TrustAssociationInterceptor (IBM WebSphere Application Server [security])

com.ibm.websphere.security
Interface TrustAssociationInterceptor

public interface TrustAssociationInterceptor

The following three API's must be implemented when writing an interceptor for TrustAssociation between a third party server and WebSphere. When an interceptor has been configured with WebSphere, the high-level description of the processing engine executed by WebSphere is as follows: 1. Receive an HTTP Request. 2. Choose an interceptor for this request. For every interceptor configured, it checks if it is the appropriate interceptor by calling the method 'isTargetInterceptor' of that interceptor. 3. If the interceptor is a target interceptor, WebSphere validates its trust on the third party server represented by the interceptor by calling the method 'validateEstablishedTrust' of that interceptor. 4. If the trust has been validated successfully, WebSphere retrieves the username of the end-user that submitted the HTTP request by calling the method 'getAuthenticatedUsername' of that interceptor. 5. If a valid username has been retrieved, WebSphere creates the credentials for that user and proceeds with its normal processing.

Method Summary

java.lang.String getAuthenticatedUsername(javax.servlet.http.HttpServletRequest req)
          This method is used to retrieve the username of the end client (or the originator of the HTTP request).

boolean isTargetInterceptor(javax.servlet.http.HttpServletRequest req)
          Every interceptor should know which HTTP requests originate from the third party server that it is supposed to work with.

void validateEstablishedTrust(javax.servlet.http.HttpServletRequest req)
          This method is used to determine whethere trust association can be established between WebSphere and the third party server.

Method Detail

isTargetInterceptor
public boolean isTargetInterceptor(javax.servlet.http.HttpServletRequest req)
                            throws WebTrustAssociationException
Every interceptor should know which HTTP requests originate from the third party server that it is supposed to work with. Given an HTTP request, this method must be used to determine whether or not this interceptor is designed to process the request, in behalf of the trusted server it is designed to interoperate with. The determination algorithm depends on the specific implementation. But it should be able to unequivocally give either a positive or negative response. If for any reason the implementation encounters a situation where it is not able to give a definite response (such as, not enough information, indeterminate state, remote exception, etc), then the method should throw a WebTrustAssociationException. The caller is left to decide on what to do if an exception is received.

WebTrustAssociationException

validateEstablishedTrust
public void validateEstablishedTrust(javax.servlet.http.HttpServletRequest req)
                              throws WebTrustAssociationFailedException
This method is used to determine whethere trust association can be established between WebSphere and the third party server. In most situations, this involves authenticating the server. All the required information to be able to do this should be available in the HTTP request. If the third party server failed the validation, or is unable to provide the required information, a WebTrustAssociationFailedException must be thrown.

WebTrustAssociationFailedException

getAuthenticatedUsername
public java.lang.String getAuthenticatedUsername(javax.servlet.http.HttpServletRequest req)
                                          throws WebTrustAssociationUserException
This method is used to retrieve the username of the end client (or the originator of the HTTP request). This method should be called only after validateEstablishTrust has been called successfully. The method returns a string. A return value of null implies that an empty string was provided as a username. A WebTrustAssociationUserException should be thrown if the username has not been provided at all or the implementation determines that the username provided was invalid (based on some criteria, e.g., a list of valid usernames may have been decided earlier).

WebTrustAssociationUserException

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

Method Summary
java.lang.String	getAuthenticatedUsername(javax.servlet.http.HttpServletRequest req) This method is used to retrieve the username of the end client (or the originator of the HTTP request).
boolean	isTargetInterceptor(javax.servlet.http.HttpServletRequest req) Every interceptor should know which HTTP requests originate from the third party server that it is supposed to work with.
void	validateEstablishedTrust(javax.servlet.http.HttpServletRequest req) This method is used to determine whethere trust association can be established between WebSphere and the third party server.

com.ibm.websphere.security Interface TrustAssociationInterceptor

isTargetInterceptor

validateEstablishedTrust

getAuthenticatedUsername

com.ibm.websphere.security
Interface TrustAssociationInterceptor