returns null.

Parameters:
serviceClient - ServiceClient instance, or null to use execution context
Returns:
initiating provider name, or null if no provider is used

getInitiatingProvider

public static java.lang.String getInitiatingProvider(ServiceEndpointContext serviceEndpointContext)
Returns initiating provider, which was previously set on ServiceClient or execution context, if the parameter is null. If none was set, this method returns null.

Parameters:
serviceEndpointContext - service endpoint context, or null to use execution context
Returns:
initiating provider name, or null if no provider is used

getAcceptingProviders

public static java.lang.String[] getAcceptingProviders(ServiceEndpointContext serviceEndpointContext)
Returns names of the current service endpoint server accepting security providers or current execution context accepting security providers, if the parameter is null used for SOAP communication.

Parameters:
serviceEndpointContext - service endpoint context or null to use execution context
Returns:
names of the current accepting security providers, empty array may be returned if no security provider is used.

isAppCredentialsSet

public static boolean isAppCredentialsSet()
Returns true if the application code already sets credentials, false otherwise. This method is used by WSO2 SOA Enablement Server Core to determine whether default credentials should be obtained. So this code is neccessary according to priorities of credential obtaining. Credentials set by application MUST be used first, if no credentials were set, WSO2 SOA Enablement Server is allowed to create and set default credentials using the aquireCredentials and setCredentials((Object)null, Credentials[]) methods. The aquireCredentials is invoked using System properties wasp.username, wasp.password and wasp.securityMechanism.

Note, that WSO2 SOA Enablement Server invokes this method only in the case that wasp.username System property is set. The implemenation provided inside this methods checks if the getCredentials(null) returns some credentials (array of length greater than zero) to determine return value.

Returns:
true if application were set already client credentials, false otherwise.

modifyLookupProperties

public static java.util.Properties modifyLookupProperties(java.util.Properties lookupProperties)
This method is usedto modify security properties for lookup, like HTTP proxy name and password. The implementation SHOULD support following properties:

HTTP_BASIC_USER_NAME
User name used for HTTP Basic authentication
HTTP_BASIC_PASSWORD
Password used for HTTP Basic authentication

Parameters:
lookupProperties - current lookup properties, may be null
Returns:
modified lookup properties, may be null

getInvokerFirstPrincipal

public static java.security.Principal getInvokerFirstPrincipal()
This method can be invoked on the service side to determine service invoker identified as his first principal. Note, that invoker can be identified by more than one principal, but he is typically identified by only one.

Returns:
the first principal of invoker, or null, if invoker identity is unknown
See Also:
getInvokerPrincipals(), getInvokerSubject()

getInvokerPrincipals

public static java.util.Iterator getInvokerPrincipals()
This method can be on the service side to determine service invoker principals.

Returns:
iterator containing at least one principal, or null if the invoker identity is unknown
See Also:
getInvokerFirstPrincipal(), getInvokerSubject()

getInvokerSubject

public static javax.security.auth.Subject getInvokerSubject()
Returns subject representing invoker.

Returns:
invoker's subject or null, if the invoker is unknown
See Also:
getInvokerFirstPrincipal(), getInvokerPrincipals()

setAuthorizationRequired

public static void setAuthorizationRequired(ServiceEndpointContext serviceEndpointContext,
                                            boolean authorizationRequired)
                                     throws java.security.NoSuchProviderException
Turns on or off automatic authorization for given service endpoint context.

Parameters:
serviceEndpointContext - service endpoint context
authorizationRequired - true, if authorization is required, false is it is not
Throws:
java.security.NoSuchProviderException - authorization settings cannot be set

isAuthorizationRequired

public static boolean isAuthorizationRequired(ServiceEndpointContext serviceEndpointContext)
                                       throws java.security.NoSuchProviderException
It determines whether automatic authorization for given service endpoint context is on.

Parameters:
serviceEndpointContext - service context
Returns:
true, if authorization is required, false is it is not
Throws:
java.security.NoSuchProviderException - authorization settings cannot be determined

setAcceptingProviders

public static void setAcceptingProviders(ServiceEndpointContext serviceEndpointContext,
                                         java.lang.String[] providerNames)
                                  throws java.security.NoSuchProviderException
Sets accepting security providers for the given service endpoint context. Accepting providers are set to service endpoint context or to the current execution context, if the first parameter is null.

