WSSEConf (WSO2 SOA Enablement Server for Java 6.6 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.systinet.wasp.security.ws.conf
Interface WSSEConf

All Known Subinterfaces:: WSSEGlobalConf, WSSEProviderConf

public interface WSSEConf

Represents configuration of external security tokens, incoming validator and policies of certificate validation, timestamp header expiration and username token validation.

In message processing all WSSEConf configurations are merged together. The priority of configurations is: runtime conf. in call context, runtime conf. in service client/endpoint context, persistent conf. in service client/endpoint descriptor and persistent global configuration.

Runtime configuration
The instance of Configurable narrowed to this interface is stored in contextdata of CallContext, ServiceEndpoint or ServiceClient under the key Constants.CD_SECURITY_CONFIGURATION. Configuration stored at CallContext has higher priority than configuration at service endpoint and service client.

Example:

Configuration on ServiceClient (usually of request message):

 Configurable configurable = Configurator.newRuntimeConfigurable();
 WSSEConf securityConf = (WSSEConf)configurable.narrow(WSSEConf.class);
 ...setup configuration
 ServiceClient serviceClient = ServiceClient.create(...);
 MyService ref = (MyService)serviceClient.createProxy( MyService.class );

 // set it on service client
 serviceClient.getContext().getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);

 // set it on call context
 serviceClient.getCallContext().getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);

Configuration on ServiceEndpoint (usually configuration of reply message):

 Configurable configurable = Configurator.newRuntimeConfigurable();
 WSSEConf securityConf = (WSSEConf)configurable.narrow(WSSEConf.class);
 ...setup configuration
 ServiceEndpointContext serviceEndpointContext = Current.getServiceEndpointContext();

 // set it on the service endpoint
 serviceEndpointContext.getContextData().put(Constants.CD_SECURITY_CONFIGURATION, securityConf);

 // or set it on call context - this code must be called in processing (e.g., service's code, validator,...)
 Current.getCallContext().getContextData().put( Constants.CD_SECURITY_CONFIGURATION, securityConf);

Persistent configuration
this interface cannot be directly used in persistent configuration. WSSEProviderConf and WSSEGlobalConf have to be used (these interfaces inherit this interface).

Since:: 4.6
Component:: Security-Providers

Method Summary
`java.lang.Integer`	`getClockSkew()` Gets the clock skew.
`java.lang.Boolean`	`getDisableCertCheck()` When a security token of type X509 is received, it's checked, whether it is 1) valid and 2) trusted.
`ExternalSecurityTokensConf`	`getExternalSecurityTokens()` This method returns configuration of external security tokens.
`java.lang.Boolean`	`getFaultStackTrace()` Gets "stacktrace-in-fault" flag.
`java.lang.Boolean`	`getIgnoreTimestampHeaderExpiration()` When a timestamp header is received, it may contain the expires value.
`java.lang.Boolean`	`getNoUsernameTokenValidation()`
`java.lang.Integer`	`getTimestampHeaderExpiration()` Gets expiration time of timestamp header.
`java.lang.Integer`	`getTimestampHeaderMaxAge()` Gets max age accepted of timestamp header.
`java.lang.Integer`	`getTokenExpiration()` Gets expiration time of WS-Security unsigned tokens.
`java.lang.String`	`getValidatorClassName()` Returns a class name of the validator class.
`ExternalSecurityTokensConf`	`newExternalSecurityTokens()` Returns new instance of `ExternalSecurityTokensConf`.
`void`	`setClockSkew(java.lang.Integer clockSkew)` Sets the clock skew.
`void`	`setDisableCertCheck(java.lang.Boolean flag)` When a security token of type X509 is received, it's checked, whether it is 1) valid and 2) trusted.
`void`	`setExternalSecurityTokens(ExternalSecurityTokensConf externalSecurityTokensConfs)` Sets configuration of external security tokens.
`void`	`setFaultStackTrace(java.lang.Boolean flag)` Sets "stacktrace-in-fault" flag.
`void`	`setIgnoreTimestampHeaderExpiration(java.lang.Boolean flag)` Sets timestamp expiration ignore flag.
`void`	`setNoUsernameTokenValidation(java.lang.Boolean flag)` The UsernameToken may contain nonce and created values, which improve the security level.
`void`	`setTimestampHeaderExpiration(java.lang.Integer millis)` Sets expiration time of timestamp header `wsu:Timestamp`.
`void`	`setTimestampHeaderMaxAge(java.lang.Integer millis)` Sets max age accepted of timestamp header when `wsu:Expires` is omitted, but `wsu:Created` is present.
`void`	`setTokenExpiration(java.lang.Integer millis)` Sets expiration time of WS-Security tokens.
`void`	`setValidatorClassName(java.lang.String className)` Sets a class name of the validator class.

Method Detail

getIgnoreTimestampHeaderExpiration

public java.lang.Boolean getIgnoreTimestampHeaderExpiration()

When a timestamp header is received, it may contain the expires value. If the expiration has already occured, this flag prevents a message to be rejected.

Returns:: flag value
See Also:: setIgnoreTimestampHeaderExpiration(Boolean)

setIgnoreTimestampHeaderExpiration

public void setIgnoreTimestampHeaderExpiration(java.lang.Boolean flag)

Sets timestamp expiration ignore flag.

Parameters:: flag - true to ignore header expiration
See Also:: getIgnoreTimestampHeaderExpiration()

setNoUsernameTokenValidation

public void setNoUsernameTokenValidation(java.lang.Boolean flag)

The UsernameToken may contain nonce and created values, which improve the security level. When such token is received, it's validated - the uniqueness of nonce is and the expiration is checked (created + token expiration < current time). This validation can be swithed off by this property.

