Class UsernameToken
- java.lang.Object
-
- org.apache.wss4j.dom.message.token.UsernameToken
-
public class UsernameToken extends Object
UsernameToken according to WS Security specifications, UsernameToken profile. Enhanced to support digest password type for username token signature Enhanced to support passwordless usernametokens as allowed by spec.
-
-
Field Summary
Fields Modifier and Type Field Description static String
BASE64_ENCODING
static int
DEFAULT_ITERATION
static String
PASSWORD_TYPE
static QName
TOKEN
-
Constructor Summary
Constructors Constructor Description UsernameToken(boolean milliseconds, Document doc)
Constructs aUsernameToken
object according to the defined parameters.UsernameToken(boolean milliseconds, Document doc, String pwType)
Constructs aUsernameToken
object according to the defined parameters.UsernameToken(boolean milliseconds, Document doc, WSTimeSource timeSource, String pwType)
UsernameToken(Element elem, boolean allowNamespaceQualifiedPasswordTypes, BSPEnforcer bspEnforcer)
Constructs aUsernameToken
object and parses thewsse:UsernameToken
element to initialize it.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCreated(boolean milliseconds, WSTimeSource timeSource, Document doc)
Creates and adds a Created element to this UsernameTokenvoid
addCreated(boolean milliseconds, Document doc)
Creates and adds a Created element to this UsernameTokenvoid
addIteration(Document doc, int iteration)
Creates and adds a Iteration element to this UsernameTokenvoid
addNonce(Document doc)
Creates and adds a Nonce element to this UsernameTokenvoid
addSalt(Document doc, byte[] saltValue, boolean mac)
Adds a Salt element to this UsernameToken.void
addWSSENamespace()
Add the WSSE Namespace to this UT.void
addWSUNamespace()
Add the WSU Namespace to this UT.boolean
containsPasswordElement()
Return true if this UsernameToken contains a Password elementPrincipal
createPrincipal()
Create a WSUsernameTokenPrincipal from this UsernameToken objectboolean
equals(Object object)
String
getCreated()
Get the created timestamp.Instant
getCreatedDate()
Return the Created Element as a Date objectbyte[]
getDerivedKey(BSPEnforcer bspEnforcer, String rawPassword)
This method gets a derived key as defined in WSS Username Token Profile.Element
getElement()
Returns the dom element of thisUsernameToken
object.String
getID()
Gets the id.int
getIteration()
Get the Iteration value of this UsernameToken.String
getName()
Get the user name.String
getNonce()
Get the nonce.String
getPassword()
Gets the password string.boolean
getPasswordsAreEncoded()
String
getPasswordType()
byte[]
getSalt()
Get the Salt value of this UsernameToken.int
hashCode()
boolean
isDerivedKey()
Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1.boolean
isHashed()
Get the hashed indicator.void
setID(String id)
Set the id of this username token.void
setName(String name)
Set the user name.void
setPassword(String pwd)
Sets the password string.void
setPasswordsAreEncoded(boolean passwordsAreEncoded)
String
toString()
Returns the string representation of the token.boolean
verifyCreated(int timeToLive, int futureTimeToLive)
Return true if the "Created" value is before the current time minus the timeToLive argument, and if the Created value is not "in the future".
-
-
-
Field Detail
-
BASE64_ENCODING
public static final String BASE64_ENCODING
- See Also:
- Constant Field Values
-
PASSWORD_TYPE
public static final String PASSWORD_TYPE
- See Also:
- Constant Field Values
-
DEFAULT_ITERATION
public static final int DEFAULT_ITERATION
- See Also:
- Constant Field Values
-
TOKEN
public static final QName TOKEN
-
-
Constructor Detail
-
UsernameToken
public UsernameToken(Element elem, boolean allowNamespaceQualifiedPasswordTypes, BSPEnforcer bspEnforcer) throws WSSecurityException
Constructs aUsernameToken
object and parses thewsse:UsernameToken
element to initialize it.- Parameters:
elem
- thewsse:UsernameToken
element that contains the UsernameToken dataallowNamespaceQualifiedPasswordTypes
- whether to allow (wsse) namespace qualified password types or not (for interop with WCF)bspEnforcer
- a BSPEnforcer instance to enforce BSP rules- Throws:
WSSecurityException
-
UsernameToken
public UsernameToken(boolean milliseconds, Document doc)
Constructs aUsernameToken
object according to the defined parameters. This constructs set the password encoding toWSS4JConstants.PASSWORD_DIGEST
- Parameters:
doc
- the SOAP envelope asDocument
-
UsernameToken
public UsernameToken(boolean milliseconds, Document doc, String pwType)
Constructs aUsernameToken
object according to the defined parameters.- Parameters:
doc
- the SOAP envelope asDocument
pwType
- the required password encoding, eitherWSS4JConstants.PASSWORD_DIGEST
orWSS4JConstants.PASSWORD_TEXT
orWSS4JConstants.PW_NONE
null
if no password required
-
UsernameToken
public UsernameToken(boolean milliseconds, Document doc, WSTimeSource timeSource, String pwType)
-
-
Method Detail
-
addWSSENamespace
public void addWSSENamespace()
Add the WSSE Namespace to this UT. The namespace is not added by default for efficiency purposes.
-
addWSUNamespace
public void addWSUNamespace()
Add the WSU Namespace to this UT. The namespace is not added by default for efficiency purposes.
-
addNonce
public void addNonce(Document doc)
Creates and adds a Nonce element to this UsernameToken
-
addCreated
public void addCreated(boolean milliseconds, Document doc)
Creates and adds a Created element to this UsernameToken
-
addCreated
public void addCreated(boolean milliseconds, WSTimeSource timeSource, Document doc)
Creates and adds a Created element to this UsernameToken
-
addSalt
public void addSalt(Document doc, byte[] saltValue, boolean mac)
Adds a Salt element to this UsernameToken.- Parameters:
doc
- The Document for the UsernameTokensaltValue
- The salt to add.mac
- Iftrue
then an optionally generated value is usable for a MAC
-
addIteration
public void addIteration(Document doc, int iteration)
Creates and adds a Iteration element to this UsernameToken
-
getName
public String getName()
Get the user name.- Returns:
- the data from the user name element.
-
setName
public void setName(String name)
Set the user name.- Parameters:
name
- sets a text node containing the use name into the user name element.
-
getNonce
public String getNonce()
Get the nonce.- Returns:
- the data from the nonce element.
-
getCreated
public String getCreated()
Get the created timestamp.- Returns:
- the data from the created time element.
-
getCreatedDate
public Instant getCreatedDate()
Return the Created Element as a Date object- Returns:
- the Created Date
-
getPassword
public String getPassword()
Gets the password string. This is the password as it is in the password element of a username token. Thus it can be either plain text or the password digest value.- Returns:
- the password string or
null
if no such node exists.
-
containsPasswordElement
public boolean containsPasswordElement()
Return true if this UsernameToken contains a Password element
-
getSalt
public byte[] getSalt() throws WSSecurityException
Get the Salt value of this UsernameToken.- Returns:
- Returns the binary Salt value or
null
if no Salt value is available in the username token. - Throws:
WSSecurityException
-
getIteration
public int getIteration()
Get the Iteration value of this UsernameToken.- Returns:
- Returns the Iteration value. If no Iteration was specified in the username token the default value according to the specification is returned.
-
isHashed
public boolean isHashed()
Get the hashed indicator. If the indicator istrue> the password of the
UsernameToken
was encoded usingWSS4JConstants.PASSWORD_DIGEST
- Returns:
- the hashed indicator.
-
getPasswordType
public String getPasswordType()
- Returns:
- Returns the passwordType.
-
setPassword
public void setPassword(String pwd)
Sets the password string. This function sets the password in theUsernameToken
either as plain text or encodes the password according to the WS Security specifications, UsernameToken profile, into a password digest.- Parameters:
pwd
- the password to use
-
setPasswordsAreEncoded
public void setPasswordsAreEncoded(boolean passwordsAreEncoded)
- Parameters:
passwordsAreEncoded
- whether passwords are encoded
-
getPasswordsAreEncoded
public boolean getPasswordsAreEncoded()
- Returns:
- whether passwords are encoded
-
getElement
public Element getElement()
Returns the dom element of thisUsernameToken
object.- Returns:
- the
wsse:UsernameToken
element
-
toString
public String toString()
Returns the string representation of the token.
-
getID
public String getID()
Gets the id.- Returns:
- the value of the
wsu:Id
attribute of this username token
-
setID
public void setID(String id)
Set the id of this username token.- Parameters:
id
- the value for thewsu:Id
attribute of this username token
-
getDerivedKey
public byte[] getDerivedKey(BSPEnforcer bspEnforcer, String rawPassword) throws WSSecurityException
This method gets a derived key as defined in WSS Username Token Profile.- Parameters:
rawPassword
- The raw password to use to derive the key- Returns:
- Returns the derived key as a byte array
- Throws:
WSSecurityException
-
isDerivedKey
public boolean isDerivedKey() throws WSSecurityException
Return whether the UsernameToken represented by this class is to be used for key derivation as per the UsernameToken Profile 1.1. It does this by checking that the username token has salt and iteration values.- Throws:
WSSecurityException
-
createPrincipal
public Principal createPrincipal() throws WSSecurityException
Create a WSUsernameTokenPrincipal from this UsernameToken object- Throws:
WSSecurityException
-
verifyCreated
public boolean verifyCreated(int timeToLive, int futureTimeToLive)
Return true if the "Created" value is before the current time minus the timeToLive argument, and if the Created value is not "in the future".- Parameters:
timeToLive
- the value in seconds for the validity of the Created timefutureTimeToLive
- the value in seconds for the future validity of the Created time- Returns:
- true if the UsernameToken is before (now-timeToLive), false otherwise
-
-