com.ibm.websphere.wssecurity.wssapi.token

Class GenericSecurityTokenFactory

  1. java.lang.Object
  2. extended bycom.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory
  1. public abstract class GenericSecurityTokenFactory
  2. extends java.lang.Object

This API is used for the creation of security tokens.

The code snippets that are shown below demonstrate how to use this API to create security tokens:

Sample code for creating a fully-populated UsernameToken 
   GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance();
 
   UsernameToken unt = gstFactory.getFullUsernameToken(username,password);
Sample code for creating a custom token 
   GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance();
   
   // 1. Create the valueType
   javax.xml.namespace.QName valueType = new QName("", "http://myToken");
 
   // 2. Get a unique ID
   String uniqueID = gstFactory.createUniqueId();
 
   // 3. Build the custom element
   org.w3c.dom.Element customElement = buildmyTokenElement(uniqueId);
 
   // 4. Create the security token
   GenericSecurityToken myToken = gstFactory.getToken(customElement, valueType);

Constructor Summary

Constructor and Description
GenericSecurityTokenFactory()

Method Summary

Modifier and Type Method and Description
  1. abstract
  2. java.lang.String
 createUniqueId()
Create a Unique ID that can be put into a custom token so that it can be referred to properly when being individually signed or encrypted.
  1. abstract
  2. SecurityToken
 getConsumerTokenFromSharedState(java.util.Map sharedState,javax.xml.namespace.QName valueType)
Get a consumed token from the shared state.
  1. abstract
  2. UsernameToken
 getFullUsernameToken(java.lang.String username)
Create a fully-populated UsernameToken with a username and no password.
  1. abstract
  2. UsernameToken
 getFullUsernameToken(java.lang.String username,char[] password)
Create a fully-populated UsernameToken with a username and password.
  1. abstract
  2. UsernameToken
 getFullUsernameToken(java.lang.String username,char[] password,boolean useTimestamp)
Create a fully-populated UsernameToken with a username, password, and timestamp.
  1. abstract
  2. SecurityToken
 getGeneratorTokenFromSharedState(java.util.Map sharedState,javax.xml.namespace.QName valueType)
Get a generated token from the shared state.
  1. static
  2. GenericSecurityTokenFactory
 getInstance()
Retrieves an instance of the GenericSecurityTokenFactory
  1. abstract
  2. BinarySecurityToken
 getSimpleBinarySecurityToken(java.lang.Class tokenClass,byte[] binary)
Create a sparse BinarySecurityToken (no XML) for use with binary security token generators (like LTPA).
  1. abstract
  2. UsernameToken
 getSimpleUsernameToken(java.lang.String username)
Create a sparse UsernameToken (no XML) with a username and password to pass to the UNTGenerateLoginModule.
  1. abstract
  2. UsernameToken
 getSimpleUsernameToken(java.lang.String username,char[] password)
Create a sparse UsernameToken (no XML) with a username to pass to the UNTGenerateLoginModule.
  1. abstract
  2. X509Token
 getSimpleX509PrivateToken(java.security.cert.X509Certificate certificate,java.security.Key privateKey)
Create a sparse X509Token (no XML) that contains a private key.
  1. abstract
  2. X509Token
 getSimpleX509PublicToken(java.security.cert.X509Certificate certificate)
Create a sparse X509Token (no XML) that contains just a public certificate.
  1. abstract
  2. X509Token
 getSimpleX509Token(java.security.cert.X509Certificate certificate,java.security.Key privateKey)
Create a sparse X509Token (no XML).
  1. abstract
  2. GenericSecurityToken
 getToken()
Create an unpupulated GenericSecurityToken.
  1. abstract
  2. GenericSecurityToken
 getToken(org.w3c.dom.Element element,javax.xml.namespace.QName valueType)
Create a custom GenericSecurityToken from a org.w3c.dom element
  1. abstract
  2. GenericSecurityToken
 getToken(org.apache.axiom.om.OMElement element,javax.xml.namespace.QName valueType)
Create a custom GenericSecurityToken from an OMElement
  1. abstract
  2. GenericSecurityToken
 getToken(java.lang.String xmlFragment,javax.xml.namespace.QName valueType)
Create a custom GenericSecurityToken from an XML fragment given as a String
  1. abstract
  2. void
 putAuthenticatedTokenToSharedState(java.util.Map sharedState,SecurityToken token)
Put a token that has been authenticated by a login module into the shared state.
  1. abstract
  2. void
 putConsumerTokenToSharedState(java.util.Map sharedState,SecurityToken token)
Put a consumed token on the shared state.
  1. abstract
  2. void
 putGeneratorTokenToSharedState(java.util.Map sharedState,SecurityToken token)
Put a generated token on the shared state.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GenericSecurityTokenFactory

