ActAs - 8.0

Talend ESB Service Developer Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Last publication date
2023-11-06

The ActAs capability allows an initiator to request a security token that allows it to act as if it were somebody else. This capability becomes important in composite services where intermediate services make additional requests on-behalf of the true initiator. In this scenario, the relying party (the final destination of an indirect service request) may require information about the true origin of the request. The ActAs capability allows an intermediary to request a token that can convey this information.

The content of the ActAs element to be sent in the STS RequestSecurityToken call can be set in one of two ways:

  • By specifying a value for the JAX-WS property SecurityConstants.STS_TOKEN_ACT_AS ("ws-security.sts.token.act-as")

  • By specifying a value for the STSClient.actAs property.

For either case, the value can be one of the following:

  • A String

  • A DOM Element

  • A CallbackHandler object to use to obtain the token

For example, the following code fragment demonstrates how to use an interceptor to dynamically set the content of the ActAs element in the STS RST. Note that this interceptor is applied to the secured client, the initiator, and not to the STSClient's interceptor chain.

public class ActAsOutInterceptor extends 
   AbstractPhaseInterceptor<Message> {
   
   ActAsOutInterceptor () {
      // This can be in any stage before the WS-SP interceptors
      // setup the STS client and issued token interceptor.
      super(Phase.SETUP);
   }

   @Override
   public void handleMessage(Message message) throws Fault {
      message.put(SecurityConstants.STS_TOKEN_ACT_AS, ...);
   }
}

Alternatively, the ActAs content may be set directly on the STS as shown below.

<bean name="{http://cxf.apache.org/}TestEndpoint.sts-client" 
   class="org.apache.cxf.ws.security.trust.STSClient" abstract="true">
   <property name="wsdlLocation" value="WSDL/wsdl/trust.wsdl"/>
   <property name="serviceName" value=
      "{http://cxf.apache.org/securitytokenservice}SecurityTokenService"/>
   <property name="endpointName" value=
      "{http://cxf.apache.org/securitytokenservice}SecurityTokenEndpoint"/>
   <property name="actAs" value="..."/>
   <property name="properties">
      <map>
         ...
      </map>
   </property>
</bean>