Package org.apache.cxf.ws.security.trust

Class STSTokenValidator

java.lang.Object
org.apache.cxf.ws.security.trust.STSTokenValidator
All Implemented Interfaces:
Validator
public class STSTokenValidator extends Object implements Validator
A WSS4J-based Validator to validate a received WS-Security credential by dispatching it to a STS via WS-Trust. The default binding is "validate", but "issue" is also possible by setting the "useIssueBinding" property. In this case, the credentials are sent via "OnBehalfOf" unless the "useOnBehalfOf" property is set to "false", in which case the credentials are used depending on the security policy of the STS endpoint (e.g. in a UsernameToken if this is what the policy requires). Setting "useOnBehalfOf" to "false" + "useIssueBinding" to "true" only works for validating UsernameTokens.

  • Constructor Details

    • STSTokenValidator

      public STSTokenValidator()

    • STSTokenValidator

      public STSTokenValidator(boolean alwaysValidateToSts)
      Construct a new instance.
      Parameters:
      alwaysValidateToSts - whether to always validate the token to the STS

  • Method Details

    • validate

      public Credential validate(Credential credential, RequestData data) throws WSSecurityException
      Description copied from interface: Validator
      Validate the credential argument. This method returns a Credential instance that represents the validated credential. This instance can be the same as the instance that was validated, or it can represent some transformation of the initial Credential instance.
      Specified by:
      validate in interface Validator
      Parameters:
      credential - the Credential to be validated
      data - the RequestData associated with the request
      Returns:
      a validated Credential
      Throws:
      WSSecurityException - on a failed validation

    • validateWithSTS

      public Credential validateWithSTS(Credential credential, Message message) throws WSSecurityException
      Throws:
      WSSecurityException

    • isValidatedLocally

      protected boolean isValidatedLocally(Credential credential, RequestData data) throws WSSecurityException
      Throws:
      WSSecurityException

    • isUseIssueBinding

      public boolean isUseIssueBinding()

    • setUseIssueBinding

      public void setUseIssueBinding(boolean useIssueBinding)

    • isUseOnBehalfOf

      public boolean isUseOnBehalfOf()

    • setUseOnBehalfOf

      public void setUseOnBehalfOf(boolean useOnBehalfOf)

    • getStsClient

      public STSClient getStsClient()

    • setStsClient

      public void setStsClient(STSClient stsClient)

    • getTokenStore

      public TokenStore getTokenStore()

    • setTokenStore

      public void setTokenStore(TokenStore tokenStore)

    • isDisableCaching

      public boolean isDisableCaching()

    • setDisableCaching

      public void setDisableCaching(boolean disableCaching)