org.jboss.soa.esb.services.security.auth.ws
Class WSSecuritySoapExtractor

java.lang.Object
  extended by org.jboss.soa.esb.services.security.auth.ws.WSSecuritySoapExtractor
All Implemented Interfaces:
SecurityInfoExtractor<javax.xml.soap.SOAPMessage>

public class WSSecuritySoapExtractor
extends java.lang.Object
implements SecurityInfoExtractor<javax.xml.soap.SOAPMessage>

WSSecurityInfoExtractor extracts security related information from a SOAP security header.

If the security element contains a 'UsernameToken' element this will be extraced into a principal with the username and a credential being the password represented as a character array.
If the security element contains a 'BinarySecurityToken' element this informaiton will be extracted into a credential which will be the content, or value, of the BinarySecurityToken element.

Author:
Daniel Bevenius

Field Summary
static java.lang.String WSSE_LN
          Security element localname
static java.lang.String WSSE_NS
          SOAP Message Security 1.0 NameSpace URL
 
Constructor Summary
WSSecuritySoapExtractor()
           
 
Method Summary
 AuthenticationRequest extractSecurityInfo(javax.xml.soap.SOAPMessage soap)
          Extracts UsernameToken element is one exists and creates a Principal with the username and sets a Credential using the password.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

WSSE_LN

public static final java.lang.String WSSE_LN
Security element localname

See Also:
Constant Field Values

WSSE_NS

public static final java.lang.String WSSE_NS
SOAP Message Security 1.0 NameSpace URL

See Also:
Constant Field Values
Constructor Detail

WSSecuritySoapExtractor

public WSSecuritySoapExtractor()
Method Detail

extractSecurityInfo

public AuthenticationRequest extractSecurityInfo(javax.xml.soap.SOAPMessage soap)
Extracts UsernameToken element is one exists and creates a Principal with the username and sets a Credential using the password. The type of the Credential is a character array. If the SOAP message contains a BinarySecurityToken this will be extracted and added as a Credential.

Note that this method i restrictive in reporting errors within the soap message. This is instead reflected in missing values in the returned AuthenticationRequest. This is done on purpose as not to give away any information about missing information. The SecuritySerivce impl should decide what information it wants a caller to recieve.

Specified by:
extractSecurityInfo in interface SecurityInfoExtractor<javax.xml.soap.SOAPMessage>
Parameters:
soap - - the soap message represented as a String
Returns:
AuthenticationRequest