ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Ws Wiki] Update of "FrontPage/WsFx/wss4jFAQ" by WernerDittmann
Date Tue, 22 May 2007 08:49:20 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.

The following page has been changed by WernerDittmann:
http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ

------------------------------------------------------------------------------
   1. [#npe Spurious Null Pointer Exception]
   1. [#debug Where can I change the debug level of wss4j?]
   1. [#many I have many clients and one service (and I need signature+encryption). Is there
a way to handle many client certs?]
-  1. [#usernme How do i extract user's name or certificate info from my web service?]
+  1. [#usernme How can a Web Service check and access the results of security actions?]
   1. [#time Timestamp handling in WSS4J]
  
  
@@ -192, +192 @@

  trust handling inside WSDo``All``Receiver except that you need a very special certificate
trust verification.
  
  [[Anchor(usernme)]]
- ==== How do i extract user's name or certificate info from my web service? ====
+ ==== How can a Web Service check and access the results of security actions? ====
  {{{
  MessageContext msgContext = MessageContext.getCurrentContext();
  Vector results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
@@ -219, +219 @@

  }
  }}}
  
+ The getter methods of {{{WSSecurityEngineResult}}} are depreciated. The new version of {{{WSSecurityEngineResult}}}
inherits from Java's {{{HashMap}}}. Web Services shall use the standard {{{get()}}} to retrieve
data from {{{WSSecurityEngineResult}}} (see examples below).
+ 
+ The WSS4J handler stores the results in the Axis message context.
+ 
+ At first the web service fetches the vector that contains the results of all WSS4J handler
invocations for a request. There maybe several invocation (chained handlers) because a request
may contain several security elements for different actors.
+ 
+ The web service may check the actor's name in each {{{WSHandlerResult}}} using {{{getActor()}}}
(not show above). If the actor's name matches or if this is the only handler result object
the web service can check the result of each security action.
+ 
+ The web service gets the vector of the security results from the handler result using {{{getResults()}}}.
This vector contains a number of {{{WSSecurityEngineResult}}} objects that contain further
information for each performed secutity action.
+ 
+ 
+ Examples:
+ 
+ To get a principal:
+ {{{
+ java.security.Principal principal = (java.security.Principal)eResult.get(WSSecurityEngineResults.TAG_PRINCIPAL);
+ }}}
+ 
+ At this point the Web Service may check the principal's type, depending on the security
action (see above).
+ To get the {{{action}}}
+ {{{
+ int action = ((java.lang.Integer)eResult.get(WSSecurityEngineResults.TAG_ACTION)).intValue()
+ }}}
+ 
+ ===== Accessible data in WSSecurityEngineResult depending on security actions =====
+ 
+ For Signatures the {{{WSSecurityEngineResult}}} map contains:
+  * The principal that signed the request, for example the distinguished name
+  of the certificate, the {{{SUsernameTokenPrincipal}}}, or the 
+  {{{WSDerivedKeyTokenPrincipal}}}. This depends on the request.
+ 
+  * The certificate used to sign the request if it is a request according to the
+  WS X.509 profile, not used otherwise
+ 
+  * The Set of elements that this Signature covers
+ 
+  * A byte array that contains the Signature value
+ 
+ The web service can access these data using getter methods (deprectiated) or standard {{{HashMap}}}
get methods. See the ''Javadoc'' documentation of {{{WSSecurityEngineResults}}}.
+ 
  [[Anchor(time)]]
  ==== Timestamp handling in WSS4J ====
  WSS4J supports several time features and options. If you just use the

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@ws.apache.org
For additional commands, e-mail: general-help@ws.apache.org


Mime
View raw message