IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.security.token
Class WSSecurityPropagationHelper

java.lang.Object
  extended by com.ibm.wsspi.security.token.WSSecurityPropagationHelper

public class WSSecurityPropagationHelper
extends java.lang.Object

This class provides some propagation helper methods including whether propagation is enabled or not.

Since:
5.1.1
Version:
5.1.1

Field Summary
static boolean rmiInboundPropagationEnabled
           
static boolean rmiOutboundPropagationEnabled
           
static boolean webInboundPropagationEnabled
           
 
Method Summary
static PropagationToken addPropagationToken(PropagationToken token)
           
static WSSecurityPropagationHelper getInstance()
           
static PropagationToken getPropagationToken(java.lang.String name, int version)
           This method gets the propagation token on the current thread of execution based upon a specific key.
static java.lang.String getRealmFromUniqueID(java.lang.String uniqueID)
           This method accepts the uniqueID returned from the validateLTPAToken method.
static java.lang.String getUserFromUniqueID(java.lang.String uniqueID)
           This method accepts the uniqueID returned from the validateLTPAToken method.
 boolean isRMIInboundPropagationEnabled()
           This method returns whether this server advertises that it accepts inbound propagation logins.
 boolean isRMIOutboundPropagationEnabled()
           This method returns whether this server will propagate security attributes outbound provided the target server supports propagation.
 boolean isWebInboundPropagationEnabled()
           This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes.
static java.lang.String validateLTPAToken(byte[] token)
           
static ValidationResult validateToken(byte[] token)
           
static ValidationResult validateToken(byte[] token, boolean validateRealm)
           This method validates an LTPA token and will return a ValidationResult object.
static void validateTokenRealm(byte[] token)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

rmiInboundPropagationEnabled

public static boolean rmiInboundPropagationEnabled

rmiOutboundPropagationEnabled

public static boolean rmiOutboundPropagationEnabled

webInboundPropagationEnabled

public static boolean webInboundPropagationEnabled
Method Detail

getInstance

public static WSSecurityPropagationHelper getInstance()

isRMIInboundPropagationEnabled

public boolean isRMIInboundPropagationEnabled()

This method returns whether this server advertises that it accepts inbound propagation logins. It is typically used in inbound login configurations to determine whether to do something propagation related.

Returns:
boolean

isRMIOutboundPropagationEnabled

public boolean isRMIOutboundPropagationEnabled()

This method returns whether this server will propagate security attributes outbound provided the target server supports propagation. It is typically used in outbound login configurations to determine whether to do something propagation related.

Returns:
boolean

isWebInboundPropagationEnabled

public boolean isWebInboundPropagationEnabled()

This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes. When disabled, the server will login with the LTPA token as it did in previous releases. When enabled, the Subject created will be the serialized version from the originating server based on information in the SSO token.

Returns:
boolean

getPropagationToken

public static PropagationToken getPropagationToken(java.lang.String name,
                                                   int version)
                                            throws com.ibm.websphere.security.WSSecurityException

This method gets the propagation token on the current thread of execution based upon a specific key. The default PropagationToken has the following key: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROPTOKEN_KEY_V1 For a custom PropagationToken implementation, you must know the token name and version and create the key in the format getPropagationToken("name:version"); The Propagation Token feature must be enabled for this to return a token. The token interface that is returned is com.ibm.wsspi.security.token.PropagationToken. If the originating caller is UNAUTHENTICATED, this API will return null until an authenticated caller is found in the Subject. The attributes one might be interested in are: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_CALLERS com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_HOSTS WSPROP_CALLERS will return a | delimited string of callers with the first in the list being the originating caller. Any additional callers listed are due to context switches from a J2EE runAs or JAAS doAs change. Example: realm/user1|realm/user2 WSPROP_HOSTS will return a | delimited string of hosts with the first in the list being the originating host. Each subsequent host the invocation lands on will be logged here. Example: Cell:Node1:Server1|Cell:Node2:Server1 Note: Custom attributes may be added to the propagation token but the codebase must have the proper Java 2 Security permissions to do so.

Parameters:
name - java.lang.String
version - int
Returns:
com.ibm.wsspi.security.token.PropagationToken
Throws:
com.ibm.websphere.security.WSSecurityException

addPropagationToken

public static PropagationToken addPropagationToken(PropagationToken token)
                                            throws com.ibm.websphere.security.WSSecurityException
Throws:
com.ibm.websphere.security.WSSecurityException

validateLTPAToken

public static java.lang.String validateLTPAToken(byte[] token)
                                          throws com.ibm.websphere.security.auth.WSLoginFailedException
Throws:
com.ibm.websphere.security.auth.WSLoginFailedException

validateToken

public static ValidationResult validateToken(byte[] token)
                                      throws com.ibm.websphere.security.auth.ValidationFailedException
Throws:
com.ibm.websphere.security.auth.ValidationFailedException

validateToken

public static ValidationResult validateToken(byte[] token,
                                             boolean validateRealm)
                                      throws com.ibm.websphere.security.auth.ValidationFailedException

This method validates an LTPA token and will return a ValidationResult object. additionally when the boolean in argument validateRealm is true, the realm in the token is validated to make sure it is this process realm or one that is trusted. If the token cannot be validated or is expired, a WSLoginFailedException will be thrown. uniqueid.

Parameters:
byte[] - (LtpaToken or LtpaToken2)
Returns:
String WebSphere uniqueID
Throws:
com.ibm.websphere.security.auth.WSLoginFailedException
com.ibm.websphere.security.auth.ValidationFailedException
See Also:
(uniqueID), (uniqueID)


validateTokenRealm

public static void validateTokenRealm(byte[] token)
                               throws com.ibm.websphere.security.auth.ValidationFailedException
Throws:
com.ibm.websphere.security.auth.ValidationFailedException

getUserFromUniqueID

public static java.lang.String getUserFromUniqueID(java.lang.String uniqueID)

This method accepts the uniqueID returned from the validateLTPAToken method. You can also use this method to parse the uniqueID returned from the UserRegistry.getUniqueUserId (uid) method. It returns the unique userid portion of this string. For an LDAP registry, this is the DN. For a LocalOS registry, this is the LocalOS unique identifier.

Parameters:
String - WebSphere uniqueID
Returns:
String registry uniqueID

getRealmFromUniqueID

public static java.lang.String getRealmFromUniqueID(java.lang.String uniqueID)

This method accepts the uniqueID returned from the validateLTPAToken method. It returns the realm portion of this string. The realm can be used to determine where the token came from.

Parameters:
String - WebSphere uniqueID
Returns:
String registry realm

IBM WebSphere Application ServerTM
Release 8