Parameters:
serviceEndpointContext - service endpoint context, it can be null to set them to current webservice endpoint context
providerNames - names of security providers, empty array and null value can be accepted to set no providers
Throws:
java.security.NoSuchProviderException - if there is some provider, which is not configured or not accessible

setInitiatingProvider

public static void setInitiatingProvider(ServiceEndpointContext serviceEndpointContext,
                                         java.lang.String providerName)
                                  throws java.security.NoSuchProviderException
Sets initiating security provider for the given service endpoint context. Initiating provider is set to service endpoint context or to the current service execution context, if the first parameter is null.

Parameters:
serviceEndpointContext - service endpoint context, it can be null to set them to current service execution context
providerName - provider name or null to set no provider
Throws:
java.security.NoSuchProviderException - the provider, identified by providerName, is not configured or not accessible

setCredentials

public static void setCredentials(ServiceEndpointContext serviceEndpointContext,
                                  Credentials[] creds)
Sets credentials for service endpoint context or default service execution context.

Parameters:
serviceEndpointContext - service endpoint context, or null to use current service context
creds - credentials to set to endpoint context, empty array or null value can be used to reset credentials associated with service endpoint context

acquireClientCredentials

public static Credentials acquireClientCredentials(java.lang.String userName,
                                                   java.lang.String authData,
                                                   java.lang.String authenticationMechanism)
                                            throws java.security.NoSuchProviderException
Creates client credentials for given name, password and authentication mechanism. Created credentials can be then set using the setCredentials(Object,Credentials[]) method. If credentials with a given name, password, and authenticationMechanism can not be created, NoSuchProviderException or RuntimeWrappedException is thrown.

Parameters:
userName - user name, can be null
authData - authentication data, e.g. password of the user, can be null
authenticationMechanism - authentication mechanism (e.g. "SSL" or "HttpBasic")
Returns:
client credentials created with given authentication mechanism, user name and password
Throws:
java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

acquireServerCredentials

public static Credentials acquireServerCredentials(java.lang.String userName,
                                                   java.lang.String authData,
                                                   java.lang.String authenticationMechanism)
                                            throws java.security.NoSuchProviderException
Creates server credentials for given name, password and authentication mechanism. Credentials being created may then associated with web service context using the setCredentials(WSContext,Credentials[]) method. If credentials with a given name, password, and authenticationMechanism can not be created, NoSuchProviderException or RuntimeWrappedException is thrown.

Parameters:
userName - user name or alias, can be null
authData - authentication data, e.g. password of the user, can be null
authenticationMechanism - authentication mechanism (e.g. "SSL" or "HttpBasic")
Returns:
credentials created with given authentication mechanism, user name and password, null if credentials cannot be created
Throws:
java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

getCredentials

public static Credentials[] getCredentials(ServiceClient serviceClient)
Returns array of Credentials which were previously set on service client context or execution context, if the first parameter is null. If none were set, this method returns null.

Parameters:
serviceClient - service client, or null to to use execution context
Returns:
array of Credentials for given serviceClient, it may return null.

setCredentials

public static void setCredentials(ServiceClient serviceClient,
                                  Credentials[] creds)
Sets Credentials for given ServiceClient instance or whole execution context, if the first parameter is null. This method only sets credentials.

Parameters:
serviceClient - service client, or null to use execution context
creds - array of Credentials to be set for given serviceClient, may be null
See Also:
setInitiatingProvider(ServiceClient,String)

setInitiatingProvider

public static void setInitiatingProvider(ServiceClient serviceClient,
                                         java.lang.String providerName)
                                  throws java.security.NoSuchProviderException
Sets initiating provider to ServiceClient instance or to the execution context depending on the parameter value.

Parameters:
serviceClient - service client, can be null to set default client security provider
providerName - provider name or null to set no provider
Throws:
java.security.NoSuchProviderException - if there is no provider for specified authentication mechanism

setProviderProperties

public static void setProviderProperties(ServiceClient serviceClient,
                                         java.util.Map properties)
Deprecated. Use setProviderProperties(ServiceClient serviceClient, Configurable config, String providerName) instead.

