org.jboss.soa.esb.services.security.auth.ws
Class WSSecuritySoapExtractor
java.lang.Object
org.jboss.soa.esb.services.security.auth.ws.WSSecuritySoapExtractor
- All Implemented Interfaces:
- SecurityInfoExtractor<javax.xml.soap.SOAPMessage>
public class WSSecuritySoapExtractor
- extends java.lang.Object
- implements SecurityInfoExtractor<javax.xml.soap.SOAPMessage>
WSSecurityInfoExtractor extracts security related information from
a SOAP security header.
If the security element contains a 'UsernameToken' element this will be
extraced into a principal with the username and a credential being the
password represented as a character array.
If the security element contains a 'BinarySecurityToken' element this informaiton
will be extracted into a credential which will be the content, or value, of
the BinarySecurityToken element.
- Author:
- Daniel Bevenius
Field Summary |
static java.lang.String |
WSSE_LN
Security element localname |
static java.lang.String |
WSSE_NS
SOAP Message Security 1.0 NameSpace URL |
Method Summary |
AuthenticationRequest |
extractSecurityInfo(javax.xml.soap.SOAPMessage soap)
Extracts UsernameToken element is one exists and creates
a Principal with the username and sets a Credential using
the password. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
WSSE_LN
public static final java.lang.String WSSE_LN
- Security element localname
- See Also:
- Constant Field Values
WSSE_NS
public static final java.lang.String WSSE_NS
- SOAP Message Security 1.0 NameSpace URL
- See Also:
- Constant Field Values
WSSecuritySoapExtractor
public WSSecuritySoapExtractor()
extractSecurityInfo
public AuthenticationRequest extractSecurityInfo(javax.xml.soap.SOAPMessage soap)
- Extracts UsernameToken element is one exists and creates
a Principal with the username and sets a Credential using
the password. The type of the Credential is a character array.
If the SOAP message contains a BinarySecurityToken this will be
extracted and added as a Credential.
Note that this method i restrictive in reporting errors within the soap
message. This is instead reflected in missing values in the returned
AuthenticationRequest. This is done on purpose as not to give away
any information about missing information. The SecuritySerivce impl
should decide what information it wants a caller to recieve.
- Specified by:
extractSecurityInfo
in interface SecurityInfoExtractor<javax.xml.soap.SOAPMessage>
- Parameters:
soap
- - the soap message represented as a String
- Returns:
AuthenticationRequest