com.ibm.wsspi.security.tai

Interface NegotiateTrustAssociationInterceptor

  • All Superinterfaces:
    TrustAssociationInterceptor
    All Known Implementing Classes:
    NegotiateTrustAssociationInterceptorImpl

    Deprecated. 
    As of 5.1.1, replaced by the new com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface. Implementation using this interface are supported by 5.1.1 both at compile time and runtime. Improvement has been made to com.ibm.wsspi.security.tai.TrustAssociationInterceptor and current implementations of this interface should be migrated to use the new interface.

    public interface NegotiateTrustAssociationInterceptor
    extends TrustAssociationInterceptor

    This interface is an extension to the com.ibm.websphere.security.TrustAssociationInterceptor interface. This interface extends the capability of the current trust association interceptor:

    • HttpServletResponse is made available for the interceptor
    • Support negotiation between the interceptor and the initiator of the request

    When trust association interceptor implements NegotiateTrustAssociationInterceptor interface, the method of TrustAssociationInterceptor.validateEstablishedTrust() is not called. But instead negotiateAndValidateEstablishedTrust() is called.

    There is a convenient abstract base class NegotiateTrustAssociationInterceptorImpl extends com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor and implements NegotiateTrustAssociationInterceptor and in its implements TrustAssociationInterceptor.validateEstablishedTrust() as no operation and throws WebTrustAssociationFailedException.

    Version:
    5.0
    See Also:
    TrustAssociationInterceptor
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      javax.security.auth.Subject getSubject()
      Deprecated. 
      getSubject method returns a JAAS Subject that represents the caller identity that was asserted by the trust association interceptor along with trusted third party security attributes.
      int negotiateAndValidateEstablishedTrust(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
      Deprecated. 
      This method is used to determine whethere trust association can be established between WebSphere and the third party server.
    • Method Detail

      • negotiateAndValidateEstablishedTrust

        int negotiateAndValidateEstablishedTrust(javax.servlet.http.HttpServletRequest req,
                                               javax.servlet.http.HttpServletResponse res)
                                                 throws WebTrustAssociationFailedException
        Deprecated. 

        This method is used to determine whethere trust association can be established between WebSphere and the third party server. In most situations, this involves authenticating the server. All the required information to be able to do this should be available in the HTTP request.

        If the third party server failed the validation, or is unable to provide the required information, a WebTrustAssociationFailedException must be thrown.

        However, if the interceptor finds that the request does not contains the expected authentication data, it can write the protocol specific challenge information in the response and return status code that is not equal to HttpServletResponse.SC_OK. The security runtime will stop processing the request and send a status code back to the initiator. If HttpServletResponse.SC_OK is returned, then the security runtime will proceed to get the authenticated user from getAuthenticatedUsernameEx and continue process the request.

        Parameters:
        req - HTTP request
        res - HTTP response
        Returns:
        HttpServletResponse.SC_OK indicates no negotiation is required, else negotiation is required
        Throws:
        WebTrustAssociationFailedException - Any failure is communicate through exception
      • getSubject

        javax.security.auth.Subject getSubject()
                                               throws WebTrustAssociationFailedException
        Deprecated. 

        getSubject method returns a JAAS Subject that represents the caller identity that was asserted by the trust association interceptor along with trusted third party security attributes.

        A null Subject may be returned if the trust association interceptor implementation does not support this feature.

        Returns:
        javax.security.auth.Subject
        Throws:
        WebTrustAssociationFailedException - Any failure is communicate through exception
IBM WebSphere Application ServerTM
Release 8.5