Package org.forgerock.openam.sts.soap.token.validator.wss

The classes in this package relate to token validation in the context of WS-SecurityPolicy binding.

See: Description

Interface Summary

Interface	Description
WSSValidatorFactory	Defines the functionality necessary to produce instances of the org.apache.ws.security.validate.Validator instances necessary to perform validation of the SupportingTokens specified in the SecurityPolicy bindings protecting soap-sts instances.

Class Summary

Class	Description
OpenAMWSSUsernameTokenValidator	The org.apache.cxf.sts.token.validator.UsernameTokenValidator class ultimately calls a org.apache.ws.security.validate.Validator instance (set via a setter) to perform the actual token validation.
SoapCertificateTokenValidator	This class extends the Apache WSS4j TokenValidator deployed by Apache CXF to validate x509 tokens presented as part of consuming an STS instance protected by SecurityPolicy bindings specifying an x509 Certificate which serves to identify the client (examples 2.2.2, and 2.2.4 of http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html) In these cases, the presented x509Certificate[] must be validated with OpenAM so that an OpenAM session token can be generated as the basis of the identity asserted in a generated token.
WSSValidatorFactoryImpl

Package org.forgerock.openam.sts.soap.token.validator.wss Description

The classes in this package relate to token validation in the context of WS-SecurityPolicy binding. They validate the SupportingTokens specified in SecurityPolicy bindings. Note that OpenAMSessionAssertions are not handled here, as they are a custom token implementation, and thus cannot be handled by the cxf/wss4j token validator plugin framework. The classes in this package are the actual org.apache.ws.security.validate.Validator implementations (usually via extensions of existing, standard token validators in the org.apache.ws.security.validate package), and the factory interface/impl which is consulted to produce instances of the Validator implementations to plug into the wss4j runtime when a soap-sts instance is exposed as a web-service.