Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

electric.soap.security.authenticators
Class X509Authenticator

java.lang.Object
  extended byelectric.soap.security.authenticators.X509Authenticator
All Implemented Interfaces:
IEXMLLoggingConstants, IGLUELoggingConstants, ILoggingConstants, IWSSAuthenticator
public class X509Authenticator
extends java.lang.Object
implements IWSSAuthenticator, IGLUELoggingConstants

X509Authenticator checks each WS-Security X509 token in a message and determines if the certificate is tructed according to whether a particular keystore contains a copy of the certificate. Since there's no way to compare keystores for equality, we use the URL of the keystore as a unique id. This isn't always true, but shoudl be ok since we only need to do the comparison during startup. Better solution: switch over to Certificate IRealms.

Author:
webMethods

Field Summary
 
Fields inherited from interface electric.glue.IGLUELoggingConstants
CLUSTER_DEBUG_EVENT, CLUSTER_EVENT, CONSOLE_DEBUG_EVENT, DEPLOY_EVENT, DETECTORS_EVENT, HTTP_EVENT, JMS_EVENT, REBINDING_EVENT, SECURITY_DEBUG_EVENT, SECURITY_DETAIL_EVENT, SERVLET_EVENT, SOAP_EVENT
 
Fields inherited from interface electric.xml.IEXMLLoggingConstants
MAPPING_EVENT, SCHEMA_EVENT
 
Fields inherited from interface electric.util.log.ILoggingConstants
CLASSLOADER_EVENT, COMMAND_EVENT, COMMENT_EVENT, CONFIG_EVENT, DEBUG_EVENT, ELECTRIC_LOGGING_PROPERTY, ERROR_EVENT, EXCEPTION_EVENT, FILE_EVENT, LICENSE_EVENT, RESOURCES_EVENT, SECURITY_EVENT, SHUTDOWN_EVENT, SOURCE_EVENT, SQL_EVENT, STARTUP_EVENT, WARNING_EVENT
 
Constructor Summary
X509Authenticator(java.security.KeyStore trustStore)
          Create a new authenticator that that acts as a guard and requires that every certificate in the messages is trusted.
X509Authenticator(java.security.KeyStore trustStore, boolean actAsGuard)
          Create a new authenticator that may acts as a guard according to the actAsGuard argument.
X509Authenticator(java.security.KeyStore trustStore, java.lang.String trustStoreURL)
          Create a new authenticator that that acts as a guard and requires that every certificate in the messages is trusted.
 
Method Summary
 boolean authenticate(SOAPMessage message, java.util.Vector tokenList, java.util.Vector principalList)
          Authenticate the X509 certificates in the token list against a keystore containing the trusted certificates.
 java.security.KeyStore getTrustStore()
          Return the key store that contains the trusted certificates.
 java.lang.String getTrustStoreURL()
          Return the location of the trust store.
protected  java.lang.String isTrusted(X509v3SecurityToken token)
          Test if the given x509 certificate token is in our truststore, if it is, return the associated alias, otherwise return null.
 void setTrustStore(java.security.KeyStore trustStore, java.lang.String trustStoreURL)
          Set the key store that contains the trusted certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X509Authenticator

public X509Authenticator(java.security.KeyStore trustStore)
Create a new authenticator that that acts as a guard and requires that every certificate in the messages is trusted.

Parameters:
trustStore -

X509Authenticator

public X509Authenticator(java.security.KeyStore trustStore,
                         java.lang.String trustStoreURL)
Create a new authenticator that that acts as a guard and requires that every certificate in the messages is trusted.

Parameters:
trustStore -

X509Authenticator

public X509Authenticator(java.security.KeyStore trustStore,
                         boolean actAsGuard)
Create a new authenticator that may acts as a guard according to the actAsGuard argument.

Parameters:
trustStore - KeyStore that contiains authorized certificates
actAsGuard - true if this authenticator should behave as a guard
Method Detail

getTrustStore

public java.security.KeyStore getTrustStore()
Return the key store that contains the trusted certificates.

Returns:
a key store that contains trusted certificates.

setTrustStore

public void setTrustStore(java.security.KeyStore trustStore,
                          java.lang.String trustStoreURL)
Set the key store that contains the trusted certificates.

Parameters:
trustStore -
trustStoreURL -

getTrustStoreURL

public java.lang.String getTrustStoreURL()
Return the location of the trust store.

Returns:
location of the trust store.

authenticate

public boolean authenticate(SOAPMessage message,
                            java.util.Vector tokenList,
                            java.util.Vector principalList)
Authenticate the X509 certificates in the token list against a keystore containing the trusted certificates.

Specified by:
authenticate in interface IWSSAuthenticator
Parameters:
message -
tokenList -
principalList -
Returns:
authorization

isTrusted

protected java.lang.String isTrusted(X509v3SecurityToken token)
Test if the given x509 certificate token is in our truststore, if it is, return the associated alias, otherwise return null.

Parameters:
token - a token containing an X509 certificate
Returns:
the certificate's alias in our truststore, or null
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
copyright© 2001-2004 by webMethods All Rights Reserved.