|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.wsspi.wssecurity.auth.token.WSSToken
com.ibm.wsspi.wssecurity.auth.token.X509BSToken
public class X509BSToken
This class is a token object implementation for X.509 binary security tokens.
It extends the WSSToken
class, which implements the Token
class.
It will typically be created by the X509TokenGenerator
and process by the
X509TokenConsumer
.
Protected by following Java 2 Security permissions:
com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setCert")
com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setBytes")
WSSToken
,
Token
Nested Class Summary |
---|
Nested classes/interfaces inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken |
---|
WSSToken.AttributesEnumerator |
Field Summary | |
---|---|
static java.lang.String |
CERT_INFO
This is the key used when the X509 certificate is passed to from a KeyLocator object to a TokenConsumer object or
from a TokenConsumer object to a LoginModule object. |
static java.lang.String |
CERT_STORES
This is the key used when the CertStore object is passed
from a TokenGenerator object to a CallbackHandler object or
from a TokenConsumer object to a LoginModule object. |
static java.lang.String |
KEY_LOCATOR
This is the key used when the KeyInfoContentConsumer object to a TokenConsumer object. |
static java.lang.String |
PKIX_BUILDERPARAM
This is the key used when the PkiXBuilderParameter object is passed
from a TokenConsumer object to a LoginModule object. |
static java.lang.String |
PROVIDER
This is the key used when the Provider object is passed
from a TokenGenerator object to a CallbackHandler object or
from a TokenConsumer object to a LoginModule object. |
static java.lang.String |
TRUST_ANY
This is the key used when the flag to indicate that any certificates are trusted is passed to from a TokenConsumer object to a LoginModule object. |
Fields inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken |
---|
_attributes, _callerChecked, _error, _keyInfoType, _processed, _referenced, _tokenelem, _tokenId, _trusted, _usedTokenConsumer, _usedTokenGenerator, _usedToLogin, _version, _vtype |
Constructor Summary | |
---|---|
X509BSToken(java.lang.String tokenId,
java.security.cert.X509Certificate cert,
javax.xml.namespace.QName vtype)
Constructor |
Method Summary | |
---|---|
boolean |
equals(java.lang.Object o)
|
byte[] |
getBytes()
Returns the byte array representation of this token if possible. |
java.security.cert.X509Certificate |
getCert()
Gets the Certificate from X509 Binary Security Token |
long |
getExpiration()
This returns the expiration time in milli-seconds. |
java.lang.String |
getPrincipal()
Gets the principal that this Token belongs to. |
java.lang.String |
getUniqueID()
Returns a unique identifier of the token based upon information that the provider considers to be unique. |
short |
getVersion()
Returns the implementation version |
int |
hashCode()
|
boolean |
isValid()
Called by the runtime to determine if a token is valid still in terms of expiration, digital signature, etc. |
void |
setBytes(byte[] binary)
|
void |
setCert(java.security.cert.X509Certificate cert)
Sets a reference to the X509Certificate object. |
void |
setExpiration(long expiration)
|
java.lang.String |
toString()
|
Methods inherited from class com.ibm.wsspi.wssecurity.auth.token.WSSToken |
---|
addAttribute, clone, getAttributeNames, getAttributes, getCallerChecked, getElement, getError, getId, getKeyInfoType, getName, getType, getUsedTokenConsumer, getUsedTokenGenerator, getUsedToLogin, isForwardable, isProcessed, isReadOnly, isReferenced, isTrusted, setCallerChecked, setElement, setError, setId, setKeyInfoType, setProcessed, setReadOnly, setReferenced, setTrusted, setType, setType, setUsedTokenConsumer, setUsedTokenGenerator, setUsedToLogin |
Methods inherited from class java.lang.Object |
---|
finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String KEY_LOCATOR
This is the key used when the KeyInfoContentConsumer
object to a TokenConsumer
object.
public static final java.lang.String CERT_INFO
This is the key used when the X509 certificate is passed to
from a KeyLocator
object to a TokenConsumer
object or
from a TokenConsumer
object to a LoginModule
object.
public static final java.lang.String TRUST_ANY
This is the key used when the flag to indicate that any certificates are trusted is passed to
from a TokenConsumer
object to a LoginModule
object.
public static final java.lang.String PROVIDER
This is the key used when the Provider
object is passed
from a TokenGenerator
object to a CallbackHandler
object or
from a TokenConsumer
object to a LoginModule
object.
public static final java.lang.String PKIX_BUILDERPARAM
This is the key used when the PkiXBuilderParameter
object is passed
from a TokenConsumer
object to a LoginModule
object.
public static final java.lang.String CERT_STORES
This is the key used when the CertStore
object is passed
from a TokenGenerator
object to a CallbackHandler
object or
from a TokenConsumer
object to a LoginModule
object.
Constructor Detail |
---|
public X509BSToken(java.lang.String tokenId, java.security.cert.X509Certificate cert, javax.xml.namespace.QName vtype)
tokenId
- cert
- vtype
- Method Detail |
---|
public java.security.cert.X509Certificate getCert() throws SoapSecurityException
SoapSecurityException
public void setCert(java.security.cert.X509Certificate cert)
cert
- X509Certificate object
Protected by Java 2 Security permission com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setCert")public byte[] getBytes()
WSSToken
getBytes
in interface Token
getBytes
in class WSSToken
public void setBytes(byte[] binary)
binary
- Protected by Java 2 Security permission com.ibm.websphere.security.WebSphereRuntimePermission("wssecurity.X509BSToken.setBytes")public long getExpiration()
Token
This returns the expiration time in milli-seconds.
public void setExpiration(long expiration)
public java.lang.String getPrincipal()
Token
Gets the principal that this Token belongs to. If this is an authorization token, this principal string must match the authentication token principal string or the message will be rejected. CSIv2 has stringent rules about validating authorization tokens using either the Identity Token or Authentication Token principal.
public java.lang.String getUniqueID()
Token
Returns a unique identifier of the token based upon information that the provider considers to be unique. This will be used for caching purposes and may be used in combination with other token unique IDs that are part of the same Subject to form a Subject unique identifier.
An implementation of this method should be careful to only change the token uniqueness when required. Any login which generates a new unique ID will create a Subject entry in the cache, which will increase memory requirements.
This method should return null if the token does not need to affect the cache uniqueness. Typically, if using only static registry attributes, this should return null. However, if dynamic attributes are used including strength of authentication, time of day, etc. you may affect the cache uniqueness by returning a non-null value that reflects how you want the cache key too look. Typically, the token implementation will know what is most unique about the dynamic data, however, an alternative is to return a UUID. The values of getUniqueID() from all custom tokens present in the Subject will be added together and used in the SSO token for lookup. A one-way hash of this string will be created as the unique ID. When altering a token to contain a non-null value here, the token must be added to the Subject prior to the commit phase or before the wsMap module commit is called.
public int hashCode()
hashCode
in class java.lang.Object
public boolean equals(java.lang.Object o)
equals
in class java.lang.Object
public boolean isValid()
Token
Called by the runtime to determine if a token is valid still in terms of expiration, digital signature, etc. The implementation determines what valid means. If this returns false to the WebSphere runtime, an exception will be thrown (appropriate to where the call was made, e.g., NO_PERMISSION, WSLoginFailedException, etc.) and the request will be rejected.
public short getVersion()
WSSToken
getVersion
in interface Token
getVersion
in class WSSToken
public java.lang.String toString()
toString
in class java.lang.Object
|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |