|
IBM WebSphere Application ServerTM Release 7 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.wsspi.security.token.WSSecurityPropagationHelper
public class WSSecurityPropagationHelper
This class provides some propagation helper methods including whether propagation is enabled or not.
Field Summary | |
---|---|
static boolean |
rmiInboundPropagationEnabled
|
static boolean |
rmiOutboundPropagationEnabled
|
static boolean |
webInboundPropagationEnabled
|
Method Summary | |
---|---|
static PropagationToken |
addPropagationToken(PropagationToken token)
|
static WSSecurityPropagationHelper |
getInstance()
|
static PropagationToken |
getPropagationToken(java.lang.String name,
int version)
This method gets the propagation token on the current thread of execution based upon a specific key. |
static java.lang.String |
getRealmFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method. |
static java.lang.String |
getUserFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method. |
boolean |
isRMIInboundPropagationEnabled()
This method returns whether this server advertises that it accepts inbound propagation logins. |
boolean |
isRMIOutboundPropagationEnabled()
This method returns whether this server will propagate security attributes outbound provided the target server supports propagation. |
boolean |
isWebInboundPropagationEnabled()
This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes. |
static java.lang.String |
validateLTPAToken(byte[] token)
|
static ValidationResult |
validateToken(byte[] token)
|
static ValidationResult |
validateToken(byte[] token,
boolean validateRealm)
This method validates an LTPA token and will return a ValidationResult object. |
static void |
validateTokenRealm(byte[] token)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static boolean rmiInboundPropagationEnabled
public static boolean rmiOutboundPropagationEnabled
public static boolean webInboundPropagationEnabled
Method Detail |
---|
public static WSSecurityPropagationHelper getInstance()
public boolean isRMIInboundPropagationEnabled()
This method returns whether this server advertises that it accepts inbound propagation logins. It is typically used in inbound login configurations to determine whether to do something propagation related.
public boolean isRMIOutboundPropagationEnabled()
This method returns whether this server will propagate security attributes outbound provided the target server supports propagation. It is typically used in outbound login configurations to determine whether to do something propagation related.
public boolean isWebInboundPropagationEnabled()
This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes. When disabled, the server will login with the LTPA token as it did in previous releases. When enabled, the Subject created will be the serialized version from the originating server based on information in the SSO token.
public static PropagationToken getPropagationToken(java.lang.String name, int version) throws com.ibm.websphere.security.WSSecurityException
This method gets the propagation token on the current thread of execution based upon a specific key. The default PropagationToken has the following key: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROPTOKEN_KEY_V1 For a custom PropagationToken implementation, you must know the token name and version and create the key in the format getPropagationToken("name:version"); The Propagation Token feature must be enabled for this to return a token. The token interface that is returned is com.ibm.wsspi.security.token.PropagationToken. If the originating caller is UNAUTHENTICATED, this API will return null until an authenticated caller is found in the Subject. The attributes one might be interested in are: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_CALLERS com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_HOSTS WSPROP_CALLERS will return a | delimited string of callers with the first in the list being the originating caller. Any additional callers listed are due to context switches from a J2EE runAs or JAAS doAs change. Example: realm/user1|realm/user2 WSPROP_HOSTS will return a | delimited string of hosts with the first in the list being the originating host. Each subsequent host the invocation lands on will be logged here. Example: Cell:Node1:Server1|Cell:Node2:Server1 Note: Custom attributes may be added to the propagation token but the codebase must have the proper Java 2 Security permissions to do so.
name
- java.lang.Stringversion
- int
com.ibm.websphere.security.WSSecurityException
public static PropagationToken addPropagationToken(PropagationToken token) throws com.ibm.websphere.security.WSSecurityException
com.ibm.websphere.security.WSSecurityException
public static java.lang.String validateLTPAToken(byte[] token) throws com.ibm.websphere.security.auth.WSLoginFailedException
com.ibm.websphere.security.auth.WSLoginFailedException
public static ValidationResult validateToken(byte[] token) throws com.ibm.websphere.security.auth.ValidationFailedException
com.ibm.websphere.security.auth.ValidationFailedException
public static ValidationResult validateToken(byte[] token, boolean validateRealm) throws com.ibm.websphere.security.auth.ValidationFailedException
This method validates an LTPA token and will return a ValidationResult object. additionally when the boolean in argument validateRealm is true, the realm in the token is validated to make sure it is this process realm or one that is trusted. If the token cannot be validated or is expired, a WSLoginFailedException will be thrown. uniqueid.
byte[]
- (LtpaToken or LtpaToken2)
com.ibm.websphere.security.auth.WSLoginFailedException
com.ibm.websphere.security.auth.ValidationFailedException
(uniqueID)
,
(uniqueID)
public static void validateTokenRealm(byte[] token) throws com.ibm.websphere.security.auth.ValidationFailedException
com.ibm.websphere.security.auth.ValidationFailedException
public static java.lang.String getUserFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method. You can also use this method to parse the uniqueID returned from the UserRegistry.getUniqueUserId (uid) method. It returns the unique userid portion of this string. For an LDAP registry, this is the DN. For a LocalOS registry, this is the LocalOS unique identifier.
String
- WebSphere uniqueID
public static java.lang.String getRealmFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method. It returns the realm portion of this string. The realm can be used to determine where the token came from.
String
- WebSphere uniqueID
|
IBM WebSphere Application ServerTM Release 7 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |