IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.security.token
Class WSOpaqueTokenHelper

java.lang.Object
  extended by com.ibm.wsspi.security.token.WSOpaqueTokenHelper

public class WSOpaqueTokenHelper
extends java.lang.Object

This class provides methods that serialize the Subject contents on the sending end of a protocol and deserializes them on the target end. It's recommended that these methods be called from a JAAS login module on both ends to preserve the custom pluggable behavior already established.

Since:
5.1.1
Version:
5.1.1

Field Summary
static java.lang.String customPrincipalTokensHeader
           
static java.lang.String customPrincipalTokensHeaderEnding
           
static java.lang.String customPrivateTokensHeader
           
static java.lang.String customPrivateTokensHeaderEnding
           
static java.lang.String customPublicTokensHeader
           
static java.lang.String customPublicTokensHeaderEnding
           
static java.lang.String customTokensHeader
           
static java.lang.String tokenHeader
           
static java.lang.String wsCredHashHeader
           
static java.lang.String wsTokensHeader
           
 
Method Summary
 byte[] createOpaqueTokenFromSubject(javax.security.auth.Subject subject)
           This method is called from the RMI Outbound LoginModule to get the opaque token used for the CSIv2 authorization token.
 byte[] createOpaqueTokenFromTokenHolderList(javax.security.auth.Subject subject, java.util.ArrayList tokenHolders)
           This method is called from the WSOpaqueTokenHelper.createOpaqueTokenFromSubject() to create the byte[] from the ArrayList of token types.
 java.util.ArrayList createTokenHolderListFromOpaqueToken(byte[] opaque_token)
           This method is called by the RMI protocol to get the ArrayList of TokenHolder objects which are passed into the login via the WSTokenHolderCallback.
static java.lang.Object deserialize(byte[] buf)
          Deserialize an object
static WSOpaqueTokenHelper getInstance()
           
 java.lang.String getOpaqueTokenLookup()
           
 java.lang.String getOpaqueTokenName()
           
 int getOpaqueTokenVersion()
           
static byte[] serialize(java.lang.Object src)
          Serialize an object
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

tokenHeader

public static final java.lang.String tokenHeader
See Also:
Constant Field Values

wsCredHashHeader

public static final java.lang.String wsCredHashHeader
See Also:
Constant Field Values

wsTokensHeader

public static final java.lang.String wsTokensHeader
See Also:
Constant Field Values

customTokensHeader

public static final java.lang.String customTokensHeader
See Also:
Constant Field Values

customPublicTokensHeader

public static final java.lang.String customPublicTokensHeader
See Also:
Constant Field Values

customPublicTokensHeaderEnding

public static final java.lang.String customPublicTokensHeaderEnding
See Also:
Constant Field Values

customPrivateTokensHeader

public static final java.lang.String customPrivateTokensHeader
See Also:
Constant Field Values

customPrivateTokensHeaderEnding

public static final java.lang.String customPrivateTokensHeaderEnding
See Also:
Constant Field Values

customPrincipalTokensHeader

public static final java.lang.String customPrincipalTokensHeader
See Also:
Constant Field Values

customPrincipalTokensHeaderEnding

public static final java.lang.String customPrincipalTokensHeaderEnding
See Also:
Constant Field Values
Method Detail

getInstance

public static WSOpaqueTokenHelper getInstance()

getOpaqueTokenName

public java.lang.String getOpaqueTokenName()

getOpaqueTokenLookup

public java.lang.String getOpaqueTokenLookup()

getOpaqueTokenVersion

public int getOpaqueTokenVersion()

createOpaqueTokenFromSubject

public byte[] createOpaqueTokenFromSubject(javax.security.auth.Subject subject)
                                    throws com.ibm.websphere.security.auth.WSLoginFailedException

This method is called from the RMI Outbound LoginModule to get the opaque token used for the CSIv2 authorization token. It combines the authorization token(s) + propagation token(s) + WSCredential hash table + custom objects to create an opaque token that can be regenerated at the target.

The following is the format of the opaque token (version 1) which is identified using the OMG VMCID 0x494210CF. Any other token flowing in the CSIv2 authorization token layer will have a different VMCID and thus a different format. It's possible for different versions of this token (WSOPAQUE) to be carried using the same VMCID. The token version can be identified during deserialization and the appropriate method for deserializing can be chosen at that time.

Token Header = "WSOPAQUE" Token Version (byte) = 1 (optional) { WSCred Hashtable Header = "WSCREDHASH" Hashtable length (integer) = length Hashtable bytes } WebSphere Token(s) Header = "WSTOKEN" Number of tokens present (byte) = # of tokens (sequence of) [ Token name length (byte) = length Token name bytes = token name (typically the class name) Token version (byte) = version Token bytes length (byte) = length Token bytes = token ] (optional) { Custom Token(s) Header = "CUSTOM" Number of custom tokens present (byte) = # of tokens (sequence of) [ Token name length (byte) = length Token name bytes = token name (either "CUSTOM_PUBLIC", "CUSTOM_PRIVATE" or "CUSTOM_PRINCIPAL") Token version (byte) = version Token bytes length (byte) = length Token bytes = token ] }

Throws:
com.ibm.websphere.security.auth.WSLoginFailedException

createOpaqueTokenFromTokenHolderList

public byte[] createOpaqueTokenFromTokenHolderList(javax.security.auth.Subject subject,
                                                   java.util.ArrayList tokenHolders)
                                            throws java.lang.Exception

This method is called from the WSOpaqueTokenHelper.createOpaqueTokenFromSubject() to create the byte[] from the ArrayList of token types.

Throws:
java.lang.Exception

createTokenHolderListFromOpaqueToken

public java.util.ArrayList createTokenHolderListFromOpaqueToken(byte[] opaque_token)
                                                         throws com.ibm.websphere.security.WSSecurityException

This method is called by the RMI protocol to get the ArrayList of TokenHolder objects which are passed into the login via the WSTokenHolderCallback. The RMI Inbound login modules handle deserializing the majority of the TokenHolders in this list. Custom login modules need to only be concerned with deserializing the custom AuthorizationToken or PropagationToken implementations which may have custom encryption (why we cannot deserialize it).

Throws:
com.ibm.websphere.security.WSSecurityException

serialize

public static byte[] serialize(java.lang.Object src)
                        throws java.lang.Exception
Serialize an object

Throws:
java.lang.Exception

deserialize

public static java.lang.Object deserialize(byte[] buf)
                                    throws java.lang.Exception
Deserialize an object

Throws:
java.lang.Exception

IBM WebSphere Application ServerTM
Release 8