Package org.apache.wss4j.dom.validate

Class UsernameTokenValidator

  • All Implemented Interfaces:
    Validator
    public class UsernameTokenValidator
extends Object
implements Validator
    This class validates a processed UsernameToken, extracted from the Credential passed to the validate method.

    • Constructor Detail

      • UsernameTokenValidator

        public UsernameTokenValidator()

    • Method Detail

      • validate

        public Credential validate​(Credential credential,
                           RequestData data)
                    throws WSSecurityException
        Validate the credential argument. It must contain a non-null UsernameToken. A CallbackHandler implementation is also required to be set. If the password type is either digest or plaintext, it extracts a password from the CallbackHandler and then compares the passwords appropriately. If the password is null it queries a hook to allow the user to validate UsernameTokens of this type.
        Specified by:
        validate in interface Validator
        Parameters:
        credential - the Credential to be validated
        data - the RequestData associated with the request
        Returns:
        a validated Credential
        Throws:
        WSSecurityException - on a failed validation

      • verifyCustomPassword

        protected void verifyCustomPassword​(UsernameToken usernameToken,
                                    RequestData data)
                             throws WSSecurityException
        Verify a UsernameToken containing a password of some unknown (but specified) password type. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyPlaintextPassword case, but it in a separate protected method to allow users to override the validation of the custom password type specific case.
        Parameters:
        usernameToken - The UsernameToken instance to verify
        Throws:
        WSSecurityException - on a failed authentication.

      • verifyPlaintextPassword

        protected void verifyPlaintextPassword​(UsernameToken usernameToken,
                                       RequestData data)
                                throws WSSecurityException
        Verify a UsernameToken containing a plaintext password. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password. This method currently uses the same logic as the verifyDigestPassword case, but it in a separate protected method to allow users to override the validation of the plaintext password specific case.
        Parameters:
        usernameToken - The UsernameToken instance to verify
        Throws:
        WSSecurityException - on a failed authentication.

      • verifyDigestPassword

        protected void verifyDigestPassword​(UsernameToken usernameToken,
                                    RequestData data)
                             throws WSSecurityException
        Verify a UsernameToken containing a password digest. It does this by querying a CallbackHandler instance to obtain a password for the given username, and then comparing it against the received password.
        Parameters:
        usernameToken - The UsernameToken instance to verify
        Throws:
        WSSecurityException - on a failed authentication.

      • verifyUnknownPassword

        protected void verifyUnknownPassword​(UsernameToken usernameToken,
                                     RequestData data)
                              throws WSSecurityException
        Verify a UsernameToken containing no password. An exception is thrown unless the user has explicitly allowed this use-case via WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD
        Parameters:
        usernameToken - The UsernameToken instance to verify
        Throws:
        WSSecurityException - on a failed authentication.