public abstract class AbstractStsRealm extends org.apache.shiro.realm.AuthenticatingRealm implements STSClientConfiguration
Modifier and Type | Class and Description |
---|---|
protected static class |
AbstractStsRealm.STSCredentialsMatcher
Credentials matcher class that ensures the AuthInfo received from the STS matches the AuthToken
|
Modifier and Type | Field and Description |
---|---|
protected org.apache.cxf.Bus |
bus |
Constructor and Description |
---|
AbstractStsRealm() |
Modifier and Type | Method and Description |
---|---|
protected org.apache.cxf.ws.security.trust.STSClient |
configureStsClient()
Helper method to setup STS Client.
|
protected Element |
createClaimsElement()
Create the claims element with the claims provided in the STS client configuration in the admin
console.
|
protected org.apache.shiro.authc.AuthenticationInfo |
doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token)
Perform authentication based on the supplied token.
|
String |
getAddress()
Retrieves the address of the STS server.
|
String |
getAssertionType()
Retrieves the assertion type that should be requested from the STS.
|
protected org.apache.cxf.Bus |
getBus()
Helper method to setup STS Client.
|
List<String> |
getClaims()
Retrieves the list of claims that should be requested from the STS.
|
ContextPolicyManager |
getContextPolicyManager() |
String |
getEncryptionProperties()
Per WS-Security Policy:
|
String |
getEncryptionUsername()
Per WS-Security Policy:
|
String |
getEndpointName()
Retrieves the endpoint name of the STS service.
|
String |
getKeySize()
Retrieves the size of the key that should be used.
|
String |
getKeyType()
Retrieves the key type that should be used when communicating with the STS.
|
String |
getPassword()
Retrieves the password for the associated username set in
#setUsername() |
String |
getServiceName()
Retrieves the service name of the STS service.
|
String |
getSignatureProperties()
Per WS-Security Policy:
|
String |
getSignatureUsername()
Per WS-Security Policy:
|
String |
getTokenProperties()
Per WS-Security Policy:
|
String |
getTokenUsername()
Per WS-Security Policy:
|
Boolean |
getUseKey()
Flags whether or not to supply a key in the request.
|
String |
getUsername()
Retrieves the user's name for performing operations on the STS.
|
protected org.apache.cxf.ws.security.tokenstore.SecurityToken |
renewSecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken securityToken)
Renew a security token (SAML assertion) from the STS.
|
protected org.apache.cxf.ws.security.tokenstore.SecurityToken |
requestSecurityToken(Object authToken)
Request a security token (SAML assertion) from the STS.
|
void |
setAddress(String address)
Sets the address of the STS server.
|
void |
setAssertionType(String assertionType)
Sets the assertion type that should be requested from the STS.
|
void |
setClaims(List<String> claims)
Sets the claim list with the incoming list.
|
void |
setClaims(String claimsListAsString)
Sets the claim list with the incoming comma-delimieted string of URI values.
|
void |
setContextPolicyManager(ContextPolicyManager contextPolicyManager) |
void |
setEncryptionProperties(String encryptionProperties)
Sets the location of the encryption properties file.
|
void |
setEncryptionUsername(String encryptionUsername)
Sets the user's name for encryption.
|
void |
setEndpointName(String endpointName)
Sets the endpoint name of the STS service.
|
void |
setKeySize(String keySize)
Sets the size of the key that should be used.
|
void |
setKeyType(String keyType)
Sets the key type that should be used when communicating with the STS.
|
void |
setPassword(String password)
Sets the password for the current user.
|
void |
setServiceName(String serviceName)
Sets the service name of the STS service.
|
void |
setSignatureProperties(String signatureProperties)
Sets the location of the signature properties file.
|
void |
setSignatureUsername(String signatureUsername)
Sets the user's signature name.
|
void |
setTokenProperties(String tokenProperties)
Sets the location of the token properties file.
|
void |
setTokenUsername(String tokenUsername)
Sets the alias name for the user's public key.
|
void |
setUseKey(Boolean useKey)
Sets whether or not to supply a key in the request.
|
void |
setUsername(String username)
Sets the user's name to use for performing STS operations.
|
protected abstract boolean |
shouldHandleWss() |
boolean |
supports(org.apache.shiro.authc.AuthenticationToken token)
Determine if the supplied token is supported by this realm.
|
afterCacheManagerSet, assertCredentialsMatch, clearCachedAuthenticationInfo, doClearCache, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, onInit, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, setName
public ContextPolicyManager getContextPolicyManager()
public void setContextPolicyManager(ContextPolicyManager contextPolicyManager)
public boolean supports(org.apache.shiro.authc.AuthenticationToken token)
supports
in interface org.apache.shiro.realm.Realm
supports
in class org.apache.shiro.realm.AuthenticatingRealm
protected abstract boolean shouldHandleWss()
protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token)
doGetAuthenticationInfo
in class org.apache.shiro.realm.AuthenticatingRealm
protected org.apache.cxf.ws.security.tokenstore.SecurityToken requestSecurityToken(Object authToken)
authToken
- The subject the security token is being request for.protected org.apache.cxf.ws.security.tokenstore.SecurityToken renewSecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken securityToken)
securityToken
- The token being renewed.protected org.apache.cxf.Bus getBus()
protected org.apache.cxf.ws.security.trust.STSClient configureStsClient()
protected Element createClaimsElement()
public String getAddress()
STSClientConfiguration
getAddress
in interface STSClientConfiguration
public void setAddress(String address)
STSClientConfiguration
setAddress
in interface STSClientConfiguration
address
- String-based URL of the STS endpoint with no "WSDL" on the end.public String getEndpointName()
STSClientConfiguration
Default is {http://docs.oasis-open.org/ws-sx/ws-trust/200512/}STS_Port
getEndpointName
in interface STSClientConfiguration
public void setEndpointName(String endpointName)
STSClientConfiguration
setEndpointName
in interface STSClientConfiguration
endpointName
- String-based endpoint name.public String getServiceName()
STSClientConfiguration
Default is {http://docs.oasis-open.org/ws-sx/ws-trust/200512/} SecurityTokenService
getServiceName
in interface STSClientConfiguration
public void setServiceName(String serviceName)
STSClientConfiguration
setServiceName
in interface STSClientConfiguration
serviceName
- String-based service namepublic String getUsername()
STSClientConfiguration
getUsername
in interface STSClientConfiguration
public void setUsername(String username)
STSClientConfiguration
setUsername
in interface STSClientConfiguration
public String getPassword()
STSClientConfiguration
#setUsername()
getPassword
in interface STSClientConfiguration
public void setPassword(String password)
STSClientConfiguration
setPassword
in interface STSClientConfiguration
public String getSignatureUsername()
STSClientConfiguration
The user's name for signature. It is used as the alias name in the keystore to get the user's cert and private key for signature.
getSignatureUsername
in interface STSClientConfiguration
public void setSignatureUsername(String signatureUsername)
STSClientConfiguration
setSignatureUsername
in interface STSClientConfiguration
public String getSignatureProperties()
STSClientConfiguration
Location of the crypto property configuration to use for signature.
getSignatureProperties
in interface STSClientConfiguration
public void setSignatureProperties(String signatureProperties)
STSClientConfiguration
setSignatureProperties
in interface STSClientConfiguration
public String getEncryptionUsername()
STSClientConfiguration
The user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption.
getEncryptionUsername
in interface STSClientConfiguration
public void setEncryptionUsername(String encryptionUsername)
STSClientConfiguration
setEncryptionUsername
in interface STSClientConfiguration
public String getEncryptionProperties()
STSClientConfiguration
Location of the crypto property configuration to use for encryption.
getEncryptionProperties
in interface STSClientConfiguration
public void setEncryptionProperties(String encryptionProperties)
STSClientConfiguration
setEncryptionProperties
in interface STSClientConfiguration
public String getTokenUsername()
STSClientConfiguration
The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case.
getTokenUsername
in interface STSClientConfiguration
public void setTokenUsername(String tokenUsername)
STSClientConfiguration
setTokenUsername
in interface STSClientConfiguration
public String getTokenProperties()
STSClientConfiguration
Location of the crypto property configuration used by the STSClient to send/process any RSA/DSAKeyValue tokens used if the KeyType is "PublicKey".
getTokenProperties
in interface STSClientConfiguration
public void setTokenProperties(String tokenProperties)
STSClientConfiguration
setTokenProperties
in interface STSClientConfiguration
public List<String> getClaims()
STSClientConfiguration
getClaims
in interface STSClientConfiguration
public void setClaims(List<String> claims)
STSClientConfiguration
setClaims
in interface STSClientConfiguration
public void setClaims(String claimsListAsString)
STSClientConfiguration
setClaims
in interface STSClientConfiguration
public String getAssertionType()
STSClientConfiguration
getAssertionType
in interface STSClientConfiguration
public void setAssertionType(String assertionType)
STSClientConfiguration
setAssertionType
in interface STSClientConfiguration
public String getKeyType()
STSClientConfiguration
getKeyType
in interface STSClientConfiguration
public void setKeyType(String keyType)
STSClientConfiguration
setKeyType
in interface STSClientConfiguration
public String getKeySize()
STSClientConfiguration
getKeySize
in interface STSClientConfiguration
public void setKeySize(String keySize)
STSClientConfiguration
setKeySize
in interface STSClientConfiguration
public Boolean getUseKey()
STSClientConfiguration
getUseKey
in interface STSClientConfiguration
public void setUseKey(Boolean useKey)
STSClientConfiguration
setUseKey
in interface STSClientConfiguration
This work is licensed under a Creative Commons Attribution 4.0 International License.