Package org.apache.cxf.ws.security.wss4j

Class AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator

java.lang.Object
org.apache.wss4j.dom.validate.UsernameTokenValidator
org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator
All Implemented Interfaces:
Validator
Enclosing class:
AbstractUsernameTokenAuthenticatingInterceptor
protected class AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator extends UsernameTokenValidator

  • Constructor Details

    • CustomValidator

      protected CustomValidator()

  • Method Details

    • verifyCustomPassword

      protected void verifyCustomPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Description copied from class: UsernameTokenValidator
      Verify a UsernameToken containing a password of some unknown (but specified) password type. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyPlaintextPassword case, but it in a separate protected method to allow users to override the validation of the custom password type specific case.
      Overrides:
      verifyCustomPassword in class UsernameTokenValidator
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyPlaintextPassword

      protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Description copied from class: UsernameTokenValidator
      Verify a UsernameToken containing a plaintext password. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyDigestPassword case, but it in a separate protected method to allow users to override the validation of the plaintext password specific case.
      Overrides:
      verifyPlaintextPassword in class UsernameTokenValidator
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyDigestPassword

      protected void verifyDigestPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Description copied from class: UsernameTokenValidator
      Verify a UsernameToken containing a password digest. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password.
      Overrides:
      verifyDigestPassword in class UsernameTokenValidator
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.

    • verifyUnknownPassword

      protected void verifyUnknownPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
      Description copied from class: UsernameTokenValidator
      Verify a UsernameToken containing no password. An exception is thrown unless the user has explicitly allowed this use-case via WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD
      Overrides:
      verifyUnknownPassword in class UsernameTokenValidator
      Parameters:
      usernameToken - The UsernameToken instance to verify
      Throws:
      WSSecurityException - on a failed authentication.