Package io.quarkiverse.cxf.ws.security

Interface CxfWsSecurityConfig.StsClientConfig

Enclosing interface:
CxfWsSecurityConfig
public static interface CxfWsSecurityConfig.StsClientConfig

  • Method Summary

    Modifier and Type
    Method
    Description
    Optional<String>
    client()
    A xref:user-guide/configuration.adoc#beanRefs[reference] to a fully configured `org.apache.cxf.ws.security.trust.STSClient` bean to communicate with the STS.
    Optional<String>
    encryptionCrypto()
    A xref:user-guide/configuration.adoc#beanRefs[reference] to a `org.apache.wss4j.common.crypto.Crypto` to be used for encryption.
    Map<String,String>
    encryptionProperties()
    The Crypto property configuration to use for encryption, if `encryption.crypto` is not set.
    Optional<String>
    encryptionUsername()
    The user's name for encryption.
    Optional<String>
    endpointName()
    A fully qualified name of the STS endpoint name.
    Optional<String>
    password()
    The password associated with the `username`.
    Optional<String>
    serviceName()
    A fully qualified name of the STS service.
    boolean
    soap12Binding()
    If `true` the STS client will be set to send Soap 1.2 messages; otherwise it will send SOAP 1.1 messages.
    Optional<String>
    tokenCrypto()
    A xref:user-guide/configuration.adoc#beanRefs[reference] to a `org.apache.wss4j.common.crypto.Crypto` to be used for the STS.
    Map<String,String>
    tokenProperties()
    The Crypto property configuration to use for encryption, if `encryption.crypto` is not set.
    boolean
    tokenUsecert()
    Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write out a KeyValue structure.
    Optional<String>
    tokenUsername()
    The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case.
    Optional<String>
    username()
    The user name to use when authenticating against the STS.
    Optional<String>
    wsdl()
    A URL, resource path or local filesystem path pointing to a WSDL document to use when generating the service proxy of the STS client.

  • Method Details

    • client

      @WithParentName Optional<String> client()
      A xref:user-guide/configuration.adoc#beanRefs[reference] to a fully configured `org.apache.cxf.ws.security.trust.STSClient` bean to communicate with the STS. If not set, the STS client will be created and configured based on other `++[++prefix++]++.security.sts.client.++*++` properties as long as they are available. To work around the fact that `org.apache.cxf.ws.security.trust.STSClient` does not have a no-args constructor and cannot thus be used as a CDI bean type, you can use the wrapper class `io.quarkiverse.cxf.ws.security.sts.client.STSClientBean` instead. Tip: Check the xref:reference/extensions/quarkus-cxf-services-sts.adoc[Security Token Service (STS)] extension page for more information about WS-Trust.
      Since:
      3.8.0

    • wsdl

      Optional<String> wsdl()
      A URL, resource path or local filesystem path pointing to a WSDL document to use when generating the service proxy of the STS client.
      Since:
      3.8.0

    • serviceName

      Optional<String> serviceName()
      A fully qualified name of the STS service. Common values include: - WS-Trust 1.0: `++{++http://schemas.xmlsoap.org/ws/2005/02/trust/++}++SecurityTokenService` - WS-Trust 1.3: `++{++http://docs.oasis-open.org/ws-sx/ws-trust/200512/++}++SecurityTokenService` - WS-Trust 1.4: `++{++http://docs.oasis-open.org/ws-sx/ws-trust/200802/++}++SecurityTokenService`
      Since:
      3.8.0

    • endpointName

      Optional<String> endpointName()
      A fully qualified name of the STS endpoint name. Common values include: - `++{++http://docs.oasis-open.org/ws-sx/ws-trust/200512/++}++X509_Port` - `++{++http://docs.oasis-open.org/ws-sx/ws-trust/200512/++}++Transport_Port` - `++{++http://docs.oasis-open.org/ws-sx/ws-trust/200512/++}++UT_Port`
      Since:
      3.8.0

    • username

      Optional<String> username()
      The user name to use when authenticating against the STS. It is used as follows: - As the name in the UsernameToken for WS-Security - As the alias name in the keystore to get the user's cert and private key for signature if `signature.username` is not set - As the alias name in the keystore to get the user's public key for encryption if `encryption.username` is not set
      Since:
      3.8.0

    • password

      Optional<String> password()
      The password associated with the `username`.
      Since:
      3.8.0

    • encryptionUsername

      @WithName("encryption.username") Optional<String> encryptionUsername()
      The user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption. If this is not defined, then `username` is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by `encrypt.properties`. If that's also not set, and the keystore only contains a single key, that key will be used. For the WS-Security web service provider, the `useReqSigCert` value can be used to accept (encrypt to) any client whose public key is in the service's truststore (defined in `encrypt.properties`).
      Since:
      3.8.0

    • encryptionProperties

      @WithName("encryption.properties") Map<String,String> encryptionProperties()
      The Crypto property configuration to use for encryption, if `encryption.crypto` is not set. Example [source,properties] ---- [prefix].encryption.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin [prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password [prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks ----
      Since:
      3.8.0

    • encryptionCrypto

      @WithName("encryption.crypto") Optional<String> encryptionCrypto()
      A xref:user-guide/configuration.adoc#beanRefs[reference] to a `org.apache.wss4j.common.crypto.Crypto` to be used for encryption. If not set, `encryption.properties` will be used to configure a `Crypto` instance.
      Since:
      3.8.0

    • tokenCrypto

      @WithName("token.crypto") Optional<String> tokenCrypto()
      A xref:user-guide/configuration.adoc#beanRefs[reference] to a `org.apache.wss4j.common.crypto.Crypto` to be used for the STS. If not set, `token.properties` will be used to configure a `Crypto` instance. WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO the full security on the message. These properties control the way the STS client will decrypt the EncryptedData elements in the response. These are also used by the `token.properties` to send/process any RSA/DSAKeyValue tokens used if the KeyType is `PublicKey`
      Since:
      3.8.0

    • tokenProperties

      @WithName("token.properties") Map<String,String> tokenProperties()
      The Crypto property configuration to use for encryption, if `encryption.crypto` is not set. Example [source,properties] ---- [prefix].token.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin [prefix].token.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password [prefix].token.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks ----
      Since:
      3.8.0

    • tokenUsername

      @WithName("token.username") Optional<String> tokenUsername()
      The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case.
      Since:
      3.8.0

    • tokenUsecert

      @WithName("token.usecert") @WithDefault("false") boolean tokenUsecert()
      Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write out a KeyValue structure.
      Since:
      3.8.0

    • soap12Binding

      @WithName("soap12-binding") @WithDefault("false") boolean soap12Binding()
      If `true` the STS client will be set to send Soap 1.2 messages; otherwise it will send SOAP 1.1 messages.
      Since:
      3.8.0