org.apache.ws.security.WSPasswordCallback Maven / Gradle / Ivy
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ws.security;
import org.w3c.dom.Element;
import javax.security.auth.callback.Callback;
/**
* Simple class to provide a password callback mechanism.
*
* It uses the JAAS authentication mechanisms and callback methods.
* In addition to the identifier (user name) this class also provides
* information what type of information the callback handle
* method shall provide.
*
* The WSPasswordCallback class defines the following usage
* codes:
*
* UNKNOWN - an unknown usage. Never used by the WSS4J
* implementation and shall be treated as an error by the handle
* method.DECRYPT - need a password to get the private key of
* this identifier (username) from the keystore. WSS4J uses this private
* key to decrypt the session (symmetric) key. Because the encryption
* method uses the public key to encrypt the session key it needs no
* password (a public key is usually not protected by a password).USERNAME_TOKEN - need the password to fill in or to
* verify a UsernameToken.SIGNATURE - need the password to get the private key of
* this identifier (username) from the keystore. WSS4J uses this private
* key to produce a signature. The signature verification uses the public
* key to verify the signature.KEY_NAME - need the key, not the password,
* associated with the identifier. WSS4J uses this key to encrypt or
* decrypt parts of the SOAP request. Note, the key must match the
* symmetric encryption/decryption algorithm specified (refer to
* {@link org.apache.ws.security.handler.WSHandlerConstants#ENC_SYM_ALGO}).USERNAME_TOKEN_UNKNOWN - either an not specified
* password type or a password type passwordText. In these both cases only
* the password variable is set. The callback class now may check if
* the username and password match. If they don't match the callback class must
* throw an exception. The exception can be a UnsupportedCallbackException or
* an IOException.SECURITY_CONTEXT_TOKEN - need the key to to be associated
* with a wsc:SecurityContextToken.
*
* @author Werner Dittmann ([email protected]).
*/
public class WSPasswordCallback implements Callback {
public static final int UNKNOWN = 0;
public static final int DECRYPT = 1;
public static final int USERNAME_TOKEN = 2;
public static final int SIGNATURE = 3;
public static final int KEY_NAME = 4;
public static final int USERNAME_TOKEN_UNKNOWN = 5;
public final static int SECURITY_CONTEXT_TOKEN = 6;
public final static int CUSTOM_TOKEN = 7;
public final static int ENCRYPTED_KEY_TOKEN = 8;
private String identifier;
private String password;
private byte[] key;
private int usage;
private String type;
private Element customToken;
/**
* Constructor.
*
* @param id The application called back must supply the password for
* this identifier.
*/
public WSPasswordCallback(String id, int usage) {
this(id, null, null, usage);
}
/**
* Constructor.
*
* @param id The application called back must supply the password for
* this identifier.
*/
public WSPasswordCallback(String id, String pw, String type, int usage) {
identifier = id;
password = pw;
this.type = type;
this.usage = usage;
}
/**
* Get the identifier.
*
*
* @return The identifier
*/
public String getIdentifier() {
return identifier;
}
/**
* Get the identifier.
*
*
* @return The identifier
* @deprecated use getIdentifier() instead
*/
public String getIdentifer() {
return getIdentifier();
}
/**
* Extended callback interface allows for setting the username as well.
* Callback functions can change the identifier, this is intended in the usernametoken scenario
* where the usernametoken denotes the identity, but a fixed identity for signing is used
* The initial value is that from the configuration file. If this method is not called, the
* configured identity is used.
*
* @param ident The identity.
*/
public void setIdentifier(String ident) {
this.identifier = ident;
}
/**
* Set the password.
*
*
* @param passwd is the password associated to the identifier
*/
public void setPassword(String passwd) {
password = passwd;
}
/**
* Get the password.
*
*
* @return The password
*/
public String getPassword() {
return password;
}
/**
* Set the Key.
*
*
* @param key is the key associated to the identifier
*/
public void setKey(byte[] key) {
this.key = key;
}
/**
* Get the key.
*
*
* @return The key
*/
public byte[] getKey() {
return this.key;
}
/**
* Get the usage.
*
*
* @return The usage for this callback
*/
public int getUsage() {
return usage;
}
/**
* The password type is only relevant for usage USERNAME_TOKEN
* and USERNAME_TOKEN_UNKNOWN.
*
* @return Returns the passwordType.
*/
public String getPasswordType() {
return type;
}
/**
* The key type is only relevant for usage ENCRYPTED_KEY_TOKEN
*
* @return Returns the type.
*/
public String getKeyType() {
return type;
}
public Element getCustomToken() {
return customToken;
}
public void setCustomToken(Element customToken) {
this.customToken = customToken;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy