electric.soap.security.tokens
Class UsernameToken

java.lang.Object
  electric.soap.security.tokens.SecurityToken
      electric.soap.security.tokens.UsernameToken

All Implemented Interfaces:

IWSSConstants

public class UsernameToken

extends SecurityToken

implements IWSSConstants

UsernameToken provides a way to attach a username/password pair to a SOAP message. This class implements portions of the WS-Security addendum extensions.

Author:

webMethods

Field Summary

protected java.lang.String	created
protected java.lang.String	digestedPassword
protected java.lang.String	nonce
protected java.lang.String	nonceEncoding
protected java.lang.String	password
protected java.lang.String	passwordType
protected boolean	useNonce
protected java.lang.String	username
protected boolean	useTimestamp

Fields inherited from class electric.soap.security.tokens.SecurityToken

id

Fields inherited from interface electric.soap.security.IWSSConstants

PASSWORD_DIGEST, PASSWORD_TEXT, SECURITY, SECURITY_TOKEN_REFERENCE, URI_ATTRIBUTE, WSSE_NAMESPACE, WSSE_PREFIX, WSU_NAMESPACE, WSU_PREFIX, X509_ENCODING_TYPE

Constructor Summary

UsernameToken()
Create a new token with username and password both null, and the passwordType defaulted to PASSWORD_TEXT.

UsernameToken(java.lang.String username, java.lang.String password)
Create a new token with the given username and password.

UsernameToken(java.lang.String username, java.lang.String password, java.lang.String passwordType)

UsernameToken(java.lang.String username, java.lang.String password, java.lang.String passwordType, boolean useNonce)
Create a new token with the given username, password, and the password type.

Method Summary

static java.lang.String	digestPassword(java.lang.String plainText, java.lang.String nonce, java.lang.String created) Digest and hash the password as specified in the WS-Security spec.
java.lang.String	getCreated()
java.lang.String	getDigestedPassword() Return the digested password.
Element	getElement() Create a WS-Security style XML element based on the current token settings.
java.lang.String	getNonce() For details, see the WS-Security addendum.
java.lang.String	getPassword()
java.lang.String	getPasswordType()
java.lang.String	getUsername()
void	init()
boolean	isUseNonce() See the WS-Security addendum for details of the use of nonces for hashing passowords.
void	setCreated(java.lang.String created)
void	setElement(Element token) Fill in the filelds of this token from the given WS-Security compliant XML Element.
void	setNonce(java.lang.String nonce) The nonce can be set explicitly, if not set it will be generated.
void	setPassword(java.lang.String password)
void	setPasswordType(java.lang.String passwordType) Either PASSWORD_TEXT or PASSWORD_DIGEST
void	setUseNonce(boolean useNonce) Use the WS-Security Addendum nonce capability.
void	setUsername(java.lang.String username)
java.lang.String	toString()

Methods inherited from class electric.soap.security.tokens.SecurityToken

getId, setId

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

username

protected java.lang.String username

password

protected java.lang.String password

passwordType

protected java.lang.String passwordType

digestedPassword

protected java.lang.String digestedPassword

nonce

protected java.lang.String nonce

nonceEncoding

protected java.lang.String nonceEncoding

created

protected java.lang.String created

useNonce

protected boolean useNonce

useTimestamp

protected boolean useTimestamp

Constructor Detail

UsernameToken

public UsernameToken()

Create a new token with username and password both null, and the passwordType defaulted to PASSWORD_TEXT.

UsernameToken

public UsernameToken(java.lang.String username,
                     java.lang.String password)

Create a new token with the given username and password. The passwordType defaults to PASSWORD_TEXT.

Parameters:

username -

password -

UsernameToken

public UsernameToken(java.lang.String username,
                     java.lang.String password,
                     java.lang.String passwordType)

Parameters:

username -

password -

passwordType -

UsernameToken

public UsernameToken(java.lang.String username,
                     java.lang.String password,
                     java.lang.String passwordType,
                     boolean useNonce)

Create a new token with the given username, password, and the password type. If the passwordType is PASSWORD_DIGEST, then the given password is hashed and base64 encoded before being assigned.

Parameters:

username -

password -

Method Detail

init

public void init()

getElement

public Element getElement()

Create a WS-Security style XML element based on the current token settings.

Specified by:

getElement in class SecurityToken

Returns:

A newly created security token.

setElement

public void setElement(Element token)
                throws java.lang.IllegalArgumentException

Fill in the filelds of this token from the given WS-Security compliant XML Element.

Specified by:

setElement in class SecurityToken

Parameters:

token - The WS-Security XML Representation of a UsernameToken

Throws:

java.lang.IllegalArgumentException - if token is not a valid UsernameToken

setUsername

public void setUsername(java.lang.String username)

Parameters:

username -

getUsername

public java.lang.String getUsername()

Returns:

username

getPassword

public java.lang.String getPassword()

Returns:

password

setPassword

public void setPassword(java.lang.String password)

Parameters:

password -

getPasswordType

public java.lang.String getPasswordType()

Returns:

the password type (wsse:PasswordText, wsse:PasswordDigest or wsse:PasswordText)

setPasswordType

public void setPasswordType(java.lang.String passwordType)

Either PASSWORD_TEXT or PASSWORD_DIGEST

Parameters:

passwordType -

getDigestedPassword

public java.lang.String getDigestedPassword()

Return the digested password. If not set, it will be calculated.

Returns:

the hashed/digested password.

digestPassword

public static java.lang.String digestPassword(java.lang.String plainText,
                                              java.lang.String nonce,
                                              java.lang.String created)

Digest and hash the password as specified in the WS-Security spec. Section 4.1 : The digest of the password for the username. The value is a base64-encoded SHA1 hash value of the UTF8-encoded password.

Parameters:

plainText - password.

Returns:

base64-encoded digest of the password.

getNonce

public java.lang.String getNonce()

For details, see the WS-Security addendum.

Returns:

the current nonce.

setNonce

public void setNonce(java.lang.String nonce)

The nonce can be set explicitly, if not set it will be generated.

Parameters:

nonce -

isUseNonce

public boolean isUseNonce()

See the WS-Security addendum for details of the use of nonces for hashing passowords.

Returns:

true if a hashed password should use a nonce.

setUseNonce

public void setUseNonce(boolean useNonce)

Use the WS-Security Addendum nonce capability.

Parameters:

useNonce -

getCreated

public java.lang.String getCreated()

Returns:

creation timestamp.

setCreated

public void setCreated(java.lang.String created)

Parameters:

created -

toString

public java.lang.String toString()

Returns:

string representation of this token, for debugging.