Skip to main content

AbstractOperation

Earlier in this chapter the STS provider framework in Apache CXF was introduced. A number of interfaces were defined for each of the operations that can be invoked on the STS. Before looking at the implementations of these interfaces that ship with the STS, we will look a base class that all of the operations extend, namely the AbstractOperation class. This class defines a number of properties that are shared with any subclasses, and can be accessed via set/get methods:

  • STSPropertiesMBean stsProperties - A configuration MBean that holds the configuration for the STS as a whole, such as information about the private key to use to sign issued tokens, etc.
  • boolean encryptIssuedToken - Whether to encrypt an issued token or not. The default is false.
  • List<ServiceMBean> services - A list of ServiceMBean objects, which correspond to "known" services.
  • List<TokenProvider> - A list of TokenProvider implementations to use to issue tokens.
  • boolean returnReferences - Whether to return SecurityTokenReference elements to the client or not, that point to the issued token. The default is true.
  • TokenStore tokenStore - A cache used to store/retrieve tokens.
  • List<TokenValidator> tokenValidators - A list of TokenValidator implementations to use to validate tokens.
  • ClaimsManager claimsManager - An object that is used to handle claims.

Several of the properties refer to issuing tokens - this is because this functionality is shared between the issuing and validating operations. At least one TokenProvider implementation must be configured, if the STS is to support issuing a token. Some of these properties have been discussed previously, for example the TokenStore cache covered earlier. This cache could be shared across a number of different operations, or else kept separate. AbstractOperation also contains some common functionality to parse requests, encrypt tokens, create references to return to the client, etc.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!