org.systinet.wasp.security.ws
Interface IncomingValidator

public interface IncomingValidator

The IncomingValidator interface should be implemented by any class if developer wants to validate WS-Security configuration of incoming messages. The validate(org.systinet.wasp.security.ws.conf.MessageConf) method is called by WSO2 SOA Enablement Server WS-Security implementation to let developer/deployer check if incoming message was enough secured by WS-Security (i.e., if there was security token, signature, encrypted data, etc...).
There are two types of configuration:

• Class based
  the Class name that implements IncomingValidator interface is stored in runtime configuration using WSSEConf.setValidatorClassName. In persistent configuration it is a part of service's client or endpoint configuration WSSEProviderConf, and default configuration WSSEGlobalConf.
  In this configuration, the new instance of given class is created and validate(org.systinet.wasp.security.ws.conf.MessageConf) method is called.

  In deployment descriptor of your service or client it necessary to add dependency to the package of security_providers in order to use the IncomingValidator interface. On the service, the service package has to be referenced, on the client, the clinent package has to be referenced.

  Example of runtime class based configuration:

  • Configuration on ServiceClient (validator validates reply message):

     Configurable configurable = Configurator.newRuntimeConfigurable();
     WSSEConf securityConf = (WSSEConf)configurable.narrow(WSSEConf.class);
     ...
     securityConf.setValidatorClassName( "org.mycompany.validator" );
     ...
     ServiceClient serviceClient = ServiceClient.create(...);
     MyService ref = (MyService)serviceClient.createProxy( MyService.class );
    
     // set it on service client
     serviceClient.getContext().getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);
    
     // set it on call context
     serviceClient.getCallContext().getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);
     

  • Configuration on ServiceEndpoint (validator validates request message):

     Configurable configurable = Configurator.newRuntimeConfigurable();
     WSSEConf securityConf = (WSSEConf)configurable.narrow(WSSEConf.class);
     ...
     securityConf.setValidatorClassName( "org.mycompany.validator" );
     ...
     ServiceEndpointContext serviceEndpointContext = Current.getServiceEndpointContext();
    
     // set it on the service endpoint
     serviceEndpointContext.getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);
    
     // or set it on call context - this code must be called in processing (e.g., service's code, validator,...)
     Current.getCallContext().getContextData().put( Constants.CD_SECURITY_CONFIGURATION, securityConf);
     

• Instance based
  This is used for runtime configuration only. The reference to existing instance is stored in contextdata under the key Constants.CD_VALIDATOR_INSTANCE of Call Context, Service Endpoint or Service Client.
  In this configuration, the specified instance is used and validate(org.systinet.wasp.security.ws.conf.MessageConf) method is called.

  Example of runtime instance based configuration:

  • Configuration on ServiceClient (validator validates reply message):

     IncomingValidator myValidatorInstance = ...your validator instance...
     ServiceClient serviceClient = ServiceClient.create(...);
     MyService ref = (MyService)serviceClient.createProxy( MyService.class );
    
     // set it on the service client
     serviceClient.getContext().getContextData().put(Constants.CD_VALIDATOR_INSTANCE, myValidatorInstance);
    
     // set it on call context
     serviceClient.getCallContext().getContextData().put(Constants.CD_VALIDATOR_INSTANCE, myValidatorInstance);
     

  • Configuration on ServiceEndpoint (validator validates request message):

     IncomingValidator myValidatorInstance = ...your validator instance...
     ServiceEndpointContext serviceEndpointContext = Current.getServiceEndpointContext();
    
     // set it on the service endpoint
     serviceEndpointContext.getContextData().put(Constants.CD_VALIDATOR_INSTANCE, myValidatorInstance);
    
     // or set it on call context - this code must be called in processing (e.g., service's code, validator,...)
     Current.getCallContext().getContextData().put(Constants.CD_VALIDATOR_INSTANCE, myValidatorInstance);
     

Since:

4.6

Component:

Security-Providers

Method Summary

void	validate(MessageConf wsSecIncomingMessageConf) Called by WS-Security implementation.

Method Detail

validate

public void validate(MessageConf wsSecIncomingMessageConf)
              throws WSSecurityException

Called by WS-Security implementation. It checks if configuration of WSO2 SOA Enablement Server WS-Security of incoming message is sufficient (i.e., there was security token, signature, encrypted data, etc...). If it is not then exception must be thrown.

Parameters:

wsSecIncomingMessageConf - incoming message's configuration of WS-Security.

Throws:

WSSecurityException - thrown when incoming message is not secured enough