com.ibm.wsspi.wssecurity.core.token.config
Interface RequesterConfiguration.RSTT
- public static interface RequesterConfiguration.RSTT
RequesterConfig
used to specify the content of the RequestSecurityToken
trust request.Example settings:
requestConfig.put(RequesterConfiguration.RSTT.APPLIESTO_ADDRESS, "http://w3.appliesto.com/"); requestConfig.put(RequesterConfiguration.RSTT.ISSUER_ADDRESS, "http://w3.issuer.com/"); requestConfig.put(RequesterConfiguration.RSTT.KEYSIZE, "128"); requestConfig.put(RequesterConfiguration.RSTT.KEYTYPE, WSSConstants.WST12.KEYTYPE_SYMMETRICKEY);Results in a request containing elements similar to:
<wst:RequestSecurityToken>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://w3.appliesto.com/</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Issuer>
<wsa:Address>http://w3.issuer.com/</wsa:Address>
</wst:Issuer>
<wst:KeySize>128</wst:KeySize>
<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</wst:KeyType>
</wst:RequestSecurityToken>
Field Summary
Modifier and Type | Field and Description |
---|---|
|
ALLOWPOSTDATING
Indicates that the token request may specify the token is not immediately valid.
|
|
APPLIESTO_ADDRESS
Specifies the webservice address where the requested token is intended to be used.
|
|
APPLIESTO_PORTTYPE
Specifies the port type of the webservice where the requested token is intended to be used.
|
|
APPLIESTO_SERVICENAME
Specifies the service name of the webservice where the requested token is intended to be used.
|
|
AUTHENTICATIONTYPE
Specifies type of authentication desired.
|
|
CANONICALIZATIONALGORITHM
Specifies the desired canonicalization method to be used with the returned token.
|
|
CLAIMS
Claim information associated with an issued token.
|
|
CLAIMS_DIALECT
Indicates the syntax of the claims information.
|
|
COMPUTEDKEYALGORITHM
Specifies the desired key derivation algorithm to be used in the generation of the returned token.
|
|
CONTEXT
Specifies the context attribute to be included in the trust request.
|
|
DELEGATABLE
Specifies if the requested token may be delegated to another party.
|
|
ENCRYPTIONALGORITHM
Specifies the desired encryption algorithm to be used within the generated token.
|
|
ENCRYPTWITH
Specifies the desired encryption algorithm to be used with the issued security token.
|
|
ENTROPY_BINARYSECRET
Specifies the requester's entropy as a binary secret.
|
|
ENTROPY_BINARYSECRET_TYPE
Specifies the type of secret being encoded.
|
|
ENTROPY_ENCRYPTEDKEY_ALGORITHM
Specifies the encryption algorithm to be associated with the specified entropy cipher data.
|
|
ENTROPY_ENCRYPTEDKEY_CIPHERVALUE
Specifies the requester's entropy cipher data.
|
|
EXTENSION_BASE
An extenstion to WS-Trust 1.2 used to specify the security token to be validated.
|
|
FORWARDABLE
Specifies if the requested token may be used from alternate machines.
|
|
ISSUER_ADDRESS
Specifies the webservice address where the request's signing token was issued.
|
|
ISSUER_PORTTYPE
Specifies the webservice port type where the request's signing token was issued.
|
|
ISSUER_SERVICENAME
Specifies the webservice service name where the request's signing token was issued.
|
|
KEYSIZE
Specifies the number of bits of the key required.
|
|
KEYTYPE
Specifies the type of key desired in the security token.
|
|
LIFETIME_CREATED
Specifies the requested creation time of the security token.
|
|
LIFETIME_EXPIRES
Specifies the requested expiration time of the security token.
|
|
POLICYREFERENCE_URI
Specifies a reference to the policy that contains settings for the requested token.
|
|
RENEWING_ALLOW
Specifies if the lifetime of the requested token can be extended.
|
|
RENEWING_OK
Specifies if the lifetime of the requested token can be renewed after expiration.
