IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.wssecurity.wssapi.token
Interface SecurityContextToken13

All Superinterfaces:
SecurityToken

public interface SecurityContextToken13
extends SecurityToken

This interface is responsible for the security context token, <wsu:SecurityContextToken> element.
It is defined in the specifications of WS-SecureConvesation
Following is the sample code to get the security context token.

   String path = "service/uri"; // path of security token service
   WSSFactory factory = WSSFactory.getInstance();

   // generate the WSSGenerationContext and WSSConsumingContext objects 
   //           for request the security context token to the security token services.

   // configuration for a construction the message to request the security context token
   WSSGenerationContext gencontBootstrap = configureWSSGenerationContextForBootstrap();  
   // configuration for a validation the message containing the security context token
   WSSConsumingContext concontBootstrap = configureWSSConsumingContextForBootstrap(); 

   // configuration for a construction the message to send to the application
   WSSGenerationContext gencontApp = configureWSSGenerationContextForApplication();
   // configuration for a validation the message to be received from the application
   WSSConsumingContext concontApp = configureWSSConsumingContextForApplication();

   // create the security context tokens
   SCTGenerateCallbackHandler sctgch = new SCTGenerateCallbackHandler(gencontBootstrap, concontBootstrap, path, WSSEncryption.AES128);
   SecurityToken[] scts = factory.newSecurityTokens(new Class[] {SecurityContextToken13.class}, sctgch);
   SecurityContextToken13 sct = null;
   if(scts != null ){
      if(scts.length != 0) {
         sct = (SecurityContextToken13)scts[0];

         // renew the security context token
         sct.renew(gencontBootstrap, concontBootstrap);

        // validate the security context token
        boolean isvalidate = sct.validate(gencontapp, concontapp);


        //cancel the security context token
        sct.cancel(gencontapp, concontapp);

      }
    }
   
Notes: The specification describes the security token service provides some security context tokens. The current version provides the one security context token in a array of security token.

See Also:
DerivedKeyToken, SCTGenerateCallbackHandler, SCTConsumeCallbackHandler

Field Summary
static int STATUS_CANCELLED
          Represents that the security context token is canceled.
static int STATUS_ISSUED
          Represents that the security context token is issued.
static int STATUS_RENEWED
          Represents that the security context token is renewed.
static javax.xml.namespace.QName TokenQname
          Represents the QName of this class, <wsu:SecurityContextToken>.
static javax.xml.namespace.QName ValueType
          Represents the value type.
 
Fields inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
DECRYPTING_KEY, ENCRYPTING_KEY, REF_EMBEDDED, REF_KEYID, REF_STR, REF_THUMBPRINT, SIGNING_KEY, VERIFING_KEY
 
Method Summary
 void cancel()
          Cancels this security context token, terminating its use.
 void cancel(WSSGenerationContext gencont, WSSConsumingContext concont)
          Cancels this security context token, terminating its use.
 java.util.Date getCreation(java.lang.String instance)
          Returns the creation date of the instance.
 DerivedKeyToken getDerivedKeyToken(java.lang.String algorithm, java.lang.String clientLabel, java.lang.String serviceLabel)
          Retreives the derived key token related with this security context token.
 java.util.Date getExpiration(java.lang.String instance)
          Returns the expiration date of the instance.
 java.lang.String getIdentifier()
          Returns the value of <wsu:Identifier>.
 java.lang.String[] getInstances()
          Returns values of the <wsu:Instance>.
 int getStatus(java.lang.String instance)
          Returns the status of the instance.
 void renew()
          Renews this security context token with new expiration semantics.
 void renew(WSSGenerationContext gencont, WSSConsumingContext concont)
          Renews this security context token with new expiration semantics.
 boolean validate()
          Evaluates the validity of current this security context token.
 boolean validate(WSSGenerationContext gencont, WSSConsumingContext concont)
          Evaluates the validity of current security context token.
 
