| 
 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
The class SecurityTokenProvider is a provider interface 
 for managing WSS security tokens.
| Method Summary | |
|  SecurityAssertion | getSAMLAuthenticationToken(NameIdentifier senderIdentity)Creates a SAML Assertion for message authentication. | 
|  SecurityAssertion | getSAMLAuthorizationToken(NameIdentifier senderIdentity,
                          SessionContext invocatorSession,
                          EncryptedResourceID encResourceID,
                          boolean includeAuthN,
                          boolean includeResourceAccessStatement)Creates a SAML Assertion for message authorization, the assertion could optionally contain an AuthenticationStatementwhich will be
 used for message authentication. | 
|  SecurityAssertion | getSAMLAuthorizationToken(NameIdentifier senderIdentity,
                          SessionContext invocatorSession,
                          java.lang.String resourceID,
                          boolean includeAuthN,
                          boolean includeResourceAccessStatement)Creates a SAML Assertion for message authorization, the assertion could optionally contain an AuthenticationStatementwhich will be
 used for message authentication. | 
|  SecurityAssertion | getSAMLBearerToken(NameIdentifier senderIdentity,
                   SessionContext invocatorSession,
                   EncryptedResourceID encResourceID,
                   boolean includeAuthN,
                   boolean includeResourceAccessStatement)Creates a SAML assertion. | 
|  SecurityAssertion | getSAMLBearerToken(NameIdentifier senderIdentity,
                   SessionContext invocatorSession,
                   java.lang.String resourceID,
                   boolean includeAuthN,
                   boolean includeResourceAccessStatement)Creates a SAML assertion. | 
|  BinarySecurityToken | getX509CertificateToken()Gets the X509certificate Token. | 
|  void | initialize(java.lang.Object credential,
           XMLSignatureManager sigManager)Initializes the SecurityTokenProvider. | 
|  void | setCertAlias(java.lang.String certAlias)Sets the alias of the certificate used for issuing WSStoken, i.e. | 
|  void | setCertificate(java.security.cert.X509Certificate cert)Sets the certificate used for issuing WSStoken, i.e. | 
| Method Detail | 
public void initialize(java.lang.Object credential,
                       XMLSignatureManager sigManager)
                throws SecurityTokenException
SecurityTokenProvider.credential - The credential of the caller used
   to see if access to this security token provider is allowed.sigManager - instance of XML digital
         signature manager class, used for accessing the certificate
         data store and digital signing of the assertion.SecurityTokenException - if the caller does not have
         privilege to access the security authority manager.
public void setCertAlias(java.lang.String certAlias)
                  throws SecurityTokenException
WSS
 token, i.e. WSS  X509 Token, WSS
 SAML Token. If the certAlias is never set, a default
 certificate will be used for issuing WSS tokens.certAlias - String alias name for the certificateSecurityTokenException - if certificate for the
            certAlias could not be found in key store.
public void setCertificate(java.security.cert.X509Certificate cert)
                    throws SecurityTokenException
WSS token, i.e.
 WSS X509 Token, WSS SAML Token.
 If the certificate is never set, a default certificate will
 be used for issuing WSS tokenscert - X509 certificateSecurityTokenException - if could not set Certificate.
public BinarySecurityToken getX509CertificateToken()
                                            throws SecurityTokenException
X509 certificate Token.X509 certificate Token.SecurityTokenException - if the token could not be 
        obtained.
public SecurityAssertion getSAMLAuthenticationToken(NameIdentifier senderIdentity)
                                             throws SecurityTokenException,
                                                    SAMLException
senderIdentity - name identifier of the sender.AuthenticationStatement.SecurityTokenException - if the assertion could not be
        obtained.SAMLException -  
public SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity,
                                                   SessionContext invocatorSession,
                                                   java.lang.String resourceID,
                                                   boolean includeAuthN,
                                                   boolean includeResourceAccessStatement)
                                            throws SecurityTokenException,
                                                   SAMLException
AuthenticationStatement which will be
 used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of  the invocation
        identity, it is normally obtained by the credential reference in
        the SAML AttributeDesignator for discovery resource
        offering which is part of the liberty ID-FF
        AuthenResponse.- resourceID- id for the resource to be accessed.
