Package org.apache.cxf.ws.security.trust

Class STSTokenValidator

  • All Implemented Interfaces:
    Validator
    public class STSTokenValidator
extends Object
implements Validator
    A WSS4J-based Validator to validate a received WS-Security credential by dispatching it to a STS via WS-Trust. The default binding is "validate", but "issue" is also possible by setting the "useIssueBinding" property. In this case, the credentials are sent via "OnBehalfOf" unless the "useOnBehalfOf" property is set to "false", in which case the credentials are used depending on the security policy of the STS endpoint (e.g. in a UsernameToken if this is what the policy requires). Setting "useOnBehalfOf" to "false" + "useIssueBinding" to "true" only works for validating UsernameTokens.

    • Constructor Detail

      • STSTokenValidator

        public STSTokenValidator()

      • STSTokenValidator

        public STSTokenValidator​(boolean alwaysValidateToSts)
        Construct a new instance.
        Parameters:
        alwaysValidateToSts - whether to always validate the token to the STS

    • Method Detail

      • validate

        public Credential validate​(Credential credential,
                           RequestData data)
                    throws WSSecurityException
        Description copied from interface: Validator
        Validate the credential argument. This method returns a Credential instance that represents the validated credential. This instance can be the same as the instance that was validated, or it can represent some transformation of the initial Credential instance.
        Specified by:
        validate in interface Validator
        Parameters:
        credential - the Credential to be validated
        data - the RequestData associated with the request
        Returns:
        a validated Credential
        Throws:
        WSSecurityException - on a failed validation

      • isUseIssueBinding

        public boolean isUseIssueBinding()

      • setUseIssueBinding

        public void setUseIssueBinding​(boolean useIssueBinding)

      • isUseOnBehalfOf

        public boolean isUseOnBehalfOf()

      • setUseOnBehalfOf

        public void setUseOnBehalfOf​(boolean useOnBehalfOf)

      • getStsClient

        public STSClient getStsClient()

      • setStsClient

        public void setStsClient​(STSClient stsClient)

      • getTokenStore

        public TokenStore getTokenStore()

      • setTokenStore

        public void setTokenStore​(TokenStore tokenStore)

      • isDisableCaching

        public boolean isDisableCaching()

      • setDisableCaching

        public void setDisableCaching​(boolean disableCaching)