InfoCenter Home > 5.7.6.2.1: Manipulating credentialsA credential object is an object that implements the org.omg.SecurityLevel2.Credentials interface. This interface supports many operations on credentials. A specific credential object contains identifying information about a principal for a session; this information includes the security name of the principal, the principal's hostname, and more. The Credentials interface defines methods for the following:
Security in the WebSphere environment offers two ways for authentication of principals to take place:
The credentials created for basic authentication contain information that is not yet verified. Such credentials are typically created on the client side of an application and sent to the server for authentication, after which an authenticated credential is created. The basic-authorization credential contains the user ID and password for the user requesting authentication. When the server receives the basic-authorization credential during the establishment of a secure association, one of the other types of credentials is created if the information about the user can be authenticated according to the local registry or LDAP registry. To manipulate a credential object, an application must get access to a credential object. To get access to a credential object, an application must:
Copying a credentialCopying a credential object creates a new Credentials object that is an exact duplicate (or deep copy) of the original Credentials object. The method, Credentials.copy(), returns a reference to the newly created copy. Copying credentials is typically done when an application needs to return a Credentials object to a caller but does not want the caller to be able to modify the original Credentials object. ... // Get a reference to the security Current object. ... // Extract the credential object. creds = ... // Make a copy of the credential object. org.omg.SecurityLevel2.Credentials newcreds = creds.copy(); ... Retrieving information from a credentialYou can use the Credentials.get_attributes method. This method takes an attribute-type list as an argument, and sets the values for each attribute type in the list. To use this method, you must first create a list of attribute types. Each position in the list holds the value of a different attribute; you must construct an list to hold the attributes you want to retrieve.
The code sample illustrates the the retrieval values for of four
attributes.
This procedure demonstrates how you can acquire the security attributes
of a credential. This is used to determine the security name and host identity
of the principal that invoked the current method request, including the
host where the principal is logged in. This procedure is performed
on a Credentials object. The security name and host name are security attributes
that have been introduced by WebSphere. Therefore, they are identified
by the IBM_BOSS_FAMILY_DEFINER, in attributes family 2. The security run
time must be installed and the ORB must be initialized.
... // Get a reference to the security Current object. ... // Extract the credential object. creds = ... // Create and initialize the attribute-type list. org.omg.Security.AttributeType[] attributeTypeList = new org.omg.Security.AttributeType[4]; // Establish the type of attribute each index holds. org.omg.Security.ExtensibleFamily familyOMG = new org.omg.Security.ExtensibleFamily((short) 0, (short) 1); org.omg.Security.ExtensibleFamily familyIBM = new org.omg.Security.ExtensibleFamily((short) 8, (short) 2); attributeTypeList[0] = new org.omg.Security.AttributeType(familyIBM, com.ibm.IExtendedSecurity.CredAttrSecName.value); // new org.omg.Security.AttributeType(familyOMG, org.omg.Security.Public.value); attributeTypeList[1] = new org.omg.Security.AttributeType(familyOMG, org.omg.Security.AccessId.value); attributeTypeList[2] = new org.omg.Security.AttributeType(familyOMG, org.omg.Security.GroupId.value); attributeTypeList[3] = new org.omg.Security.AttributeType(familyIBM, com.ibm.IExtendedSecurity.CredAttrHostName.value); // Make sure all values are initally null. org.omg.Security.Attribute[] attributeList = null; try { // Extract the attributes from the credential. attributeList = creds.get_attributes(attributeTypeList); // Retrieve the securityName. String secName = new String(attributeList[0].value); // Retrieve the AccessID. String AccessID = new String(attributeList[1].value); // Retrieve the GroupID. String GroupID = new String(attributeList[2].value); // Retrieve the HostName. String HostName = new String(attributeList[3].value); } catch (org.omg.Security::InvalidAttributeType e ) { e.printStackTrace(); } catch (org.omg.Security::DuplicateAttributeType e ) { e.printStackTrace(); } WebSphere combines the CORBA.Principal and the SecurityLevel2.Credentials interfaces in the IExtendedSecurity.Credentials interface. The IExtendedSecurity module contains IBM extensions to the standard interfaces defined by the Object Management Group (OMG) and new interfaces introduced by IBM. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|