Sets properties for security providers, these properties are provider specific and they are applied only for service client. Available properties for Kerberos provider are:

WaspSecurity.SYSTINET_KRB_PRIVATE_STATE
boolean value for creating GSS MessageProps object, default value is true
WaspSecurity.SYSTINET_KRB_QOP_VALUE
integer value for creating GSS MessageProps object, default value is 0
WaspSecurity.SYSTINET_KRB_REQ_MIC
boolean value for initiating client GSS Context, default value is false
WaspSecurity.SYSTINET_REQ_MUTUAL_AUTH
boolean value for initiating client GSS Context, default value is true
WaspSecurity.SYSTINET_REQ_CONF
boolean value for initiating client GSS Context, default value is true
WaspSecurity.SYSTINET_KERBEROS_SERVICE_REALM
realm of service that krb client will look up, for example KDC.WEST.COMPANY.COM. It is suitable to cross-realm authentication. Default realm is the value in krb5.conf.

Available properties for SoapDSig provider are:

WaspSecurity.SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD
canonicalization method for creating signature, may be "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", default value is "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
WaspSecurity.SYSTINET_SOAPDSIG_DIGEST_METHOD
default value is "http://www.w3.org/2000/09/xmldsig#sha1"
WaspSecurity.SYSTINET_SOAPDSIG_SIGNATURE_METHOD
may be "http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", or "http://www.w3.org/2000/09/xmldsig#hmac-sha1", usually derived from given private key
WaspSecurity.SYSTINET_SOAPDSIG_TRANSFORMS
WaspSecurity.SYSTINET_SOAPDSIG_KEYNAME
any string
WaspSecurity.SYSTINET_SOAPDSIG_SIGNATURE_TYPE
may be "MS", "W3", or "WS_SECURE_20020405". Default value is "WS_SECURE_20020405" that conforms with definition by WS-I by MS, IBM and Verisign 2002-04-05.

To get more information about these properties, see SignatureCreator.

Parameters:
serviceClient - service client, cannot be null
properties - properties to set

setProviderProperties

public static void setProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                         java.util.Map properties)
Deprecated. Use setProviderProperties(ServiceEndpointContext serviceEndpointContext, Configurable config, String providerName) instead.

Sets properties for security providers, these properties are provider specific and they are applied only for service endpoint context. Available properties for Kerberos provider are:

WaspSecurity.SYSTINET_KRB_PRIVATE_STATE
boolean value for creating GSS MessageProps object, default value is true
WaspSecurity.SYSTINET_KRB_QOP_VALUE
integer value for creating GSS MessageProps object, default value is 0
WaspSecurity.SYSTINET_KRB_REQ_MIC
boolean value for initiating client GSS Context, default value is false
WaspSecurity.SYSTINET_REQ_MUTUAL_AUTH
boolean value for initiating client GSS Context, default value is true
WaspSecurity.SYSTINET_REQ_CONF
boolean value for initiating client GSS Context, default value is true
WaspSecurity.SYSTINET_KERBEROS_SERVICE_REALM
realm of service that krb client will look up, for example KDC.WEST.COMPANY.COM. It is suitable to cross-realm authentication. Default realm is the value in krb5.conf.

Available properties for SoapDSig provider are:

WaspSecurity.SYSTINET_SOAPDSIG_CANONICALIZATION_METHOD
canonicalization method for creating signature, may be "http://www.w3.org/2001/10/xml-exc-c14n#", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", default value is "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
WaspSecurity.SYSTINET_SOAPDSIG_DIGEST_METHOD
default value is "http://www.w3.org/2000/09/xmldsig#sha1"
WaspSecurity.SYSTINET_SOAPDSIG_SIGNATURE_METHOD
may be "http://www.w3.org/2000/09/xmldsig#dsa-sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1", or "http://www.w3.org/2000/09/xmldsig#hmac-sha1", usually derived from given private key
WaspSecurity.SYSTINET_SOAPDSIG_TRANSFORMS
WaspSecurity.SYSTINET_SOAPDSIG_KEYNAME
any string
WaspSecurity.SYSTINET_SOAPDSIG_SIGNATURE_TYPE
may be "MS", "W3", or "WS_SECURE_20020405". Default value is "WS_SECURE_20020405" that conforms with definition by WS-I by MS, IBM and Verisign 2002-04-05.

To get more information about these properties, see SignatureCreator.

