WAS v8.5 > Secure applications and their environment > Secure the Liberty profile and its applications > Developing extensions to the Liberty profile security infrastructure
Developing a custom TAI for the Liberty profile
We can develop a custom trust association interceptor (TAI) class by implementing the com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface provided in the Liberty profile server.
The trust association interface is a service provider API that enables the integration of third party security services with a Liberty profile server. When processing the web request, the Liberty profile server calls out and passes the HttpServletRequest and HttpServletResponse to the trust association interceptors. The HttpServletRequest calls the isTargetInterceptor method of the interceptor to see whether the interceptor can process the request. After an appropriate trust association interceptor is selected, the HttpServletRequest is processed by the negotiateValidateandEstablishTrust method of the interceptor, and the result is returned in a TAIResult object. We can add our own logic code to each method of the custom TAI class.
See also the Java™ API document for the TAI interface. The Java API document for each Liberty profile API is detailed in the Programming Interfaces (APIs) section of the information center, and is also available as a JAR file under the /dev/ibm-api/javadoc directory of the server image.
Avoid trouble: If we use the developer tools to configure the TAI, refer to the sample TAI configuration taiConfig.xml file in the ${wlp.install.dir}/templates/config directory, and make sure the configuration in your server.xml file is similar to the one in the sample file. See Configuring TAI on the Liberty profile using WebSphere Studio.
Example
Here is a sample TAI class called SimpleTAI, which also lists all available methods from the TrustAssociationInterceptor interface.
package com.ibm.websphere.security.sample; import java.util.Properties; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.ibm.websphere.security.WebTrustAssociationException; import com.ibm.websphere.security.WebTrustAssociationFailedException; import com.ibm.wsspi.security.tai.TAIResult; import com.ibm.wsspi.security.tai.TrustAssociationInterceptor; public class SimpleTAI implements TrustAssociationInterceptor { public SimpleTAI() { super(); } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#isTargetInterceptor * (javax.servlet.http.HttpServletRequest) */ public boolean isTargetInterceptor(HttpServletRequest req) throws WebTrustAssociationException { //Add logic to determine whether to intercept this request return true; } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#negotiateValidateandEstablishTrust * (javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) */ public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req, HttpServletResponse resp) throws WebTrustAssociationFailedException { // Add logic to authenticate a request and return a TAI result. String tai_user = "taiUser"; return TAIResult.create(HttpServletResponse.SC_OK, tai_user); } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#initialize(java.util.Properties) */ public int initialize(Properties arg0) throws WebTrustAssociationFailedException { return 0; } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#getVersion() */ public String getVersion() { return "1.0"; } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#getType() */ public String getType() { return this.getClass().getName(); } /* * @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#cleanup() */ public void cleanup() {}}
What to do next
Put the custom TAI class in a jar file, for example simpleTAI.jar, then make the jar file available to the Liberty profile server. See Configuring TAI for the Liberty profile.
Parent topic: Developing extensions to the Liberty profile security infrastructure
Related
Configuring TAI for the Liberty profile
|