|
|
SIGNATUREALGORITHM
Specifies the desired signature algorithm used with the issued token.
|
|
SIGNWITH
Specifies the desired signature algorithm used within the issued token.
|
|
TOKENTYPE
Specifies the type of security token requested.
|
|
VALIDATETARGET_REFERENCE_URI
Specifies URI of the security token to be validated.
|
|
VALIDATETARGET_REFERENCE_VALUETYPE
Specifies the type of the security token to be validated.
|
|
VALIDATETARGET_TOKEN_XML
Specifies security token to be validated.
|
Field Detail
ALLOWPOSTDATING
- static final java.lang.String ALLOWPOSTDATING
APPLIESTO_ADDRESS
- static final java.lang.String APPLIESTO_ADDRESS
Valid values are URI strings.
The APPLIESTO_ADDRESS setting may be used alone or in combination with
APPLIESTO_PORTTYPE
and APPLIESTO_SERVICENAME
.
When used alone the formatted wsp:AppliesTo element will appear in the trust request such as:
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
If APPLIESTO_PORTTYPE
and/or APPLIESTO_SERVICENAME
are also set, the
settings appear grouped inside wsp:AppliesTo
element such as:
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
<wsa:ServiceName>MyServiceName</wsa:ServiceName>
</wsa:EndpointReference>
</wsp:AppliesTo>
EXTENSION_BASE
- static final java.lang.String EXTENSION_BASE
Set EXTENSION_BASE to a String representation of the token elements.
When set, the trust request will include the wst:Base
element.
For example, when EXTENSION_BASE is set to the String:
"<wss:UsernameToken xmlns:wss=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"
xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"
wsu:Id=\"usernameac5168b8-0123-1b65-b8b4-9d6bd9a2f0bb\"><wss:Username>testuser</wss:Username>
<wsu:Created>2009-09-12T03:34:59Z</wsu:Created></wss:UsernameToken>"
An element similar to the following is included in the request:
<wst:Base>
<wss:UsernameToken xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameac5168b8-0123-1b65-b8b4-9d6bd9a2f0bb">
<wss:Username>testuser</wss:Username>
<wsu:Created>2009-09-12T03:34:59Z</wsu:Created>
</wss:UsernameToken>
</wst:Base>
APPLIESTO_PORTTYPE
- static final java.lang.String APPLIESTO_PORTTYPE
Valid values are URI strings.
See APPLIESTO_ADDRESS
and APPLIESTO_SERVICENAME
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
</wsa:EndpointReference>
</wsp:AppliesTo>
APPLIESTO_SERVICENAME
- static final java.lang.String APPLIESTO_SERVICENAME
Valid values are strings.
See APPLIESTO_ADDRESS
and APPLIESTO_PORTTYPE
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:ServiceName>MyServiceName</wsa:ServiceName>
</wsa:EndpointReference>
</wsp:AppliesTo>
AUTHENTICATIONTYPE
- static final java.lang.String AUTHENTICATIONTYPE
Valid values are URI strings.
When set, the trust request will include the following wst:AuthenticationType
element, where "..." is
specified URI:
<wst:AuthenticationType>...</wst:AuthenticationType>
CANONICALIZATIONALGORITHM
- static final java.lang.String CANONICALIZATIONALGORITHM
Valid values are URI strings.
When set, the trust request will include the following wst:CanonicalizationAlgorithm
element, where "..." is
specified algorithm:
<wst:CanonicalizationAlgorithm>...</wst:CanonicalizationAlgorithm>
CLAIMS
- static final java.lang.String CLAIMS
Valid values are strings.
May be set to valid URI. For example, if set, the trust request will include the following element, where "..." is specified URI.
<wst:Claims>...</wst:Claims>
Alternatively, may be set to XML text of a valid WS-Trust Claims element.
Example setting for for WS-Trust 1.2:
"<wst:Claims xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"><ClaimedUser>jane</ClaimedUser></wst:Claims>"
CLAIMS_DIALECT
- static final java.lang.String CLAIMS_DIALECT
Valid values are URI strings.