  1. public GenericSecurityTokenFactory( )

Method Detail

getInstance

  1. public static GenericSecurityTokenFactory getInstance( )
  2. throws WSSException
Retrieves an instance of the GenericSecurityTokenFactory
Returns:
GenericSecurityTokenFactory object
Throws:
WSSException - if the illegal access occurs or if the WSSFactory instance is not generated.

getToken

  1. public abstract GenericSecurityToken getToken( )
Create an unpupulated GenericSecurityToken.
Returns:
unpopulated GenericSecurityToken

getToken

  1. public abstract GenericSecurityToken getToken( org.apache.axiom.om.OMElement element,
  2. javax.xml.namespace.QName valueType)
Create a custom GenericSecurityToken from an OMElement
Parameters:
element - axiom representation of the custom element
valueType - the token's value type
Returns:
a fully-populated custom GenericSecurityToken

getToken

  1. public abstract GenericSecurityToken getToken( org.w3c.dom.Element element,
  2. javax.xml.namespace.QName valueType)
  3. throws java.lang.Exception
Create a custom GenericSecurityToken from a org.w3c.dom element
Parameters:
element - w3c.dom representation of the custom element
valueType - the token's value type
Returns:
a fully-populated custom GenericSecurityToken
Throws:
java.lang.Exception

getToken

  1. public abstract GenericSecurityToken getToken( java.lang.String xmlFragment,
  2. javax.xml.namespace.QName valueType)
  3. throws java.lang.Exception
Create a custom GenericSecurityToken from an XML fragment given as a String
Parameters:
xmlFragment - token represented as a well-formed XML fragment
valueType - the token's value type
Returns:
a fully-populated custom GenericSecurityToken
Throws:
java.lang.Exception

getFullUsernameToken

  1. public abstract UsernameToken getFullUsernameToken( java.lang.String username)
  2. throws javax.security.auth.login.LoginException
Create a fully-populated UsernameToken with a username and no password.
Parameters:
username - username for the UsernameToken element
Returns:
a fully-populated UsernameToken
Throws:
javax.security.auth.login.LoginException

getFullUsernameToken

  1. public abstract UsernameToken getFullUsernameToken( java.lang.String username,
  2. char[] password)
  3. throws javax.security.auth.login.LoginException
Create a fully-populated UsernameToken with a username and password.
Parameters:
username - username for the UsernameToken element
password - password for the UsernameToken element
Returns:
a fully-populated UsernameToken
Throws:
javax.security.auth.login.LoginException

getFullUsernameToken

  1. public abstract UsernameToken getFullUsernameToken( java.lang.String username,
  2. char[] password,
  3. boolean useTimestamp)
  4. throws javax.security.auth.login.LoginException
Create a fully-populated UsernameToken with a username, password, and timestamp.
Parameters:
username - username for the UsernameToken element
password - password for the UsernameToken element. Null for no password.
useTimestamp - true=add timestamp, false=no timestamp
Returns:
a fully-populated UsernameToken
Throws:
javax.security.auth.login.LoginException

createUniqueId

  1. public abstract java.lang.String createUniqueId( )
Create a Unique ID that can be put into a custom token so that it can be referred to properly when being individually signed or encrypted.
Returns:
a Unique ID String

getGeneratorTokenFromSharedState

  1. public abstract SecurityToken getGeneratorTokenFromSharedState( java.util.Map sharedState,
  2. javax.xml.namespace.QName valueType)
Get a generated token from the shared state.

This method can be used by stacked login modules to retrieve a token of the specified value from the com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED property on the shared state.
Parameters:
sharedState - JAAS login module shared state Map
valueType - Value type of the desired token
Returns:
a SecurityToken of the specified value type

getConsumerTokenFromSharedState

  1. public abstract SecurityToken getConsumerTokenFromSharedState( java.util.Map sharedState,
  2. javax.xml.namespace.QName valueType)
Get a consumed token from the shared state.