- includeAuthN- if true, include an- AutheticationStatementin
        the Assertion which will be used for message
        authentication. if false, no- AuthenticationStatementwill be included.
- includeResourceAccessStatement- if true, a- ResourceAccessStatementwill be included in the
        Assertion (for- AuthorizeRequesterdirective). If
        false, a- SessionContextStatementwill be included in
        the Assertion (for- AuthenticationSessionContextdirective). In the case when both- AuthorizeRequesterand- AuthenticationSessionContextdirective need to be
        handled, use "true" as parameter here since the- SessionContextwill always be included in the- ResourceAccessStatement.
- Returns:
- Assertion
- Throws:
- SecurityTokenException- if the assertion could not be obtained
- SAMLException-
public SecurityAssertion getSAMLAuthorizationToken(NameIdentifier senderIdentity,
                                                   SessionContext invocatorSession,
                                                   EncryptedResourceID encResourceID,
                                                   boolean includeAuthN,
                                                   boolean includeResourceAccessStatement)
                                            throws SecurityTokenException
AuthenticationStatement which will be
 used for message authentication.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
        identity, it is normally obtained by the credential reference in
        the SAML AttributeDesignator for discovery resource
        offering which is part of the liberty ID-FF
        AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an
        AutheticationStatement in the Assertion which will be
        used for message authentication. if false, no
        AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
        ResourceAccessStatement will be included in the
        Assertion (for AuthorizeRequester directive). If
        false, a SessionContextStatement will be included i
        the Assertion (for AuthenticationSessionContext
        directive). In the case when both AuthorizeRequesterAuthenticationSessionContext directive need to be
        handled, use "true" as parameter here since the
        SessionContext will always be included in the
        ResourceAccessStatement.SecurityTokenException - if the assertion could not be obtained
public SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity,
                                            SessionContext invocatorSession,
                                            java.lang.String resourceID,
                                            boolean includeAuthN,
                                            boolean includeResourceAccessStatement)
                                     throws SecurityTokenException,
                                            SAMLException
confirmationMethod will be
 set to urn:oasis:names:tc:SAML:1.0:cm:bearer.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
        identity, it is normally obtained by the credential reference in
        the SAML AttributeDesignator for discovery resource
        offering which is part of the liberty ID-FF
        AuthenResponse.resourceID - id for the resource to be accessed.includeAuthN - if true, include an
        AutheticationStatement in the Assertion which will
        be used for message authentication. if false, no
	      AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
        ResourceAccessStatement will be included in the
        Assertion (for AuthorizeRequester directive). If
        false, a SessionContextStatement will be included in
        the Assertion (for AuthenticationSessionContext
        directive). In the case when both AuthorizeRequester
        and AuthenticationSessionContext directive need to be
	      handled, use "true" as parameter here since the
        SessionContext will always be included in the
	      ResourceAccessStatement.SecurityTokenException - if the assertion could not be obtainedSAMLException - if the assertion could not be obtained
public SecurityAssertion getSAMLBearerToken(NameIdentifier senderIdentity,
                                            SessionContext invocatorSession,
                                            EncryptedResourceID encResourceID,
                                            boolean includeAuthN,
                                            boolean includeResourceAccessStatement)
                                     throws SecurityTokenException
confirmationMethod will be
 set to urn:oasis:names:tc:SAML:1.0:cm:bearer.senderIdentity - name identifier of the sender.invocatorSession - SessionContext of the invocation
        identity, it is normally obtained by the credential reference in
        the SAML AttributeDesignator for discovery resource
        offering which is part of the liberty ID-FF
        AuthenResponse.encResourceID - Encrypted ID for the resource to be accessed.includeAuthN - if true, include an
        AutheticationStatement in the Assertion which will
        be used for message authentication. if false, no
        AuthenticationStatement will be included.includeResourceAccessStatement - if true, a
        ResourceAccessStatement will be included in the
        Assertion (for AuthorizeRequester directive). If
        false, a SessionContextStatement will be included
        in the Assertion (for AuthenticationSessionContext
        directive). In the case when both AuthorizeRequester
        and AuthenticationSessionContext/code> directive need to be
	      handled, use "true" as parameter here since the
	      SessionContext will always be included in the
	      ResourceAccessStatement.- Returns:
- Assertion
- Throws:
- SecurityTokenException- if the assertion could not be obtained
| 
 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||