com.ibm.wsspi.security.token

Class WSSecurityPropagationHelper

  1. java.lang.Object
  2. extended bycom.ibm.wsspi.security.token.WSSecurityPropagationHelper

  1. public class WSSecurityPropagationHelper
  2. extends java.lang.Object
This class provides some propagation helper methods including whether propagation is enabled or not.
Since:
5.1.1
Version:
5.1.1

Field Summary

Modifier and Type Field and Description
  1. static
  2. boolean
rmiInboundPropagationEnabled
  1. static
  2. boolean
rmiOutboundPropagationEnabled
  1. static
  2. boolean
webInboundPropagationEnabled

Method Summary

Modifier and Type Method and Description
  1. static
  2. PropagationToken
addPropagationToken(PropagationToken token)
  1. static
  2. WSSecurityPropagationHelper
getInstance()
  1. static
  2. PropagationToken
getPropagationToken(java.lang.String name,int version)
This method gets the propagation token on the current thread of execution based upon a specific key.
  1. static
  2. java.lang.String
getRealmFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method.
  1. static
  2. java.lang.String
getUserFromUniqueID(java.lang.String uniqueID)
This method accepts the uniqueID returned from the validateLTPAToken method.
  1. boolean
isRMIInboundPropagationEnabled()
This method returns whether this server advertises that it accepts inbound propagation logins.
  1. boolean
isRMIOutboundPropagationEnabled()
This method returns whether this server will propagate security attributes outbound provided the target server supports propagation.
  1. boolean
isWebInboundPropagationEnabled()
This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes.
  1. static
  2. java.lang.String
validateLTPAToken(byte[] token)
  1. static
  2. ValidationResult
validateToken(byte[] token)
  1. static
  2. ValidationResult
validateToken(byte[] token,boolean validateRealm)
This method validates an LTPA token and will return a ValidationResult object.
  1. static
  2. void
validateTokenRealm(byte[] token)
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

rmiInboundPropagationEnabled

  1. public static boolean rmiInboundPropagationEnabled

rmiOutboundPropagationEnabled

  1. public static boolean rmiOutboundPropagationEnabled

webInboundPropagationEnabled

  1. public static boolean webInboundPropagationEnabled

Method Detail

getInstance

  1. public static WSSecurityPropagationHelper getInstance( )

isRMIInboundPropagationEnabled

  1. public boolean isRMIInboundPropagationEnabled( )

This method returns whether this server advertises that it accepts inbound propagation logins. It is typically used in inbound login configurations to determine whether to do something propagation related.

Returns:
boolean

isRMIOutboundPropagationEnabled

  1. public boolean isRMIOutboundPropagationEnabled( )

This method returns whether this server will propagate security attributes outbound provided the target server supports propagation. It is typically used in outbound login configurations to determine whether to do something propagation related.

Returns:
boolean

isWebInboundPropagationEnabled

  1. public boolean isWebInboundPropagationEnabled( )

This method returns whether this server, when receiving an SSO token, will try to go to the originating server to get propagated security attributes. When disabled, the server will login with the LTPA token as it did in previous releases. When enabled, the Subject created will be the serialized version from the originating server based on information in the SSO token.

Returns:
boolean

getPropagationToken

  1. public static PropagationToken getPropagationToken( java.lang.String name,
  2. int version)
  3. throws com.ibm.websphere.security.WSSecurityException

This method gets the propagation token on the current thread of execution based upon a specific key. The default PropagationToken has the following key: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROPTOKEN_KEY_V1 For a custom PropagationToken implementation, you must know the token name and version and create the key in the format getPropagationToken("name:version"); The Propagation Token feature must be enabled for this to return a token. The token interface that is returned is com.ibm.wsspi.security.token.PropagationToken. If the originating caller is UNAUTHENTICATED, this API will return null until an authenticated caller is found in the Subject. The attributes one might be interested in are: com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_CALLERS com.ibm.wsspi.security.token.AttributeNameConstants.WSPROP_HOSTS WSPROP_CALLERS will return a | delimited string of callers with the first in the list being the originating caller. Any additional callers listed are due to context switches from a J2EE runAs or JAAS doAs change. Example: realm/user1|realm/user2 WSPROP_HOSTS will return a | delimited string of hosts with the first in the list being the originating host. Each subsequent host the invocation lands on will be logged here. Example: Cell:Node1:Server1|Cell:Node2:Server1 Note: Custom attributes may be added to the propagation token but the codebase must have the proper Java 2 Security permissions to do so.

Parameters:
name - java.lang.String
version - int
Returns:
com.ibm.wsspi.security.token.PropagationToken
Throws:
com.ibm.websphere.security.WSSecurityException

addPropagationToken

  1. public static PropagationToken addPropagationToken( PropagationToken token)
  2. throws com.ibm.websphere.security.WSSecurityException
Throws:
com.ibm.websphere.security.WSSecurityException

validateLTPAToken

  1. public static java.lang.String validateLTPAToken( byte[] token)
  2. throws com.ibm.websphere.security.auth.WSLoginFailedException
Throws:
com.ibm.websphere.security.auth.WSLoginFailedException

validateToken

  1. public static ValidationResult validateToken( byte[] token)
  2. throws com.ibm.websphere.security.auth.ValidationFailedException
Throws:
com.ibm.websphere.security.auth.ValidationFailedException

validateToken

  1. public static ValidationResult validateToken( byte[] token,
  2. boolean validateRealm)
  3. throws com.ibm.websphere.security.auth.ValidationFailedException

This method validates an LTPA token and will return a ValidationResult object. additionally when the boolean in argument validateRealm is true, the realm in the token is validated to make sure it is this process realm or one that is trusted. If the token cannot be validated or is expired, a WSLoginFailedException will be thrown. uniqueid.

Returns:
String WebSphere uniqueID
Throws:
com.ibm.websphere.security.auth.WSLoginFailedException
com.ibm.websphere.security.auth.ValidationFailedException
See Also:
(uniqueID), (uniqueID)


validateTokenRealm

  1. public static void validateTokenRealm( byte[] token)
  2. throws com.ibm.websphere.security.auth.ValidationFailedException
Throws:
com.ibm.websphere.security.auth.ValidationFailedException

getUserFromUniqueID

  1. public static java.lang.String getUserFromUniqueID( java.lang.String uniqueID)

This method accepts the uniqueID returned from the validateLTPAToken method. You can also use this method to parse the uniqueID returned from the UserRegistry.getUniqueUserId (uid) method. It returns the unique userid portion of this string. For an LDAP registry, this is the DN. For a LocalOS registry, this is the LocalOS unique identifier.

Returns:
String registry uniqueID

getRealmFromUniqueID

  1. public static java.lang.String getRealmFromUniqueID( java.lang.String uniqueID)

This method accepts the uniqueID returned from the validateLTPAToken method. It returns the realm portion of this string. The realm can be used to determine where the token came from.

Returns:
String registry realm