SecurityTokenConf (WSO2 SOA Enablement Server for Java 6.6 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.systinet.wasp.security.ws.conf
Interface SecurityTokenConf

All Superinterfaces:: ElementConf, OrderedElementConf

public interface SecurityTokenConf
extends OrderedElementConf

Represents security token defined by WS-Security specification. This configuration interface is generic for all security tokens. Configuration contains type of security token and its properties that closely defines tokens.
If security token configuration is a part of MessageConf then it is placed at outgoing message. If security token configuration is placed in ExternalSecurityTokensConf then security token is never placed in outgoing message (e.g., if you do not want disclose your symmetric key or certificate).
The sender and receiver must be able to (de)reference token, thus the correct reference in KeyInfo must be used.

Types of Security tokens

X509v3 Binary Security Token
This security token specified by OASIS WS-Security. The token represents X509v3 certificate which keys can be used in encryption and signature. Generally, certificate's public key is directly accessible using X509Certificate.getPublicKey, but to retrieve private key, password is required.
For encryption certificate's PublicKey is used, for decryption corresponding
PrivateKey stored in WSO2 SOA Enablement Server's KeyStore is used.
For signature creation corresponding PrivateKey stored in WSO2 SOA Enablement Server's KeyStore is used, for signature verifying certificate's PublicKey is used.
The type must be set to ST_VALUE_TYPE_X509V3. Certificate and private key are identified as follows:
- if property ST_PROPERTY_NAME_BASE64_CERT is set, then the property value is Base64 string of X509Certificate.getEncoded. This certificate will be used. If there is a PrivateKeyCertsCredential with the same certificate, then credential's private key is used.
- if property ST_PROPERTY_NAME_ALIAS is set, then the property value is certificate's alias to KeyStore. If ST_PROPERTY_NAME_PASSWORD is set, then the private key is retrieved from WSO2 SOA Enablement Server KeyStore, otherwise there is no private key.
- if there are not defined properties, and on the stub there is PrivateKeyCertsCredential available, then it is used - it holds both Certificate and private key.
- if there are not defined properties, and there is NamePasswordCredential available, then credential's name and password are used in the same way like properties ST_PROPERTY_NAME_ALIAS and ST_PROPERTY_NAME_PASSWORD are used.
Applicable KeyInfo's reference modes are Constants.STM_KEYIDENTIFIER, Constants.STM_REFERENCE and Constants.STM_KEYNAME. Value of key identifier reference (Constants.STM_KEYIDENTIFIER) is SHA-1 value of public key.
Username Security Token
This security token specified by OASIS WS-Security. It represents claim that a user sent message. The claim must be validated by receiver. It is usually encrypted using EncryptedData to protect sensitive data (e.g., password) used for token validation. The token contains following properties used to help to validate the claim:
- optional Constants.ST_PROPERTY_NAME_ALIAS it contains alias (username) of user in WSO2 SOA Enablement Server's KeyStore. If the property is not specified, then alias is taken from current NamePasswordCredential.
- optional Constants.ST_PROPERTY_NAME_PASSWORD it contains alias' password. If alias was taken from NamePasswordCredential, then this property is ignored and password is taken from the credential too.
- mandatory Constants.ST_PROPERTY_NAME_PASSWORD_TYPE. It describes what type of password is used - Constants.PT_TEXT_VALUE for plain text or Constants.PT_DIGEST_VALUE for digest.
- optional Constants.ST_PROPERTY_NAME_NO_NONCE_CREATED if set to true then nonce is not created into message.
- optional Constants.ST_PROPERTY_NAME_NONCE_BASE_64 if set, then it contains Base64 of nonce that will be passed into message.
- optional Constants.ST_PROPERTY_NAME_CREATED if set then it contains the date for created part of the token. If not set, current time is used. created is generated only if nonce is present.
Applicable KeyInfo's reference modes are Constants.STM_REFERENCE and Constants.STM_KEYNAME.
Currently, the Username Security Token is the only token, which authenticates the incoming call. It uses either JAAS configuration entry NamePasswordAN (plain text password) or NameDigestAN (digested password).
Symmetric key Security Token
This security token IS NOT specified by OASIS WS-Security - it is WSO2 SOA Enablement Server proprietary. It servers as holder of symmetric key. Symmetric key can be used as encoding, decoding, signing and autheticating key. It is NEVER a part of SOAP message, it must be configured as ExternalSecurityTokens.
There are two properties:
- mandatory Constants.ST_PROPERTY_NAME_ENCODED_KEY - it holds Base64 string of SecretKey.getEncoded.
- optional Constants.ST_PROPERTY_NAME_KEY_ALGORITHM - it contains JCE algorithm name of the symmetric key. If not specified, empty string (no algorithm name) is assumed.
Applicable KeyInfo's reference modes are Constants.STM_REFERENCE and Constants.STM_KEYNAME, but preferred mode is Constants.STM_KEYNAME because it represents key in KeyInfo under KeyName instead of SecurityTokenReference - this provides interoperability with non WSO2 SOA Enablement Server implementation of WS-Security.

Configuration

Runtime
Runtime configuration is a part of MessageConf. Configuration of externals security token is described in ExternalSecurityTokens.
Persistent
Persistent configuration is described in WSSEProviderConf. Configuration of externals security token is described in ExternalSecurityTokens. Schema is described in WSSEGlobalConf.

Since:: 4.6
Component:: Security-Providers

Method Summary
`PropertyConf[]`	`getProperties()` Gets security token properties.
`java.lang.String`	`getType()` Gets the type of the security token.
`PropertyConf`	`newProperty()` Creates new instance of `PropertyConf`.
`void`	`setProperties(PropertyConf[] propertyConfs)` Sets properties specific for security token type.
`void`	`setType(java.lang.String type)` Sets the type of represented token.

Methods inherited from interface org.systinet.wasp.security.ws.conf.OrderedElementConf

getOrder, setOrder

Methods inherited from interface org.systinet.wasp.security.ws.conf.ElementConf

getWsuId, setWsuId

Method Detail

setType

public void setType(java.lang.String type)

Sets the type of represented token. It is mandatory to set the type. Supported types are described in SecurityTokenConf.

Parameters:: type - security token type.
See Also:: getType()

getType

public java.lang.String getType()

Gets the type of the security token.

Returns:: token type
See Also:: setType(java.lang.String)

setProperties

public void setProperties(PropertyConf[] propertyConfs)

Sets properties specific for security token type. Security tokens takes special properties for its initialization. Properties for each type of security token are described in SecurityTokenConf.

Parameters:: propertyConfs - properties
See Also:: getProperties()

getProperties

public PropertyConf[] getProperties()

Gets security token properties.

Returns:: security token properties
See Also:: setProperties(org.systinet.wasp.security.ws.conf.PropertyConf[])

newProperty

public PropertyConf newProperty()

Creates new instance of PropertyConf.

Returns:: instance that is supposed to be filled by valid data
See Also:: setProperties(org.systinet.wasp.security.ws.conf.PropertyConf[])