|
IBM WebSphere Application ServerTM Release 7 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.websphere.security.WSSecurityHelper
public final class WSSecurityHelper
This class is for generic Websphere security helper methods.
Constructor Summary | |
---|---|
WSSecurityHelper()
|
Method Summary | |
---|---|
static java.lang.String[] |
addPropagationAttribute(java.lang.String key,
java.lang.String value)
This method is used for setting an attribute (String value) in the default propagation token. |
static byte[] |
convertCookieStringToBytes(java.lang.String cookieString)
This method is used to convert an SSO cookie taken directly from an HttpServletRequest back into the original byte[] used to create the cookie from the getBytes() method on the SingleSignonToken interface. |
static java.lang.String[] |
getCallerList()
This returns the entire caller list for this invocation. |
static java.lang.String |
getFirstCaller()
This method gets the first caller for this invocation from the PropagationToken on the current thread of execution. |
static java.lang.String |
getFirstServer()
This gets the first WebSphere server name where a login occurred for this invocation from the PropagationToken on the current thread of execution in the form Cell:Node:Server. |
static java.lang.String[] |
getPropagationAttributes(java.lang.String key)
This method is used to retrieve an array of attributes (String[] value) from the default propagation token on the thread of execution. |
static java.lang.String[] |
getServerList()
This returns the entire server list for this invocation in the form of "Cell:Node:Server". |
static boolean |
isGlobalSecurityEnabled()
This method returns the state of security enablement for the entire cell. |
static boolean |
isServerSecurityEnabled()
This method returns the state of security enablement for the process. |
static void |
revokeSSOCookies(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse res)
revokeSSOCookies(HttpServletRequest, HttpServletResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies
if SSO is enabled. |
static void |
revokeSSOCookiesForPortlets(javax.portlet.ActionRequest actionReq,
javax.portlet.ActionResponse actionRes)
revokeSSOCookiesForPortlets(ActionRequest, ActionResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies
for portlets if SSO is enabled. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public WSSecurityHelper()
Method Detail |
---|
public static boolean isServerSecurityEnabled()
This method returns the state of security enablement for the process. If global security is enabled, but an application server security is disabled This property returns the state of security just for that application server. This property will always return false when global security is disabled.
public static boolean isGlobalSecurityEnabled()
This method returns the state of security enablement for the entire cell. If this API is called from within an application server where security has been explicitly disabled for the server, but the global security is enabled for the cell, this API will return true. This is useful to determine if Administrative security is enabled within a particular process. Admisitrative security is always enabled with global security, regardless of the state of the server security enablement.
public static java.lang.String getFirstCaller()
This method gets the first caller for this invocation from the PropagationToken on the current thread of execution. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled). The caller will be returned in the form of "username".
This method is only applicable on the server-side.
public static java.lang.String getFirstServer()
This gets the first WebSphere server name where a login occurred for this invocation from the PropagationToken on the current thread of execution in the form Cell:Node:Server. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled).
This method is only applicable on the server-side.
public static java.lang.String[] getCallerList()
This returns the entire caller list for this invocation. Each caller in the String[] will be in the form of "Cell:Node:Server:Caller". The list comes from the security context in the current thread. The order of the list is the order of the callers for the invocation. The first caller will be the 0 index into the String[]. The last caller will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.
This method is only applicable on the server-side.
public static java.lang.String[] getServerList()
This returns the entire server list for this invocation in the form of "Cell:Node:Server". The list comes from the security context in the current thread. The order of the list is the order of the servers for the invocation. The first server will be the 0 index into the String[]. The last server will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.
This method is only applicable on the server-side.
public static java.lang.String[] getPropagationAttributes(java.lang.String key) throws WSSecurityException
This method is used to retrieve an array of attributes (String[] value) from the default
propagation token on the thread of execution. There are two default keys
which cannot be set by application code but can be retrieved. These keys are:
"com.ibm.wsspi.security.propagation.callers", this returns an array of callers
where context switches have occurred. Normally, only valid authenticated users
will be shown in the format of "realm/caller".
"com.ibm.wsspi.security.propagation.hosts", this returns a String array of hosts
which this propagation token has been on in the format of:
"Cell:Node:Server". Element 0 in the String[] will be the first host.
Element length-1 in the String[] will be the last host.
If a propagation token is not present on the thread, then null will be returned.
If the key is not present in the propagation token, then null will be
returned.
A WSSecurityException is thrown for any other unknown problems.
Any application calling this API needs to have the following Java 2 Security
permission specified:
javax.security.auth.AuthPermission("wssecurity.getPropagationAttributes")
.
key
- Stringvalue
- String
WSSecurityException
public static java.lang.String[] addPropagationAttribute(java.lang.String key, java.lang.String value) throws WSSecurityException
This method is used for setting an attribute (String value) in the default
propagation token. This sets an attribute in the token that is present
on the thread of execution. A propagation token is only created once a
valid authenticated user is on the thread of excecution. If you try to set
a value prior to a valid propagation token being present on the thread, a
token will get created and the value will get set. The originating caller
will be "UNAUTHENTICATED". If a value has been set for the key you are
specifying, the previous value will be returned and the new value will be
set. You may not use a key that begins with "com.ibm.wsspi.security.*" or
"com.ibm.websphere.security.*". These are reserved key prefixes.
A WSSecurityException is thrown for unknown problems. This exception would
likely contain the root cause exception by calling getCause() on
WSSecurityException.
Any application calling this API needs to have the following Java 2 Security
permission specified:
javax.security.auth.AuthPermission("wssecurity.addPropagationAttribute")
.
key
- Stringvalue
- String
WSSecurityException
public static byte[] convertCookieStringToBytes(java.lang.String cookieString)
This method is used to convert an SSO cookie taken directly from an HttpServletRequest back into the original byte[] used to create the cookie from the getBytes() method on the SingleSignonToken interface. This byte[] can then be used to recreate the SingleSignonToken object. Refer to the Security Attribute Propagation documentation for more information.
cookieString
- String
public static void revokeSSOCookies(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
revokeSSOCookies(HttpServletRequest, HttpServletResponse)
method removes the WebSphere Application Server Single Sign-on (SSO) cookies
if SSO is enabled.
req
- HttpServletRequestres
- HttpServletResponsepublic static void revokeSSOCookiesForPortlets(javax.portlet.ActionRequest actionReq, javax.portlet.ActionResponse actionRes)
revokeSSOCookiesForPortlets(ActionRequest, ActionResponse)
method removes the WebSphere Application Server Single Sign-on (SSO) cookies
for portlets if SSO is enabled. This also invalidates the portlet session.
req
- ActionRequestres
- ActionResponse
|
IBM WebSphere Application ServerTM Release 7 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |