com.ibm.wsspi.security.tai
Interface NegotiateTrustAssociationInterceptor
Deprecated. As of 5.1.1, replaced by the new com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface. Implementation using this interface are supported by 5.1.1 both at compile time and runtime. Improvement has been made to com.ibm.wsspi.security.tai.TrustAssociationInterceptor and current implementations of this interface should be migrated to use the new interface.
- public interface NegotiateTrustAssociationInterceptor
- extends TrustAssociationInterceptor
This interface is an extension to the com.ibm.websphere.security.TrustAssociationInterceptor
interface. This interface extends the capability of the current trust association interceptor:
- HttpServletResponse is made available for the interceptor
- Support negotiation between the interceptor and the initiator of the request
When trust association interceptor implements NegotiateTrustAssociationInterceptor
interface, the method of TrustAssociationInterceptor.validateEstablishedTrust()
is not called. But instead negotiateAndValidateEstablishedTrust()
is called.
There is a convenient abstract base class NegotiateTrustAssociationInterceptorImpl extends
com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor
and implements
NegotiateTrustAssociationInterceptor
and in its implements
TrustAssociationInterceptor.validateEstablishedTrust()
as no operation and throws
WebTrustAssociationFailedException
.
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getSubject()
Deprecated.
getSubject method returns a JAAS Subject that represents the caller identity that
was asserted by the trust association interceptor along with trusted third party security attributes.
|
|
negotiateAndValidateEstablishedTrust(javax.servlet.http.HttpServletRequest req,javax.servlet.http.HttpServletResponse res)
Deprecated. This method is used to determine whethere trust association can be
established between WebSphere and the third party server.
|
Methods inherited from interface com.ibm.websphere.security.TrustAssociationInterceptor |
---|
getAuthenticatedUsername, isTargetInterceptor, validateEstablishedTrust |
Method Detail
negotiateAndValidateEstablishedTrust
- int negotiateAndValidateEstablishedTrust( javax.servlet.http.HttpServletRequest req,
- javax.servlet.http.HttpServletResponse res)
- throws WebTrustAssociationFailedException
req
- HTTP request res
- HTTP response HttpServletResponse.SC_OK
indicates no negotiation is required, else negotiation is required WebTrustAssociationFailedException
- Any failure is communicate through exception getSubject
- javax.security.auth.Subject getSubject( )
- throws WebTrustAssociationFailedException
getSubject
method returns a JAAS Subject that represents the caller identity that
was asserted by the trust association interceptor along with trusted third party security attributes.
A null Subject may be returned if the trust association interceptor implementation does not support this feature.
javax.security.auth.Subject
WebTrustAssociationFailedException
- Any failure is communicate through exception
This method is used to determine whethere trust association can be established between WebSphere and the third party server. In most situations, this involves authenticating the server. All the required information to be able to do this should be available in the HTTP request.
If the third party server failed the validation, or is unable to provide the required information, a WebTrustAssociationFailedException must be thrown.
However, if the interceptor finds that the request does not contains the expected authentication data, it can write the protocol specific challenge information in the response and return status code that is not equal to
HttpServletResponse.SC_OK
. The security runtime will stop processing the request and send a status code back to the initiator. IfHttpServletResponse.SC_OK
is returned, then the security runtime will proceed to get the authenticated user fromgetAuthenticatedUsernameEx
and continue process the request.