Package org.forgerock.openam.sts.soap

Class SoapSTSConsumerCallbackHandler

  • All Implemented Interfaces:
    CallbackHandler
    public class SoapSTSConsumerCallbackHandler
extends Object
implements CallbackHandler
    The CallbackHandler which supports all of the possible Callback types required by the SoapSTSConsumer. This CallbackHandler is invoked by the CXF STS client encapsulated within the SoapSTSConsumer to provide password state required from within the CXF STS client runtime. The cases are as follow: 1. OpenAMSessionTokenCallback instances, in order to set the OpenAM session id necessary to consume sts instances protected by an OpenAMSessionToken Assertion. Consumed by the OpenAMSessionTokenClientAssertionBuilder. 2. org.apache.ws.security.WSPasswordCallback instances, with DECRYPT and SIGNATURE usages, to set the KeyStore password corresponding to the KeyStore alias necessary to decrypt and sign messages. Necessary for the asymmetric binding, when messages from client to server must be signed by the client's private key, and where messages from server to client are encrypted with the client's public key. 3. org.apache.ws.security.WSPasswordCallback instances, with USERNAME_TOKEN usage, to provide the password set in the UsernameTokens created to consume soap-sts instances protected by SecurityPolicy bindings specifying UsernameToken SupportingTokens. Will provide the password corresponding to the usernameTokenUsername parameter below. Most soap-sts consumers will only use a subset of this functionality, but this CallbackHandler is provided as an example of how to satisfy the various Callback scenarios.