Class SecurityRecipient
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionstatic voidhandleFault(ProcessingContext context) static voidvalidateMessage(ProcessingContext context) Validate security in an Inbound SOAPMessage.
-
Method Details
-
validateMessage
Validate security in an Inbound SOAPMessage.Calling code should create com.sun.xml.wss.ProcessingContext object with runtime properties. Specifically, it should set SecurityPolicy, application CallbackHandler Or a SecurityEnvironment and static security policy context. The SecurityPolicy instance can be of the following types:
- A concrete WSSPolicy
- A MessagePolicy
- A DynamicSecurityPolicy
- A concrete WSSPolicy
- A MessagePolicy
For cases when policy resolution does not happen accurately because the identification context was not available - for eg. operation name in the message is encrypted - resolution can happen to the enclosing container configuration.
Policy resolution can happen as follows:
(a). Constructed StaticPolicyContext - identifying context associated with configured security policies - is used for look-up of configured MessagePolicy/DynamicSecurityPolicy/WSSPolicy instances
(b). NOTE: Relevant only when the SecurityPolicy is an ApplicationSecurityConfiguration, or the root element of the Security Configuration file that was used to generate the SecurityPolicy is <xwss:JAXRPCSecurity>
In case an identifying context can not be constructed because such context has partly to be inferred from the message (for eg. operation name contained as the element name of SOAPBody), the resolved container configuration is used as follows:
If C = {p1, p2....pn} where pi belongs to collection of MessagePolicies held by the container.
an in-bound message is processed without application of a policy, whence a policy representation of the metadata contained in the security header is constructed as each header element is processed (iteration).
If P be such policy (MessagePolicy) that gets built upon each iteration, C is reduced as follows:
redux (P, C, M)
where M is the SOAPMessage and
redux:
(1). eliminate all pi that are not loosely semantically equivalent where the equivalence is checked as follows:
(a). SignaturePolicy: equivalence of FeatureBinding and KeyBinding excepting target bindings contained in its FeatureBinding
(b). EncryptionPolicy: equivalence of FeatureBinding and KeyBinding excepting target bindings contained in its FeatureBinding
(c). AuthenticationTokenPolicy: equivalence of Feature and Key Bindings
(2). eliminate all pi whose target bindings contained with the FeatureBindings are applicable to the message. Note that all required message parts should be apparent post-processing, therefore, equivalence of target bindings would be checked by comparison of Node sets of SOAPMessage constructed using the inferred and those contained in C.
After every such reduction, an attempt is made to resolve the policy identifier (operation name) that can be used for policy resolution, which should be contained in C and is used further for message processing.
- Parameters:
context- an instance of com.sun.xml.wss.ProcessingContext- Throws:
XWSSecurityException- if there was an unexpected error while verifying the message. OR if the security in the incoming message violates the Security policy that was applied to the message.WssSoapFaultException- when security in the incoming message is in direct violation of the OASIS WSS specification. When a WssSoapFaultException is thrown the getFaultCode() method on the WssSoapFaultException will return aQNamewhich would correspond to the WSS defined fault.
-
handleFault
-