1) The TokenCanceller interface
SecurityTokens are cancelled in the STS via the TokenCanceller interface. This interface is very similar to the TokenProvider and TokenValidator interfaces. It contains three methods:
- void setVerifyProofOfPossession(boolean verifyProofOfPossession) - Whether to enable or disable proof-of-possession verification.
- boolean canHandleToken(ReceivedToken cancelTarget) - Whether this TokenCanceller implementation can cancel the given token
- TokenCancellerResponse cancelToken(TokenCancellerParameters tokenParameters) - Cancel a token using the given parameters
2) TokenCancellerParameters and TokenCancellerResponse
The TokenCancellerParameters class is nothing more than a collection of configuration properties to use in cancelling the token, which are populated by the STS operations using information collated from the request, or static configuration, etc. The properties of the TokenCancellerParameters are:
- STSPropertiesMBean stsProperties - A configuration MBean that holds the configuration for the STS as a whole.
- Principal principal - The current client Principal object
- WebServiceContext webServiceContext - The current web service context object. This allows access to the client request.
- KeyRequirements keyRequirements - A set of configuration properties relating to keys. This will be covered later.
- TokenRequirements tokenRequirements - A set of configuration properties relating to the token. This will be covered later.
- STSTokenStore tokenStore - A cache used to retrieve tokens.
- boolean tokenCancelled - Whether the token was cancelled or not.
The STS ships with a single implementation of the TokenCanceller interface, namely the SCTCanceller. The SCTCanceller is used to cancel a token known as a SecurityContextToken, that is defined in the WS-SecureConversation specification. The SCTProvider and the SCTValidator were covered previously. A SecurityContextToken essentially consists of a String Identifier which is associated with a particular secret key. The SCTCanceller can cancel a SecurityContextToken in either of the following namespaces:
3.1) Enforcing proof-of-possession
Recall that the TokenCanceller interface has a method "setVerifyProofOfPossession" which defines whether proof-of-possession is required or not to cancel a security token. The default value for the SCTCanceller is "true". This means that for the client to successfully cancel a SecurityContextToken it must prove to the STS that it knows the secret key associated with that SecurityContextToken. The client must do this by signing some portion of the request with the same secret key that the SCTCanceller retrieves from the security token stored in the cache.