Methods inherited from interface com.ibm.websphere.wssecurity.wssapi.token.SecurityToken
getId, getKey, getKeyIdentifier, getKeyIdentifierEncodingType, getKeyIdentifierValueType, getKeyName, getPrincipal, getReferenceURI, getThumbprint, getThumbprintEncodingType, getThumbprintValueType, getTokenQname, getValueType, getXML
 

Field Detail

STATUS_ISSUED

static final int STATUS_ISSUED
Represents that the security context token is issued.

See Also:
Constant Field Values

STATUS_RENEWED

static final int STATUS_RENEWED
Represents that the security context token is renewed.

See Also:
Constant Field Values

STATUS_CANCELLED

static final int STATUS_CANCELLED
Represents that the security context token is canceled.

See Also:
Constant Field Values

TokenQname

static final javax.xml.namespace.QName TokenQname
Represents the QName of this class, <wsu:SecurityContextToken>.
NamespaceURI: "http://schemas.xmlsoap.org/ws/2005/02/sc"
LocalPart: "SecurityContextToken"


ValueType

static final javax.xml.namespace.QName ValueType
Represents the value type.
ValueType: "http://schemas.xmlsoap.org/ws/2005/02/sc/sct"

Method Detail

cancel

void cancel()
            throws WSSException
Cancels this security context token, terminating its use. It will invokes com.ibm.security.trust10.client.STSRequestorFactory.cancel(java.lang.Object service).

Throws:
WSSException - if the security context token is not canceled

cancel

void cancel(WSSGenerationContext gencont,
            WSSConsumingContext concont)
            throws WSSException
Cancels this security context token, terminating its use.

Parameters:
gencont - WS-Security configuration of canceling the security context token to the security token service
concont - WS-Security configuration of canceling the security context token to the security token service
Throws:
WSSException - if the security context token is not canceled.

validate

boolean validate()
                 throws WSSException
Evaluates the validity of current this security context token.

Returns:
true if it is valid.
false if it is invalid.
Throws:
WSSException - if the security context token is not validated.

validate

boolean validate(WSSGenerationContext gencont,
                 WSSConsumingContext concont)
                 throws WSSException
Evaluates the validity of current security context token.

Parameters:
gencont - WS-Security configuration of canceling the security context token to the security token service
concont - WS-Security configuration of canceling the security context token to the security token service
Returns:
true if it is valid.
false if it is invalid.
Throws:
WSSException - if the security context token is not validated.

renew

void renew()
           throws WSSException
Renews this security context token with new expiration semantics.

Throws:
WSSException - if the the security context token is not recreated

renew

void renew(WSSGenerationContext gencont,
           WSSConsumingContext concont)
           throws WSSException
Renews this security context token with new expiration semantics.

Parameters:
gencont - WS-Security configuration of canceling the security context token to the security token service
concont - WS-Security configuration of canceling the security context token to the security token service
Throws:
WSSException - if the security context token is not recreated.

getDerivedKeyToken

DerivedKeyToken getDerivedKeyToken(java.lang.String algorithm,
                                   java.lang.String clientLabel,
                                   java.lang.String serviceLabel)
                                   throws WSSException
Retreives the derived key token related with this security context token.

Parameters:
algorithm - to use for generating the derived key
label - to use for generating the derived key
Returns:
derived key token
Throws:
WSSException - if the derived key is not created

getIdentifier

java.lang.String getIdentifier()
Returns the value of <wsu:Identifier>.

Returns:
value of the identifier

getInstances

java.lang.String[] getInstances()
Returns values of the <wsu:Instance>.

Returns:
all of instance names

getCreation

java.util.Date getCreation(java.lang.String instance)
Returns the creation date of the instance.

Parameters:
instance - instance
Returns:
the creation date

getExpiration

java.util.Date getExpiration(java.lang.String instance)
Returns the expiration date of the instance.

Parameters:
instance - instance
Returns:
the expiration date

getStatus

int getStatus(java.lang.String instance)
Returns the status of the instance. It will return the STATUS_ISSUED, STATUS_RENEWED, or STATUS_CANCELLED.

Parameters:
instance - instance
Returns:
status

IBM WebSphere Application ServerTM
Release 8