public class OpenAMSessionAssertion
extends org.apache.wss4j.policy.model.AbstractToken
| Constructor and Description |
|---|
OpenAMSessionAssertion(org.apache.wss4j.policy.SPConstants.SPVersion version,
org.apache.wss4j.policy.SPConstants.IncludeTokenType includeTokenType,
Element nestedPolicy,
String sessionId) |
| Modifier and Type | Method and Description |
|---|---|
protected org.apache.wss4j.policy.model.AbstractSecurityAssertion |
cloneAssertion(org.apache.neethi.Policy nestedPolicy) |
QName |
getName() |
Element |
getTokenElement()
Called by the OpenAMSessionTokenClientInterceptor to obtain the xml defining the BinarySecurityToken encapsulating
the OpenAMSessionToken to be included in the STS invocation.
|
void |
serialize(XMLStreamWriter writer) |
equals, getClaims, getDerivedKeys, getIncludeTokenType, getIssuer, getIssuerName, getParentAssertion, getPolicy, hashCode, normalize, setClaims, setDerivedKeys, setIncludeTokenType, setIssuer, setIssuerName, setParentAssertionclone, equal, getType, getVersion, isAsserted, isIgnorable, isNormalized, isOptional, normalize, serialize, setIgnorable, setOptionalpublic OpenAMSessionAssertion(org.apache.wss4j.policy.SPConstants.SPVersion version,
org.apache.wss4j.policy.SPConstants.IncludeTokenType includeTokenType,
Element nestedPolicy,
String sessionId)
version - Constant indicating what SecurityPolicy version is being used(1.1 vs. 1.2). I believe that it is
used to distinguish different QNames for different constructs in different versionsincludeTokenType - The SecurityPolicy specification of when to include the token - e.g. always, never,
always-to-recipient, etc.nestedPolicy - The policy element nested within the OpenAM Session assertion. WS-SecurityPolicy nests policies
within policies, and the nested policies qualify the enclosing policy. For the OpenAM session assertion,
the nested policy is empty, but must be present in the SecurityPolicy binding, as the cxf runtime
expects this nested policy element. Could be used to specify the version of the assertion, as is
done for Username tokens.sessionId - The OpenAM session id. When the OpenAMSessionAssertion builder constructs the OpenAMSessionAssertion,
it will set the sessionId. This sessionId will be specified by the client and set by the
OpenAMSessionTokenClientAssertionBuilder, and pulled from the BinarySecurityToken element which
encapsulates this sessionId when it arrives at the targeted sts.public QName getName()
public void serialize(XMLStreamWriter writer) throws XMLStreamException
serialize in interface org.apache.neethi.Assertionserialize in interface org.apache.neethi.PolicyComponentserialize in class org.apache.wss4j.policy.model.AbstractTokenXMLStreamExceptionThis method is not called as part of the OpenAMSessionTokenClientInterceptor to include this class' state in the
xml infoset (getTokenElement below is called instead), but rather seems to be called by classes in the
org.apache.cxf.ws.security.policy.model packages, such as InitiatorToken, ProtectionToken,
SupportingToken(signed and/or encrypted incarnation), RecipientSignatureToken, etc. However, it does not appear
that this method is ever called. See
http://cxf.547215.n5.nabble.com/Custom-SecurityPolicy-Assertions-and-the-Symmetric-binding-td5754879.html#a5755303
for details. I will leave the current implementation as purpose/invocation seems to be somewhat unknown, even to
the author of the cxf sts, and the wss4j lead. Note that it is not invoked to actually include a token in an
XML infoset, but rather write the SecurityPolicy elements corresponding to this token type. It is (probably)
not called because the SecurityPolicy in the wsdl is consulted directly.public Element getTokenElement()
protected org.apache.wss4j.policy.model.AbstractSecurityAssertion cloneAssertion(org.apache.neethi.Policy nestedPolicy)
cloneAssertion in class org.apache.wss4j.policy.model.AbstractSecurityAssertionCopyright © 2010–2025 Open Identity Platform Community. All rights reserved.