Parameters:
serviceEndpointContext - service endpoint context, cannot be null
properties - properties to set

setProviderProperties

public static void setProviderProperties(ServiceClient serviceClient,
                                         Configurable config,
                                         java.lang.String providerName)
                                  throws java.security.NoSuchProviderException
Sets properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:
serviceClient - service client, cannot be null
config - the configurable object that determines provider properties
providerName - name of the security provider to set the properties
Throws:
java.security.NoSuchProviderException

setProviderProperties

public static void setProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                         Configurable config,
                                         java.lang.String providerName)
                                  throws java.security.NoSuchProviderException
Sets properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:
serviceEndpointContext - service endpoint context, cannot be null
config - the configurable object that determines provider properties
providerName - name of the security provider to set the properties
Throws:
java.security.NoSuchProviderException

getProviderProperties

public static Configurable getProviderProperties(ServiceEndpointContext serviceEndpointContext,
                                                 java.lang.String providerName)
Returns properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:
serviceEndpointContext - service endpoint context, cannot be null
providerName - name of the security provider to get the properties
Returns:
Configurable instance

getProviderProperties

public static Configurable getProviderProperties(ServiceClient serviceClient,
                                                 java.lang.String providerName)
Returns properties of security providers that are determined by the given instance of Configurable. The config object is then narrowed to corresponding configuration interface. This method is usually used for configuration, integration,... In most cases, users needn't to use this method.

Parameters:
serviceClient - service client, cannot be null
providerName - name of the security provider to get the properties
Returns:
Configurable instance

resetCredentials

public static void resetCredentials()
Resets client credentials in the current execution context. This method should be invoked to prevent access to credentials by another thread and / or if you want to lookup another service using different default credentials.

getAnRequirementsForEndpoint

public static java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL,
                                                              java.lang.String serviceEndpointPath)
                                                       throws WebServiceLookupException
Returns authentication requirements for specified service endpoint in the context of server URL. The return value depends on WaspSecurity implementation. For example, it can be read using some handshake against some service in the scope of serverURL or simply solved by configuration. If the implementation uses such handshake, the WebServiceLookupException can be thrown.

Parameters:
serverURL - server URL (e.g. "http://localhost:6060/wasp")
serviceEndpointPath - service endpoint path (e.g. "/admin/DeployService"), can be null to query default authentication requirements
Returns:
accepting providers for the given web service endpoint, empty array can be also returned
Throws:
WebServiceLookupException - unable to lookup the service providing endpoint security information

getAnRequirementsForEndpoint

public static java.lang.String[] getAnRequirementsForEndpoint(java.lang.String serverURL,
                                                              java.lang.String serviceEndpointPath,
                                                              boolean isGetTransportMethod)
                                                       throws WebServiceLookupException
Returns authentication requirements for specified web service endpoint in the context of server URL and transport method. The return value depends on WaspSecurity implementation. For example, it can be read using some handshake against some service in the scope of serverURL or simply solved by configuration. If the implementation uses such handshake, the WebServiceLookupException can be thrown.

Parameters:
serverURL - server URL (e.g. "http://localhost:6060"); can be null to use local server
serviceEndpointPath - service endpoint path (e.g. "/admin/DeployService"), can be null to query default authentication requirements
isGetTransportMethod - true in the case that it must consider GET transport, false otherwise
Returns:
accepting providers for the given web service endpoint, empty array can be also returned
Throws:
WebServiceLookupException - unable to lookup the service providing endpoint security information

checkPermission

public static void checkPermission(java.security.Permission perm)
                            throws java.security.AccessControlException
Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security WSO2 SOA Enablement Server policy currently in effect. This method quietly returns if the access request is permitted, or throws AccessControlException otherwise. Default implementation allows every permission.

Parameters:
perm - the requested permission (should not be null)
Throws:
java.security.AccessControlException - if the specified permission is not permitted, based on the current security policy.

getProviderPropertiesIface

public static java.lang.Class getProviderPropertiesIface(java.lang.String providerName)
                                                  throws java.security.NoSuchProviderException
Returns configuration class of the given provider. If the provider hasn't any configuration class, this method returns null. This class is used mainly by management services.

Parameters:
providerName - a given provider name
Returns:
Returns configuration class of the given provider.
Throws:
java.security.NoSuchProviderException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD