private void handleInboundMessage(SOAPMessageContext context) throws WSSecurityException { SOAPMessage soapMessage = context.getMessage(); SOAPPart soapPart = soapMessage.getSOAPPart(); WSSecurityEngine secEngine = new WSSecurityEngine(); List<WSSecurityEngineResult> results = secEngine.processSecurityHeader( soapPart, null, null, null); if (null == results) { throw new SecurityException("no WS-Security results"); } Timestamp timestamp = null; for (WSSecurityEngineResult result : results) { Timestamp resultTimestamp = (Timestamp) result .get(WSSecurityEngineResult.TAG_TIMESTAMP); if (null != resultTimestamp) { timestamp = resultTimestamp; } } if (null == timestamp) { throw new SecurityException("no WS-Security timestamp"); } }
WSSecurityEngine securityEngine = new WSSecurityEngine(); WSSConfig wssConfig = WSSConfig.getNewInstance(); securityEngine.setWssConfig(wssConfig); wsSecurityEngineResults = securityEngine.processSecurityHeader( document, null, null, null); } catch (WSSecurityException e) {
WSSecurityEngine engine = new WSSecurityEngine(); engine.setWssConfig(rmd.getConfig()); if (usernameTok.isNoPassword()) { log.debug("Found UsernameToken with no password assertion in policy, configuring ws security processing to allow username tokens without password." ); engine.getWssConfig().setAllowUsernameTokenNoPassword(true); break; results = engine.processSecurityHeader(rmd.getDocument(), actorValue, tokenCallbackHandler, results = engine.processSecurityHeader(rmd.getDocument(), actorValue, tokenCallbackHandler,
) throws WSSecurityException { RequestData data = new RequestData(); data.setWssConfig(getWssConfig()); data.setDecCrypto(decCrypto); data.setSigCrypto(sigCrypto); data.setCallbackHandler(cb); return processSecurityHeader(securityHeader, data);
/** * Process the security header given the soap envelope as W3C document. * <p/> * This is the main entry point to verify or decrypt a SOAP envelope. * First check if a <code>wsse:Security</code> is available with the * defined actor. * * @param doc the SOAP envelope as {@link Document} * @param actor the engine works on behalf of this <code>actor</code>. Refer * to the SOAP specification about <code>actor</code> or <code>role * </code> * @param cb a callback hander to the caller to resolve passwords during * encryption and UsernameToken handling * @param crypto the object that implements the access to the keystore and the * handling of certificates. * @return a result list * @throws WSSecurityException * @see WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, * Crypto sigCrypto, Crypto decCrypto) */ public List<WSSecurityEngineResult> processSecurityHeader( Document doc, String actor, CallbackHandler cb, Crypto crypto ) throws WSSecurityException { return processSecurityHeader(doc, actor, cb, crypto, crypto); }
requestData.setWssConfig(getWssConfig()); wsDocInfo.setSecurityHeader(securityHeader); final WSSConfig cfg = getWssConfig(); Node node = securityHeader.getFirstChild();
WSSecurityEngine securityEngine = new WSSecurityEngine(); WSSConfig wssConfig = WSSConfig.getNewInstance(); securityEngine.setWssConfig(wssConfig); wsSecurityEngineResults = securityEngine.processSecurityHeader( document, null, null, crypto); } catch (WSSecurityException e) {
) throws WSSecurityException { RequestData data = new RequestData(); data.setWssConfig(getWssConfig()); data.setDecCrypto(decCrypto); data.setSigCrypto(sigCrypto); data.setCallbackHandler(cb); return processSecurityHeader(securityHeader, data);
/** * Process the security header given the soap envelope as W3C document. * <p/> * This is the main entry point to verify or decrypt a SOAP envelope. * First check if a <code>wsse:Security</code> is available with the * defined actor. * * @param doc the SOAP envelope as {@link Document} * @param actor the engine works on behalf of this <code>actor</code>. Refer * to the SOAP specification about <code>actor</code> or <code>role * </code> * @param cb a callback hander to the caller to resolve passwords during * encryption and UsernameToken handling * @param crypto the object that implements the access to the keystore and the * handling of certificates. * @return a result list * @throws WSSecurityException * @see WSSecurityEngine#processSecurityHeader(Element securityHeader, CallbackHandler cb, * Crypto sigCrypto, Crypto decCrypto) */ public List<WSSecurityEngineResult> processSecurityHeader( Document doc, String actor, CallbackHandler cb, Crypto crypto ) throws WSSecurityException { return processSecurityHeader(doc, actor, cb, crypto, crypto); }
requestData.setWssConfig(getWssConfig()); wsDocInfo.setSecurityHeader(securityHeader); final WSSConfig cfg = getWssConfig(); Node node = securityHeader.getFirstChild();
log.debug("Processing WS-Security header for '" + actor + "' actor."); wsResult = processSecurityHeader(elem, cb, sigCrypto, decCrypto);
wssConfig = secEngine.getWssConfig();
log.debug("Processing WS-Security header for '" + actor + "' actor."); wsResult = processSecurityHeader(elem, cb, sigCrypto, decCrypto);
wssConfig = secEngine.getWssConfig();
wssConfig = secEngine.getWssConfig();
wssConfig = secEngine.getWssConfig();