The CLAIMS_DIALECT setting must be used in conjunction with the CLAIMS
setting.
Specifies the Dialect
attribute of the wst:Claims
element. For example:
<wst:Claims Dialect="...">...</wst:Claims>
COMPUTEDKEYALGORITHM
- static final java.lang.String COMPUTEDKEYALGORITHM
Valid values are URI strings representing valid key derivation algorithms.
When set, the trust request will include the following wst:ComputedKeyAlgorithm
element, where "..." is
specified algorithm:
When set, the trust request will include the following element, where "..." is specified algorithm:
<wst:ComputedKeyAlgorithm>...</wst:ComputedKeyAlgorithm>
CONTEXT
- static final java.lang.String CONTEXT
Valid values are URI strings.
When set, the trust request will include the Context attribute in the wst:RequestSecurityToken element, where "..." is the specified context:
<wst:RequestSecurityToken Context="...">
</wst:RequestSecurityToken>
DELEGATABLE
- static final java.lang.String DELEGATABLE
true
or false
.When set, the trust request will include the wst:Delegatable element in the trust request, where "..." is the DELEGATABLE setting.
<wst:Delegatable>...</wst:Delegatable>
ENCRYPTIONALGORITHM
- static final java.lang.String ENCRYPTIONALGORITHM
Valid values are valid encryption algorithms.
When set, the trust request will include the following element, where "..." is specified algorithm.
<wst:EncryptionAlgorithm>...</wst:EncryptionAlgorithm>
ENCRYPTWITH
- static final java.lang.String ENCRYPTWITH
Valid values are valid encryption algorithms.
When set, the trust request will include the following element, where "..." is the specified algorithm:
<wst:EncryptWith>...</wst:EncryptWith>
ENTROPY_BINARYSECRET
- static final java.lang.String ENTROPY_BINARYSECRET
Valid values are base64 encoded data.
When set, the trust request will include the following element, where "..." represents the base64 encoded binary secret:
<wst:Entropy>
<wst:BinarySecret>...</wst:BinarySecret>
</wst:Entropy>
ENTROPY_BINARYSECRET_TYPE
- static final java.lang.String ENTROPY_BINARYSECRET_TYPE
Valid values are WS-Trust predefined URI strings representing AsymmetrickKey, SymmetricKey, and Nonce.
When set, the BinarySecret element of the trust request will include the Type attribute, where "..." is the specified type and AAAA is the base64 encrypted binary secret:
<wst:Entropy>
<wst:BinarySecret Type="...">AAAA</wst:BinarySecret>
</wst:Entropy>
ENTROPY_ENCRYPTEDKEY_ALGORITHM
- static final java.lang.String ENTROPY_ENCRYPTEDKEY_ALGORITHM
Valid values are valid encryption algorithms.
When both ENTROPY_ENCRYPTEDKEY_ALGORITHM and ENTROPY_ENCRYPTEDKEY_CIPHERVALUE are set then the following element will be included in the trust request. Below "..." is the ENTROPY_ENCRYPTEDKEY_ALGORITHM setting and AAAA is the ENTROPY_ENCRYPTEDKEY_CIPHERVALUE setting.
<wst:Entropy>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="...">
<xenc:CipherData>
<xenc:CipherValue>AAAA</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptionMethod>
</xenc:EncryptedKey>
</wst:Entropy>
ENTROPY_ENCRYPTEDKEY_CIPHERVALUE
ENTROPY_ENCRYPTEDKEY_CIPHERVALUE
- static final java.lang.String ENTROPY_ENCRYPTEDKEY_CIPHERVALUE
Valid values are base64 encoded data.
When both ENTROPY_ENCRYPTEDKEY_ALGORITHM and ENTROPY_ENCRYPTEDKEY_CIPHERVALUE are set then the following element will be included in the trust request. Below "..." is the ENTROPY_ENCRYPTEDKEY_ALGORITHM setting and "AAAA" is the ENTROPY_ENCRYPTEDKEY_CIPHERVALUE setting.