This method can be used by stacked login modules to retrieve a token of the specified value from the com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_PROCESSED property on the shared state.
Parameters:
sharedState - JAAS login module shared state Map
valueType - Value type of the desired token
Returns:
a SecurityToken of the specified value type

putGeneratorTokenToSharedState

  1. public abstract void putGeneratorTokenToSharedState( java.util.Map sharedState,
  2. SecurityToken token)
Put a generated token on the shared state.

This method can be used by stacked login modules to put a token in a token list on the com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED property in the shared state.
Parameters:
sharedState - JAAS login module shared state Map
token - Token to insert

putConsumerTokenToSharedState

  1. public abstract void putConsumerTokenToSharedState( java.util.Map sharedState,
  2. SecurityToken token)
Put a consumed token on the shared state.

This method can be used by stacked login modules to put a token in a token list on the com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_TO_BE_INSERTED property in the shared state.
Parameters:
sharedState - JAAS login module shared state Map
token - Token to insert

getSimpleUsernameToken

  1. public abstract UsernameToken getSimpleUsernameToken( java.lang.String username)
Create a sparse UsernameToken (no XML) with a username and password to pass to the UNTGenerateLoginModule.
Parameters:
username - username for the UsernameToken element
Returns:
a sparse UsernameToken

getSimpleUsernameToken

  1. public abstract UsernameToken getSimpleUsernameToken( java.lang.String username,
  2. char[] password)
Create a sparse UsernameToken (no XML) with a username to pass to the UNTGenerateLoginModule.
Parameters:
username - username for the UsernameToken element
Returns:
a sparse UsernameToken

getSimpleX509PublicToken

  1. public abstract X509Token getSimpleX509PublicToken( java.security.cert.X509Certificate certificate)
Create a sparse X509Token (no XML) that contains just a public certificate.
Parameters:
certificate - public certificate for the token
Returns:
a sparse X509Token

getSimpleX509PrivateToken

  1. public abstract X509Token getSimpleX509PrivateToken( java.security.cert.X509Certificate certificate,
  2. java.security.Key privateKey)
  3. throws WSSException
Create a sparse X509Token (no XML) that contains a private key.
Parameters:
certificate - public certificate for the token (may be null)
privateKey - private key for the token
Returns:
a sparse X509Token
Throws:
WSSException - if the privateKey is null

getSimpleX509Token

  1. public abstract X509Token getSimpleX509Token( java.security.cert.X509Certificate certificate,
  2. java.security.Key privateKey)
Create a sparse X509Token (no XML).
Parameters:
certificate - public certificate for the token (may be null)
privateKey - private key for the token (may be null)
Returns:
a sparse X509Token

getSimpleBinarySecurityToken

  1. public abstract BinarySecurityToken getSimpleBinarySecurityToken( java.lang.Class tokenClass,
  2. byte[] binary)
  3. throws WSSException
Create a sparse BinarySecurityToken (no XML) for use with binary security token generators (like LTPA).

This method is used to obtain sparse BinarySecurityToken's such as LTPAToken.class, LTPAv2Token.class
Parameters:
tokenClass - class name to instantiate for the token
binary - unencoded token bytes for the token
Returns:
a sparse BinarySecurityToken
Throws:
WSSException - if the tokenClass is not a recognized built-in class that extends BinarySecurityToken

putAuthenticatedTokenToSharedState

  1. public abstract void putAuthenticatedTokenToSharedState( java.util.Map sharedState,
  2. SecurityToken token)
Put a token that has been authenticated by a login module into the shared state.

This method should be used specifically by login modules that are stacked under UNTConsumeLoginModule and a configuration is in place to defer the authentication of the UsernameToken to the stacked login module. The SAME username token that was obtained from the shared state with getConsumerTokenFromSharedState to authenticate must be put back onto the shared state using this method. If the objects do not match, UNTConsumeLoginModule will assume that the token has not be authenticated and will throw a LoginException. With UNTConsumeLoginModule, to defer authentication to a stacked login module, configure the following property in the UsernameToken consumer callback handler:

com.ibm.wsspi.wssecurity.token.UsernameToken.authDeferred=true
Parameters:
sharedState - JAAS login module shared state Map
token - token that has been authenticated