com.ibm.wsspi.wssecurity.token

Interface TokenConsumerComponent

  • All Superinterfaces:
    Initializable, com.ibm.ws.webservices.wssecurity.WSSComponent, com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    All Known Implementing Classes:
    IDAssertionUsernameTokenConsumer, LTPATokenConsumer, UsernameTokenConsumer, X509TokenConsumer


    public interface TokenConsumerComponent
    extends com.ibm.ws.webservices.wssecurity.WSSConsumerComponent
    This is the interface for consuming security token elements from SOAP messages. Implementors must provide the init() and invoke() methods.

    The signature of the init() method is:

    public void init(java.util.Map map) throws SoapSecurityException

    This method initializes the consumer with a TokenConsumerConfig object which is passed in by the map parameter.

    The map parameter is a Map object which contains name-value pairs. These pairs include <Property> elements in the configuration XMI files and a TokenConsumerConfig object. The TokenConsumerConfig is stored with a key of TokenConsumerConfig.CONFIG_KEY.

    The signature of the invoke() method is:

    public void invoke(org.w3c.dom.Node target, java.util.Map context) throws SoapSecurityException

    The target parameter is a Node object that represents the element or document to be consumed.

    The context parameter is a Map object which contains name-value pairs. The following list shows the only supported names (keys) and their meaning. The keys shown are fields from the com.ibm.wsspi.wssecurity.Constants and com.ibm.wsspi.wssecurity.config.TokenConsumerConfig classes.

    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_MESSAGE_CONTEXT - This is used to get the message context from the context in the WS-Security handler.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_SUBJECT - This is used to get the Subject from the context in the WS-Security handler.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ENCODING - This is used to get a key identifier encoding type. Supported values are:
      • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
      • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary"
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_VALUETYPE - This is used to get the value type of the referenced token. The value types are specified in the OASIS token profile standards.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_IDTYPE - This is used to get the key identitier type. supported values are:
      • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#ITSHA1"
      • "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#IT60SHA1"
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ID - This is used to get the key corresponding to the specified key identifier. The format of the key identifier value is specified in the OASIS token profile standards.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERNAME - This is used to get the key corresponding to the specified issuer name and serial number. It must be used together with WSSECURITY_KEY_ISSUERSERIAL.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_ISSUERSERIAL - This is used to get the key corresponding to the specified issuer name and serial number. It must be used together with WSSECURITY_KEY_ISSUERNAME.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_TYPE - This is used to indicate the type of operation. The value must be one of the following:
      • "DecryptingKey" - when getting a key for decryption
      • "EncryptingKey" - when getting a key for encryption
      • "SigningKey" - when getting a key for signing
      • "VerifyingKey" - when getting a key for signature verification
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_NAME - This is used to get the key corresponding to the specified name. It is used when the key name or the subject name of an X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_NAMEREF - This is used to get a key name reference which is specified in the WS-Security binding configuration. It is used when key name is passed to a KeyLocator object. The value of this key must be specified as the name attribute of <Key> in the WS-Security configuration.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEY_REFERENCE - This is used to get the key referenced by a URI in the SOAP message. It is used when a reference URI is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object. The value of this key must be a reference URI included in the secure SOAP message.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_KEYINFO_TYPE - This is used to specify the type of key information. It is used when the type of key information is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContentConsumer or KeyInfoContentGenerator object to a KeyLocator object. The value of this key must be one of the following:
      • "STRREF" - when ds:KeyInfo/wsse:STRReference/wsse:Reference is used
      • "KEYID" - when ds:KeyInfo/wsse:STRReference/wsse:KeyIdentifier is used
      • "EMB" - when ds:KeyInfo/wsse:STRReference/wsse:Embedded is used
      • "KEYNAME" - when ds:KeyInfo/ds:KeyName is used
      • "X509ISSUER" - when ds:KeyInfo/wsse:STRReference/ds:X509Data is used
    • com.ibm.wsspi.wssecurity.config.TokenConsumerConfig.CONFIG_KEY - This is used to store the TokenConsumerConfig object.
    • com.ibm.wsspi.wssecurity.Constants.WSSECURITY_WSSCONSUMER_CONFIG_KEY - This is used to store the WSSConsumerConfig object.
    See Also:
    IDAssertionUsernameTokenConsumer, LTPATokenConsumer, UsernameTokenConsumer, X509TokenConsumer, Constants, TokenConsumerConfig
    • Method Summary

      • Methods inherited from interface com.ibm.ws.webservices.wssecurity.WSSConsumerComponent

        invoke
      • Methods inherited from interface com.ibm.ws.webservices.wssecurity.WSSComponent

        init
IBM WebSphere Application ServerTM
Release 9.0