com.sun.identity.liberty.ws.security
Class SecurityTokenManager

java.lang.Object
  com.sun.identity.liberty.ws.security.SecurityTokenManager

public final class SecurityTokenManager
extends Object

The class SecurityTokenManager is a final class that provides interfaces to manage Web Service Security (WSS) Tokens.

Constructor Summary

SecurityTokenManager(Object credential)
Returns the security token manager instance, the default XMLSignatureManager instance will be used for signing and accessing the data store.

Method Summary

SecurityAssertion	getSAMLBearerToken(NameIdentifier senderIdentity, SessionContext invocatorSession, EncryptedResourceID encResourceID, boolean includeAuthN, boolean includeResourceAccessStatement, String recipientProviderID) Creates a SAML assertion.
BinarySecurityToken	getX509CertificateToken() Returns the X509 certificate Token.
void	setCertAlias(String certAlias) Sets the alias of the certificate used for issuing WSS token, i.e.

Constructor Detail

SecurityTokenManager

public SecurityTokenManager(Object credential)
                     throws SecurityTokenException

Returns the security token manager instance, the default XMLSignatureManager instance will be used for signing and accessing the data store.

Parameters:

credential - The credential of the caller used to see if access to this security token manager is allowed.

Throws:

SecurityTokenException - if unable to access the the security token manager.

Method Detail

setCertAlias

public void setCertAlias(String certAlias)
                  throws SecurityTokenException

Sets the alias of the certificate used for issuing WSS token, i.e. WSS X509 Token, WSS SAML Token. If the certAlias is never set, a default certificate will be used for issuing WSS tokens.

Parameters:

certAlias - String alias name for the certificate.

Throws:

SecurityTokenException - if certificate for the certAlias could not be found in key store.

getX509CertificateToken

public BinarySecurityToken getX509CertificateToken()
                                            throws SecurityTokenException

Returns the X509 certificate Token.

Returns:

X509 certificate Token.

Throws:

SecurityTokenException - if the binary security token could not be obtained.

getSAMLBearerToken

public SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity,
                                            SessionContext invocatorSession,
                                            EncryptedResourceID encResourceID,
                                            boolean includeAuthN,
                                            boolean includeResourceAccessStatement,
                                            String recipientProviderID)
                                     throws SecurityTokenException

Creates a SAML assertion. The confirmationMethod will be set to "urn:oasis:names:tc:SAML:1.0:cm:bearer".

Parameters:

senderIdentity - name identifier of the sender.

invocatorSession - SessionContext of the invocation identity, it is normally obtained by the credential reference in the SAML AttributeDesignator for discovery resource offering which is part of the liberty ID-FF AuthenResponse.

encResourceID - Encrypted ID for the resource to be accessed.

includeAuthN - if true, include an AutheticationStatement in the Assertion which will be used for message authentication. if false, no AuthenticationStatement will be included.

includeResourceAccessStatement - if true, a ResourceAccessStatement will be included in the Assertion (for AuthorizeRequester directive). If false, a SessionContextStatement will be included in the Assertion (for AuthenticationSessionContext directive). In the case when both AuthorizeRequester and AuthenticationSessionContext directive need to be handled, use "true" as parameter here since the SessionContext will always be included in the ResourceAccessStatement.

recipientProviderID - recipient's provider ID.

Returns:

the SecurityAssertion object.

Throws:

SecurityTokenException - if the assertion could not be obtained