com.ibm.websphere.security
Class WSSecurityHelper
- java.lang.Object
com.ibm.websphere.security.WSSecurityHelper
- public final class WSSecurityHelper
- extends java.lang.Object
This class is for generic Websphere security helper methods.
Constructor Summary
Constructor and Description |
---|
WSSecurityHelper()
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
addPropagationAttribute(java.lang.String key,java.lang.String value)
This method is used for setting an attribute (String value) in the default
propagation token.
|
|
convertCookieStringToBytes(java.lang.String cookieString)
This method is used to convert an SSO cookie taken directly from an
HttpServletRequest back into the original byte[] used to create the
cookie from the getBytes() method on the SingleSignonToken interface.
|
|
getCallerList()
This returns the entire caller list for this invocation.
|
|
getFirstCaller()
This method gets the first caller for this invocation
from the PropagationToken on the current thread of execution.
|
|
getFirstServer()
This gets the first WebSphere server name where a login
occurred for this invocation from the PropagationToken on
the current thread of execution in the form Cell:Node:Server.
|
|
getLTPACookieFromSSOToken()
Extracts an LTPA sso cookie from the subject of current thread
and builds a ltpa cookie out of it for use on downstream web invocations.
|
|
getPropagationAttributes(java.lang.String key)
This method is used to retrieve an array of attributes (String[] value) from the default
propagation token on the thread of execution.
|
|
getServerList()
This returns the entire server list for this invocation in
the form of "Cell:Node:Server".
|
|
isGlobalSecurityEnabled()
This method returns the state of security enablement for the entire cell.
|
|
isServerSecurityEnabled()
This method returns the state of security enablement for the process.
|
|
revokeSSOCookies(javax.servlet.http.HttpServletRequest req,javax.servlet.http.HttpServletResponse res)
revokeSSOCookies(HttpServletRequest, HttpServletResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies
if SSO is enabled.
|
|
revokeSSOCookiesForPortlets(ActionRequest actionReq,ActionResponse actionRes)
revokeSSOCookiesForPortlets(ActionRequest, ActionResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies
for portlets if SSO is enabled.
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
WSSecurityHelper
- public WSSecurityHelper()
Method Detail
isServerSecurityEnabled
- public static boolean isServerSecurityEnabled( )
isGlobalSecurityEnabled
- public static boolean isGlobalSecurityEnabled( )
This method returns the state of security enablement for the entire cell. If this API is called from within an application server where security has been explicitly disabled for the server, but the global security is enabled for the cell, this API will return true. This is useful to determine if Administrative security is enabled within a particular process. Admisitrative security is always enabled with global security, regardless of the state of the server security enablement.
getFirstCaller
- public static java.lang.String getFirstCaller( )
This method gets the first caller for this invocation from the PropagationToken on the current thread of execution. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled). The caller will be returned in the form of "username".
This method is only applicable on the server-side.
getFirstServer
- public static java.lang.String getFirstServer( )
This gets the first WebSphere server name where a login occurred for this invocation from the PropagationToken on the current thread of execution in the form Cell:Node:Server. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled).
This method is only applicable on the server-side.
getCallerList
- public static java.lang.String[] getCallerList( )
This returns the entire caller list for this invocation. Each caller in the String[] will be in the form of "Cell:Node:Server:Caller". The list comes from the security context in the current thread. The order of the list is the order of the callers for the invocation. The first caller will be the 0 index into the String[]. The last caller will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.
This method is only applicable on the server-side.
getServerList
- public static java.lang.String[] getServerList( )
This returns the entire server list for this invocation in the form of "Cell:Node:Server". The list comes from the security context in the current thread. The order of the list is the order of the servers for the invocation. The first server will be the 0 index into the String[]. The last server will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.
This method is only applicable on the server-side.
getPropagationAttributes
- public static java.lang.String[] getPropagationAttributes( java.lang.String key)
- throws WSSecurityException
This method is used to retrieve an array of attributes (String[] value) from the default
propagation token on the thread of execution. There are two default keys
which cannot be set by application code but can be retrieved. These keys are:
"com.ibm.wsspi.security.propagation.callers", this returns an array of callers
where context switches have occurred. Normally, only valid authenticated users
will be shown in the format of "realm/caller".
"com.ibm.wsspi.security.propagation.hosts", this returns a String array of hosts
which this propagation token has been on in the format of:
"Cell:Node:Server". Element 0 in the String[] will be the first host.
Element length-1 in the String[] will be the last host.
If a propagation token is not present on the thread, then null will be returned.
If the key is not present in the propagation token, then null will be
returned.
A WSSecurityException is thrown for any other unknown problems.
Any application calling this API needs to have the following Java 2 Security
permission specified:
javax.security.auth.AuthPermission("wssecurity.getPropagationAttributes")
.
addPropagationAttribute
- public static java.lang.String[] addPropagationAttribute( java.lang.String key,
- java.lang.String value)
- throws WSSecurityException
This method is used for setting an attribute (String value) in the default
propagation token. This sets an attribute in the token that is present
on the thread of execution. A propagation token is only created once a
valid authenticated user is on the thread of excecution. If you try to set
a value prior to a valid propagation token being present on the thread, a
token will get created and the value will get set. The originating caller
will be "UNAUTHENTICATED". If a value has been set for the key you are
specifying, the previous value will be returned and the new value will be
set. You may not use a key that begins with "com.ibm.wsspi.security.*" or
"com.ibm.websphere.security.*". These are reserved key prefixes.
A WSSecurityException is thrown for unknown problems. This exception would
likely contain the root cause exception by calling getCause() on
WSSecurityException.
Any application calling this API needs to have the following Java 2 Security
permission specified:
javax.security.auth.AuthPermission("wssecurity.addPropagationAttribute")
.
convertCookieStringToBytes
- public static byte[] convertCookieStringToBytes( java.lang.String cookieString)
This method is used to convert an SSO cookie taken directly from an HttpServletRequest back into the original byte[] used to create the cookie from the getBytes() method on the SingleSignonToken interface. This byte[] can then be used to recreate the SingleSignonToken object. Refer to the Security Attribute Propagation documentation for more information.
cookieString
- String revokeSSOCookies
- public static void revokeSSOCookies( javax.servlet.http.HttpServletRequest req,
- javax.servlet.http.HttpServletResponse res)
revokeSSOCookies(HttpServletRequest, HttpServletResponse)
method removes the WebSphere Application Server Single Sign-on (SSO) cookies
if SSO is enabled.
req
- HttpServletRequest res
- HttpServletResponse revokeSSOCookiesForPortlets
- public static void revokeSSOCookiesForPortlets( ActionRequest actionReq,
- ActionResponse actionRes)
revokeSSOCookiesForPortlets(ActionRequest, ActionResponse)
method removes the WebSphere Application Server Single Sign-on (SSO) cookies
for portlets if SSO is enabled. This also invalidates the portlet session.
getLTPACookieFromSSOToken
- public static javax.servlet.http.Cookie getLTPACookieFromSSOToken( )
- throws java.lang.Exception
java.lang.Exception
This method returns the state of security enablement for the process. If global security is enabled, but an application server security is disabled This property returns the state of security just for that application server. This property will always return false when global security is disabled.