<wst:Entropy>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="...">
<xenc:CipherData>
<xenc:CipherValue>AAAA</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptionMethod>
</xenc:EncryptedKey>
</wst:Entropy>
ENTROPY_ENCRYPTEDKEY_ALGORITHM
FORWARDABLE
- static final java.lang.String FORWARDABLE
true
or false
.When set, the trust request will include the wst:Forwardable element in the trust request, where "..." is the FORWARDABLE setting:
<wst:Forwardable>...</wst:Forwardable>
ISSUER_ADDRESS
- static final java.lang.String ISSUER_ADDRESS
Valid values are URI strings.
The ISSUER_ADDRESS setting may be used alone or in combination with
ISSUER_PORTTYPE
and ISSUER_SERVICENAME
.
When used alone the formatted wst:Issuer
element will appear in the trust request such as:
<wst:Issuer>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
</wst:Issuer>
If ISSUER_PORTTYPE
and/or ISSUER_SERVICENAME
are also set, the
settings appear grouped inside wst:Issuer
element such as:
<wst:Issuer>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
<wsa:ServiceName>MyServiceName</wsa:ServiceName>
</wst:Issuer>
ISSUER_PORTTYPE
- static final java.lang.String ISSUER_PORTTYPE
Valid values are URI strings.
The ISSUER_PORTTYPE setting may be used alone or in combination with
ISSUER_ADDRESS
and ISSUER_SERVICENAME
.
When used alone the formatted wst:Issuer
element will appear in the trust request such as:
<wst:Issuer>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
</wst:Issuer>
If ISSUER_ADDRESS
and/or ISSUER_SERVICENAME
are also set, the
settings appear grouped inside wst:Issuer
element such as:
<wst:Issuer>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
<wsa:ServiceName>MyServiceName</wsa:ServiceName>
</wst:Issuer>
ISSUER_SERVICENAME
- static final java.lang.String ISSUER_SERVICENAME
Valid values are URI strings.
The ISSUER_SERVICENAME setting may be used alone or in combination with
ISSUER_ADDRESS
and ISSUER_PORTTYPE
.
When used alone the formatted wst:Issuer
element will appear in the trust request such as:
<wst:Issuer>
<wsa:ServiceName>http://manufacturer.example.com/</wsa:ServiceName>
</wst:Issuer>
If ISSUER_ADDRESS
and/or ISSUER_PORTTYPE
are also set, the
settings appear grouped inside wst:Issuer
element such as:
<wst:Issuer>
<wsa:Address>http://manufacturer.example.com/</wsa:Address>
<wsa:PortType>http://manufacturer.example.com/</wsa:PortType>
<wsa:ServiceName>MyServiceName</wsa:ServiceName>
</wst:Issuer>
KEYSIZE
- static final java.lang.String KEYSIZE
When set, the trust
request will include the wst:KeySize
element in the trust request, where
"..." is the key size.
<wst:KeySize>...</wst:KeySize>
KEYTYPE
- static final java.lang.String KEYTYPE
When set, the trust request
will include the wst:KeyType
element in the trust request, where "..." is
the key type setting.
For example:
<wst:KeyType>...</wst:KeyType>
LIFETIME_CREATED
- static final java.lang.String LIFETIME_CREATED
Valid values are date string.
The LIFETIME_CREATED setting may be used alone or in combination with
LIFETIME_EXPIRES
.
When used alone the formatted wst:Lifetime
element will appear in the trust request such as:
<wst:Lifetime>
<wsu:Created>...</wsu:Created>
</wst:Lifetime>
If LIFETIME_EXPIRES
is also set, the
settings appear grouped inside wst:Lifetime
element such as:
<wst:Lifetime>
<wsu:Created>...</wsu:Created>
<wsu:Expires>...</wsu:Expires>
</wst:Lifetime>
LIFETIME_EXPIRES
- static final java.lang.String LIFETIME_EXPIRES
Valid values are date string.
The LIFETIME_EXPIRES setting may be used alone or in combination with
LIFETIME_CREATED
.
