Package org.apache.wss4j.dom.validate
Class UsernameTokenValidator
- java.lang.Object
-
- org.apache.wss4j.dom.validate.UsernameTokenValidator
-
-
Constructor Summary
Constructors Constructor Description UsernameTokenValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Credential
validate(Credential credential, RequestData data)
Validate the credential argument.protected void
verifyCustomPassword(UsernameToken usernameToken, RequestData data)
Verify a UsernameToken containing a password of some unknown (but specified) password type.protected void
verifyDigestPassword(UsernameToken usernameToken, RequestData data)
Verify a UsernameToken containing a password digest.protected void
verifyPlaintextPassword(UsernameToken usernameToken, RequestData data)
Verify a UsernameToken containing a plaintext password.protected void
verifyUnknownPassword(UsernameToken usernameToken, RequestData data)
Verify a UsernameToken containing no password.
-
-
-
Method Detail
-
validate
public Credential validate(Credential credential, RequestData data) throws WSSecurityException
Validate the credential argument. It must contain a non-null UsernameToken. A CallbackHandler implementation is also required to be set. If the password type is either digest or plaintext, it extracts a password from the CallbackHandler and then compares the passwords appropriately. If the password is null it queries a hook to allow the user to validate UsernameTokens of this type.- Specified by:
validate
in interfaceValidator
- Parameters:
credential
- the Credential to be validateddata
- the RequestData associated with the request- Returns:
- a validated Credential
- Throws:
WSSecurityException
- on a failed validation
-
verifyCustomPassword
protected void verifyCustomPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
Verify a UsernameToken containing a password of some unknown (but specified) password type. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyPlaintextPassword case, but it in a separate protected method to allow users to override the validation of the custom password type specific case.- Parameters:
usernameToken
- The UsernameToken instance to verify- Throws:
WSSecurityException
- on a failed authentication.
-
verifyPlaintextPassword
protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
Verify a UsernameToken containing a plaintext password. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyDigestPassword case, but it in a separate protected method to allow users to override the validation of the plaintext password specific case.- Parameters:
usernameToken
- The UsernameToken instance to verify- Throws:
WSSecurityException
- on a failed authentication.
-
verifyDigestPassword
protected void verifyDigestPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
Verify a UsernameToken containing a password digest. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password.- Parameters:
usernameToken
- The UsernameToken instance to verify- Throws:
WSSecurityException
- on a failed authentication.
-
verifyUnknownPassword
protected void verifyUnknownPassword(UsernameToken usernameToken, RequestData data) throws WSSecurityException
Verify a UsernameToken containing no password. An exception is thrown unless the user has explicitly allowed this use-case via WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD- Parameters:
usernameToken
- The UsernameToken instance to verify- Throws:
WSSecurityException
- on a failed authentication.
-
-