Parameters:: flag - the value
See Also:: setTokenExpiration(java.lang.Integer), getTokenExpiration(), getNoUsernameTokenValidation()

getNoUsernameTokenValidation

public java.lang.Boolean getNoUsernameTokenValidation()

Returns:: the flag value
See Also:: setNoUsernameTokenValidation(java.lang.Boolean)

getDisableCertCheck

public java.lang.Boolean getDisableCertCheck()

When a security token of type X509 is received, it's checked, whether it is 1) valid and 2) trusted. This check can be disabled by this flag.

Returns:: Boolean.TRUE, if the check is to be disabled.
See Also:: setDisableCertCheck(java.lang.Boolean)

setDisableCertCheck

public void setDisableCertCheck(java.lang.Boolean flag)

When a security token of type X509 is received, it's checked, whether it is 1) valid and 2) trusted. This check can be disabled by this flag.

Parameters:: flag - Boolean.TRUE, if the check is to be disabled.
See Also:: getDisableCertCheck()

getExternalSecurityTokens

public ExternalSecurityTokensConf getExternalSecurityTokens()

This method returns configuration of external security tokens. Configuration is stored in ExternalSecurityTokensConf. By default, security tokens are generated into SOAP message. In some cases (i.e., due to security reasons) it is not preferable to put security token into SOAP message. To avoid putting of security token into outgoing SOAP message and to setup security tokens for incoming message these security tokens must be defined here. All these security tokens are available to all SecuredMessage configurations.

Returns:: configuration of external security tokens

setExternalSecurityTokens

public void setExternalSecurityTokens(ExternalSecurityTokensConf externalSecurityTokensConfs)

Sets configuration of external security tokens.

Parameters:: externalSecurityTokensConfs -
See Also:: getExternalSecurityTokens()

newExternalSecurityTokens

public ExternalSecurityTokensConf newExternalSecurityTokens()

Returns new instance of ExternalSecurityTokensConf.

Returns:: new instance of ExternalSecurityTokensConf.
See Also:: getExternalSecurityTokens()

getValidatorClassName

public java.lang.String getValidatorClassName()

Returns a class name of the validator class.

Returns:: the class name or null, if no validator is to be used
See Also:: IncomingValidator, setValidatorClassName(String className)

setValidatorClassName

public void setValidatorClassName(java.lang.String className)

Sets a class name of the validator class. In runtime it is also possible to set reference of validator class using Constants.CD_VALIDATOR_INSTANCE.

Parameters:: className - the class name or null, if no validator is to be used
See Also:: IncomingValidator, getValidatorClassName()

setTokenExpiration

public void setTokenExpiration(java.lang.Integer millis)

Sets expiration time of WS-Security tokens. For example the UsernameToken contains timestamp which holds the time of its creation. When the token is received, the implementation MUST check if the token created timestamp + expiration value is higher than the current time. If not, the token is rejected. On the sender's side, the expiration time MUST be computed as creation time + token expiration for the case of online messaging.

Parameters:: millis - expiration time in milliseconds
See Also:: getTokenExpiration()

getTokenExpiration

public java.lang.Integer getTokenExpiration()

Gets expiration time of WS-Security unsigned tokens.

Returns:: token expiration time in milliseconds
See Also:: setTokenExpiration(Integer millis)

getClockSkew

public java.lang.Integer getClockSkew()

Gets the clock skew.

Returns:: clock skew in milliseconds
See Also:: setClockSkew(Integer clockSkew)

setClockSkew

public void setClockSkew(java.lang.Integer clockSkew)

Sets the clock skew. The value is taken into account during validation of the timestamp header. Default value is 5 minutes.

Parameters:: clockSkew - clock skew in milliseconds
See Also:: getClockSkew()

setTimestampHeaderExpiration

public void setTimestampHeaderExpiration(java.lang.Integer millis)

Sets expiration time of timestamp header wsu:Timestamp. The value of wsu:Expires is computed as

creation time + expiration time

Parameters:: millis - expiration time in milliseconds
See Also:: getTimestampHeaderExpiration()

getTimestampHeaderExpiration

public java.lang.Integer getTimestampHeaderExpiration()

Gets expiration time of timestamp header.

Returns:: expiration time in milliseconds
See Also:: setTimestampHeaderExpiration(Integer millis)

setTimestampHeaderMaxAge

public void setTimestampHeaderMaxAge(java.lang.Integer millis)

Sets max age accepted of timestamp header when wsu:Expires is omitted, but wsu:Created is present. Message is rejected if

created + max age < current time

Default value is 5 minutes.

Parameters:: millis - max age accepted in milliseconds; -1 for no limit
Since:: 6.5.1
See Also:: getTimestampHeaderMaxAge()

getTimestampHeaderMaxAge

public java.lang.Integer getTimestampHeaderMaxAge()

Gets max age accepted of timestamp header.

Returns:: max age accepted in milliseconds
Since:: 6.5.1
See Also:: setTimestampHeaderMaxAge(Integer millis)

getFaultStackTrace

public java.lang.Boolean getFaultStackTrace()

Gets "stacktrace-in-fault" flag. Default value is false.

Returns:: true or false
Since:: 6.5.1
See Also:: setFaultStackTrace(Boolean)

setFaultStackTrace

public void setFaultStackTrace(java.lang.Boolean flag)

Sets "stacktrace-in-fault" flag.

Parameters:: flag - true tells the server to render stacktrace into SOAP fault when WSSecurityException occurs during processing of Security header; false otherwise.
Since:: 6.5.1