When used alone the formatted wst:Lifetime
element will appear in the trust request such as:
<wst:Lifetime>
<wsu:Created>...</wsu:Created>
</wst:Lifetime>
If LIFETIME_CREATED
is also set, the
settings appear grouped inside wst:Lifetime
element such as:
<wst:Lifetime>
<wsu:Created>...</wsu:Created>
<wsu:Expires>...</wsu:Expires>
</wst:Lifetime>
POLICYREFERENCE_URI
- static final java.lang.String POLICYREFERENCE_URI
Valid values are URI strings.
POLICYREFERENCE_URI may be set to the URI reference to a policy. When set the formatted wsp:PolicyReference element will be included in the trust request as shown, where "..." is the policy reference URI.
<wsp:PolicyReference URI="..."/>
RENEWING_ALLOW
- static final java.lang.String RENEWING_ALLOW
true
or false
.
RENEWING_ALLOW may be used to add a wst:Renewing
element
in the trust request with the "Allow" attribute set.
For example:
<wst:Renewing Allow="..."/>
This setting may be used alone or in combination with {@link #RENEWING_OK).
RENEWING_OK
- static final java.lang.String RENEWING_OK
true
or false
.
RENEWING_OK may be used to add a wst:Renewing
element
in the trust request with the "OK" attribute set.
For example:
<wst:Renewing OK="..."/>
This setting may be used alone or in combination with RENEWING_ALLOW
.
SIGNATUREALGORITHM
- static final java.lang.String SIGNATUREALGORITHM
Valid values are valid signature algorithms.
When set, the trust request will include the following element, where "..." is specified signature algorithm.
<wst:SignatureAlgorithm>...</wst:SignatureAlgorithm>
SIGNWITH
- static final java.lang.String SIGNWITH
Valid values are valid signature algorithms.
When set, the trust request will include the following element, where "..." is specified signature algorithm.
<wst:SignWith>...</wst:SignWith>
VALIDATETARGET_TOKEN_XML
- static final java.lang.String VALIDATETARGET_TOKEN_XML
Valid value is XML representation of a token.
When set, the trust
request will include the wst:ValidateTaget
element in the trust request
In this example, assuming the token is a username token ValidateTarget would look like this:
<wst:ValidateTaget>
<wss:UsernameToken xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameac5168b8-0123-1b65-b8b4-9d6bd9a2f0bb">
<wss:Username>testuser</wss:Username>
<wsu:Created>2009-09-12T03:34:59Z</wsu:Created>
</wss:UsernameToken>
</wst:ValidateTaget>
VALIDATETARGET_TOKEN_XML
VALIDATETARGET_REFERENCE_URI
- static final java.lang.String VALIDATETARGET_REFERENCE_URI
Valid values are URI.
When set, the trust
request will include the wst:ValidateTaget
element in the trust request,
where "..." is the URI of the security token referenced.
<wst:ValidateTaget>
<wsse:SecurityTokenReference>
<wsse:Reference URI="..."/>
</wsse:SecurityTokenReference>
</wst:ValidateTaget>
VALIDATETARGET_REFERENCE_VALUETYPE
VALIDATETARGET_REFERENCE_VALUETYPE
- static final java.lang.String VALIDATETARGET_REFERENCE_VALUETYPE
Valid values are valid security token type URI.
When set, the trust
request will include the wst:ValidateTaget
element in the trust request as shown
where "..." is the type of security token referenced.
<wst:ValidateTaget>
<wsse:SecurityTokenReference>
<wsse:Reference ValueType="..."/>
</wsse:SecurityTokenReference>
</wst:ValidateTaget>
VALIDATETARGET_REFERENCE_URI
TOKENTYPE
- static final java.lang.String TOKENTYPE
Valid values are valid security token type URI.
When set, the trust
request will include the wst:TokenType
element in the trust request.
Below "..." is the TOKENTYPE setting.
<wst:TokenType>...</wst:TokenType>
Valid values are
true
orfalse
.When set to true, the trust request will include the
wst:AllowPostdating
element as shown below.