Package org.apache.cxf.ws.security.trust

Class STSLoginModule

  • All Implemented Interfaces:
    LoginModule
    public class STSLoginModule
extends Object
implements LoginModule
    A JAAS LoginModule for authenticating a Username/Password to the STS. It can be configured either by specifying the various options (documented below) in the JAAS configuration, or else by picking up a CXF STSClient from the CXF bus (either the default one, or else one that has the same QName as the service name).

    • Field Detail

      • REQUIRE_ROLES

        public static final String REQUIRE_ROLES
        Whether we require roles or not from the STS. If this is not set then the WS-Trust validate binding is used. If it is set then the issue binding is used, where the Username + Password credentials are passed via "OnBehalfOf" (unless the DISABLE_ON_BEHALF_OF property is set to "true", see below). In addition, claims are added to the request for the standard "role" ClaimType.
        See Also:
        Constant Field Values

      • DISABLE_ON_BEHALF_OF

        public static final String DISABLE_ON_BEHALF_OF
        Whether to disable passing Username + Password credentials via "OnBehalfOf". If the REQUIRE_ROLES property (see above) is set to "true", then the Issue Binding is used and the credentials are passed via OnBehalfOf. If this (DISABLE_ON_BEHALF_OF) property is set to "true", then the credentials instead are passed through to the WS-SecurityPolicy layer and used depending on the security policy of the STS endpoint. For example, if the STS endpoint requires a WS-Security UsernameToken, then the credentials are inserted here.
        See Also:
        Constant Field Values

      • DISABLE_CACHING

        public static final String DISABLE_CACHING
        Whether to disable caching of validated credentials or not. The default is "false", meaning that caching is enabled. However, caching only applies when token transformation takes place, i.e. when the "require.roles" property is set to "true".
        See Also:
        Constant Field Values

      • KEY_SIZE

        public static final String KEY_SIZE
        The default key size to use if using the SymmetricKey KeyType. Defaults to 256.
        See Also:
        Constant Field Values

      • KEY_TYPE

        public static final String KEY_TYPE
        The key type to use. The default is the standard "Bearer" URI.
        See Also:
        Constant Field Values

      • TOKEN_TYPE

        public static final String TOKEN_TYPE
        The token type to use. The default is the standard SAML 2.0 URI.
        See Also:
        Constant Field Values

      • WS_TRUST_NAMESPACE

        public static final String WS_TRUST_NAMESPACE
        The WS-Trust namespace to use. The default is the WS-Trust 1.3 namespace.
        See Also:
        Constant Field Values

      • CXF_SPRING_CFG

        public static final String CXF_SPRING_CFG
        The location of a Spring configuration file that can be used to configure the STS client (for example, to configure the TrustStore if TLS is used). This is designed to be used if the service that is being secured is not CXF-based.
        See Also:
        Constant Field Values

    • Constructor Detail

      • STSLoginModule

        public STSLoginModule()