All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.ws.security.message.WSSecHeader Maven / Gradle / Ivy

Go to download

The Apache WSS4J project provides a Java implementation of the primary security standards for Web Services, namely the OASIS Web Services Security (WS-Security) specifications from the OASIS Web Services Security TC.

The newest version!
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.ws.security.message;

import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/**
 * This class implements WS Security header.
 * 
 * Setup a Security header with a specified actor and mustunderstand flag.
 * 
 * The defaults for actor and mustunderstand are: empty actor and
 * mustunderstand is true.
 * 
 * @author Werner Dittmann ([email protected])
 */
public class WSSecHeader {
    protected String actor = null;

    protected boolean mustunderstand = true;

    protected boolean doDebug = false;

    private Element securityHeader = null;

    /**
     * Constructor.
     */
    public WSSecHeader() {
    }

    /**
     * Constructor.
     * 
     * @param actor The actor name of the wsse:Security header
     */
    public WSSecHeader(String actor) {
        this(actor, true);
    }

    /**
     * Constructor.
     * 
     * @param act The actor name of the wsse:Security header
     * @param mu Set mustUnderstand to true or false
     */
    public WSSecHeader(String act, boolean mu) {
        actor = act;
        mustunderstand = mu;
    }

    /**
     * set actor name.
     * 
     * @param act The actor name of the wsse:Security header
     */
    public void setActor(String act) {
        actor = act;
    }

    /**
     * Set the mustUnderstand flag for the
     * wsse:Security header.
     * 
     * @param mu Set mustUnderstand to true or false
     */
    public void setMustUnderstand(boolean mu) {
        mustunderstand = mu;
    }

    /**
     * Get the security header element of this instance.
     * 
     * @return The security header element.
     */
    public Element getSecurityHeader() {
        return securityHeader;
    }
    
    /**
     * Returns whether the security header is empty
     * 
     * @return true if empty or if there is no security header
     *         false if non empty security header
     */
    public boolean isEmpty(Document doc) throws WSSecurityException {
        if (securityHeader == null) {            
            securityHeader = 
                WSSecurityUtil.findWsseSecurityHeaderBlock(
                    doc, doc.getDocumentElement(), actor, false
                );
        }
        
        if (securityHeader == null || securityHeader.getChildNodes().getLength() == 0) {
            return true;
        }
        return false;
    }

    /**
     * Creates a security header and inserts it as child into the SOAP Envelope.
     * 
     * Check if a WS Security header block for an actor is already available in
     * the document. If a header block is found return it, otherwise a new
     * wsse:Security header block is created and the attributes set
     * 
     * @param doc A SOAP envelope as Document
     * @return A wsse:Security element
     */
    public Element insertSecurityHeader(Document doc) throws WSSecurityException {
        //
        // If there is already a security header in this instance just return it
        //
        if (securityHeader != null) {
            return securityHeader;
        }
        securityHeader = 
            WSSecurityUtil.findWsseSecurityHeaderBlock(
                doc, doc.getDocumentElement(), actor, true
            );

        String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
        String soapPrefix = 
            WSSecurityUtil.setNamespace(
                securityHeader, soapNamespace, WSConstants.DEFAULT_SOAP_PREFIX
            );
        
        if (actor != null && actor.length() > 0) {
            String actorLocal = WSConstants.ATTR_ACTOR;
            if (WSConstants.URI_SOAP12_ENV.equals(soapNamespace)) {
                actorLocal = WSConstants.ATTR_ROLE;
            }
            securityHeader.setAttributeNS(
                soapNamespace,
                soapPrefix + ":" + actorLocal, 
                actor
            );
        }
        if (mustunderstand) {
            String mustUnderstandLocal = "1";
            if (WSConstants.URI_SOAP12_ENV.equals(soapNamespace)) {
                mustUnderstandLocal = "true";
            }
            securityHeader.setAttributeNS(
                soapNamespace,
                soapPrefix + ":" + WSConstants.ATTR_MUST_UNDERSTAND,
                mustUnderstandLocal
            );
        }
        WSSecurityUtil.setNamespace(securityHeader, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
        
        return securityHeader;
    }
    
    public void removeSecurityHeader(Document doc) throws WSSecurityException {
        if (securityHeader == null) {            
            securityHeader = 
                WSSecurityUtil.findWsseSecurityHeaderBlock(
                    doc, doc.getDocumentElement(), actor, false
                );
        }
        
        if (securityHeader != null) {
            Node parent = securityHeader.getParentNode();
            parent.removeChild(securityHeader);
        }
    }
    
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy