WSSecurityUtils

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle BPEL Process Manager
Client API Reference
10g Release 2 (10.1.2)
B25709-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.oracle.bpel.security.util
Class WSSecurityUtils

java.lang.Object com.oracle.bpel.security.util.WSSecurityUtils

public class WSSecurityUtils
extends java.lang.Object

Util-class that contains usefull WSSecurity utils - like basic ws-security usernametoken creation. should be changed to code-product API in a later release.
These generated tokens comply to WS-Policy and MUST be understood by the server.
History

1.9 - fix bug due to inconsistent header information coming in certain cases (4611039)
1.10 - fix bug with creation date - incoming, wrong node was taken (4619045)
1.11 - fix bug to be able to generate OASIS compatible headerelements, inbound and outbound (4689302)
1.12 - wsse:Credential not longer valid -> change to wsse:Password (4725011)

Version:: 1.12
Author:: clemens utschig (oracle corporation)

Field Summary
`static java.lang.String`	`EXT_CREATED` constant for external created date, the date (if there) will be stored with this key
`static java.lang.String`	`EXT_CREDENTIAL` constant for external credential, the credential (if there) will be stored with this key
`static java.lang.String`	`EXT_USERNAME` Constant for external user, the user will be stored with this key
`static QName`	`WSSE_QN_Security` QNAME for WS-Security Token (wsse:Security) in namespace http://schemas.xmlsoap.org/ws/2002/07/secext
`static QName`	`WSSE_QN_Security_OASIS` QNAME for WS-Security Token OASIS Namespace(wsse:Security) in namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

Method Summary
`static SOAPHeaderElement`	`createOASISWSSecurityHeader(java.lang.String pUsername, java.lang.String pCredential, boolean pIsWSPolicyCompliant)` Creates an OASIS compliant wsse Header Element <wsse:Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1"> <wsse:UsernameToken xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome</wsse:Password> </wsse:UsernameToken> </wsse:Security>
`static SOAPHeaderElement`	`createWSSecurityHeader(java.lang.String pUsername, java.lang.String pCredential)` Creates a WS-Policy compliant Username token headerElement.
`static SOAPHeaderElement`	`createWSSecurityHeader(java.lang.String pUsername, java.lang.String pCredential, boolean pIsWSPolicyCompliant)` Creates a WSSecurity compliant token from username and password - UsernameToken!! This username token can contain just a username without credential too. Since version 1.1 a Created field (wsu:Created) is attached to the signature Since version 1.2 a Nonce field (wsse:Nonce) is created
`static java.util.Hashtable`	`extractCredentialsFromWSSecurityHeader(SOAPHeader pHeader)` Extracts and processes the credentials from a WS-Security element in a SOAPHeader.
`static java.util.Hashtable`	`extractCredentialsFromWSSecurityHeaderElement(SOAPHeaderElement pHeaderElement)` Extracts and processes the credentials from a WS-Security element.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EXT_USERNAME

public static final java.lang.String EXT_USERNAME

Constant for external user, the user will be stored with this key

See Also:: extractCredentialsFromWSSecurityHeader(SOAPHeader), WSSecurityUtils#extractCredentialsFromWSSecurityHeaderElement(SOAPHeaderElement)(SOAPHeader), Constant Field Values

EXT_CREDENTIAL

public static final java.lang.String EXT_CREDENTIAL

constant for external credential, the credential (if there) will be stored with this key

See Also:: extractCredentialsFromWSSecurityHeader(SOAPHeader), WSSecurityUtils#extractCredentialsFromWSSecurityHeaderElement(SOAPHeaderElement)(SOAPHeader), Constant Field Values

EXT_CREATED

public static final java.lang.String EXT_CREATED

constant for external created date, the date (if there) will be stored with this key

See Also:: extractCredentialsFromWSSecurityHeader(SOAPHeader), WSSecurityUtils#extractCredentialsFromWSSecurityHeaderElement(SOAPHeaderElement)(SOAPHeader), Constant Field Values

WSSE_QN_Security

public static final QName WSSE_QN_Security

QNAME for WS-Security Token (wsse:Security) in namespace http://schemas.xmlsoap.org/ws/2002/07/secext

WSSE_QN_Security_OASIS

public static final QName WSSE_QN_Security_OASIS

QNAME for WS-Security Token OASIS Namespace(wsse:Security) in namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

Method Detail

createWSSecurityHeader

public static SOAPHeaderElement createWSSecurityHeader(java.lang.String pUsername,
                                                       java.lang.String pCredential,
                                                       boolean pIsWSPolicyCompliant)
                                                throws SOAPException

Creates a WSSecurity compliant token from username and password - UsernameToken!! This username token can contain just a username without credential too.
Since version 1.1 a Created field (wsu:Created) is attached to the signature
Since version 1.2 a Nonce field (wsse:Nonce) is created

   <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next"
                  soapenv:mustUnderstand="1"
                  xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
     <wsse:UsernameToken>
       <wsse:Username>USERNAME</wsse:Username>
       <wsse:Password>PASSWORD</wsse:Password>
       <wsse:Nonce>A NONCE</wsse:Nonce>
       <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            Mon Aug 01 11:18:40 CEST 2005
       </wsu:Created>
     </wsse:UsernameToken>
   </wsse:Security>

Parameters:: pCredential - the credential; pUsername - the username; pIsWSPolicyCompliant - specifies wheter the header must be processed by the server (true/false)
Returns:: the headerElement representing the credentials
Throws:: javax.xml.soap.SOAPException - in case the token couldn't be generated; SOAPException

createWSSecurityHeader

public static SOAPHeaderElement createWSSecurityHeader(java.lang.String pUsername,
                                                       java.lang.String pCredential)
                                                throws SOAPException

Creates a WS-Policy compliant Username token headerElement.

Parameters:: pUsername - the username; pCredential - the credential
Returns:: a ws-policy compliant username token
Throws:: SOAPException - in case the token could not be generated
See Also:: org.collaxa.thirdparty.apache.axis.message.SOAPHeaderElement, createWSSecurityHeader(String, String, boolean)

extractCredentialsFromWSSecurityHeaderElement

public static java.util.Hashtable extractCredentialsFromWSSecurityHeaderElement(SOAPHeaderElement pHeaderElement)
                                                                         throws SOAPException

Extracts and processes the credentials from a WS-Security element.
Per default, the BPEL SOAP Server Security expects a username AND credential in the token otherwise an exception will be thrown.
The only possibility to turn "username-only" on, is to set the following Systemproperty [wsse.allowUsernameOnly] to true.

Parameters:: pHeaderElement - the SOAPHeaderElement containing the security header element
Returns:: a hashtable with username / credential / created
Throws:: javax.xml.soap.SOAPException - in case the headerelement is incomplete or not according to the spec; SOAPException

extractCredentialsFromWSSecurityHeader

public static java.util.Hashtable extractCredentialsFromWSSecurityHeader(SOAPHeader pHeader)
                                                                  throws SOAPException

Extracts and processes the credentials from a WS-Security element in a SOAPHeader.
Per default, the BPEL SOAP Server Security expects a username AND credential in the token otherwise an exception will be thrown.
The only possibility to turn "username-only" on, is to set the following Systemproperty [wsse.allowUsernameOnly] to true.

Parameters:: pHeader - the SOAPHeader containing the security header element
Returns:: a hashtable with username / credential / created
Throws:: javax.xml.soap.SOAPException - in case the headerelement is incomplete or not according to the spec; SOAPException

createOASISWSSecurityHeader

public static SOAPHeaderElement createOASISWSSecurityHeader(java.lang.String pUsername,
                                                            java.lang.String pCredential,
                                                            boolean pIsWSPolicyCompliant)
                                                     throws SOAPException

Creates an OASIS compliant wsse Header Element

   <wsse:Security
       xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
     env:mustUnderstand="1">
     <wsse:UsernameToken
       xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wsse:Username>admin</wsse:Username>
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome</wsse:Password>
     </wsse:UsernameToken>
   </wsse:Security>

Parameters:: pUsername - the username; pCredential - the password; pIsWSPolicyCompliant - if mustUnderstand is set
Returns:: an OASIS compliant header element
Throws:: SOAPException - in case the element could not be created

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle BPEL Process Manager
Client API Reference
10g Release 2 (10.1.2)
B25709-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.oracle.bpel.security.util Class WSSecurityUtils

EXT_USERNAME

EXT_CREDENTIAL

EXT_CREATED

WSSE_QN_Security

WSSE_QN_Security_OASIS

createWSSecurityHeader

createWSSecurityHeader

extractCredentialsFromWSSecurityHeaderElement

extractCredentialsFromWSSecurityHeader

createOASISWSSecurityHeader

com.oracle.bpel.security.util
Class WSSecurityUtils