com.ibm.wps.portletservice.credentialvault
Interface CredentialVaultService

All Superinterfaces:

PortletService

Deprecated. since 6.0. Support of the IBM portlet API may be removed in a future release of WebSphere Portal. Use of the Java Portlet API (javax.portlet) is recommended instead.

public interface CredentialVaultService
extends PortletService

Portlet Service for legacy portlets to access the WebSphere Portal Credential Vault. The portlet service offers the following functionality:

• Management of Credential Vault Slots. Credential Vault Segments can be retrieved, and Vault Slots can be created and deleted.
• Management of Credential Secrets. The service allows to set or retrieve credentials from the credential vault.

Available Secret Types in the Credential Vault are definied as constants in this interface. Please note that not all types have to be available in the defined Vault Segments, depending on the utilized Vault Adapter implementation. Supported types per segment can be retrieved through VaultSegmentConfig#getSupportedSecretTypes().

Available Credential Types in the Credential Vault are defined externally in a credential type registry configuration file and can be retrieved through the method getCredentialTypes()that returns their respective type string. Default credential type strings are defined as constants in the interface CredentialTypes.

Since:

4.1

Field Summary

static java.lang.String	PREDEFINED_SLOT_USER_JAAS_SUBJECT Deprecated. This is the name of a predefined slot to store the transient JAAS credential.
static int	SECRET_TYPE_BYTEARRAY Deprecated. The user's secret is in binary form.
static int	SECRET_TYPE_JAAS_SUBJECT Deprecated. The user's secret is a JAAS Subject.
static int	SECRET_TYPE_JAVA_OBJECT Deprecated. The user's secret is a java object.
static int	SECRET_TYPE_NO_SECRET_DATA Deprecated. Type for credential objects that do not contain a secret.
static int	SECRET_TYPE_UNDEFINED Deprecated. Used only for the super class CredentialSecret of the secret classes as secret type.
static int	SECRET_TYPE_USERID_STRING_PASSWORD_STRING Deprecated. The user's secret is a userid/password pair.

Method Summary

CredentialSlotConfig	ObjectID, java.util.Map, java.util.Map, int, boolean, boolean, org.apache.jetspeed.portlet.PortletRequest)">createSlot(java.lang.String resourceName, ObjectID segmentId, java.util.Map descriptions, java.util.Map keywords, int secretType, boolean active, boolean portletPrivate, PortletRequest portletRequest) Deprecated. Use method #createSlot(String, com.ibm.portal.ObjectID, Map, Map, int, boolean, boolean, PortletRequest) taking a com.ibm.portal.ObjectID for the segmentId as parameter.
void	deleteSlot(java.lang.String slotName) Deprecated. Deletes an existing credential slot.
java.util.Iterator	getAccessibleSlots(PortletRequest request) Deprecated. Returns an iterator of all credential slots that a portlet is authorized to use
java.util.List	getAllVaultSegments() Deprecated. Returns a List of all available Vault Segments.
Credential	getCredential(java.lang.String slotId, java.lang.String type, java.util.Map config, PortletRequest request) Deprecated. Returns a specific credential from a specific slot.
java.util.Iterator	getCredentialTypes() Deprecated. Returns an Iterator over all available credential types that are registered in the credential type registry.
ObjectID	getDefaultUserVaultSegmentId() Deprecated. use getDefaultUserVaultSegmentPortalId() instead.
ObjectID	getDefaultUserVaultSegmentPortalId() Deprecated. Returns the ObjectID of the default user managed vault segment.
Credential	getLTPATokenCredential(java.lang.String slotId, java.util.Map config, PortletRequest request) Deprecated. Returns a LTPA Token credential.
java.lang.String	getSlotDescription(java.lang.String slotId, java.util.Locale locale) Deprecated. Returns a credential slot's description for the specified locale.
javax.security.auth.Subject	getUserSubject(PortletRequest request) Deprecated. Returns the user's JAAS Subject.
void	setCredentialSecretBinary(java.lang.String slotId, byte[] secret, PortletRequest portletRequest) Deprecated. Sets a credential's binary secret on a given slot.
void	setCredentialSecretUserPassword(java.lang.String slotId, java.lang.String userId, char[] password, PortletRequest portletRequest) Deprecated. Sets a credential's user/password secret on a given slot.

Field Detail

SECRET_TYPE_UNDEFINED

static final int SECRET_TYPE_UNDEFINED

Deprecated.

Used only for the super class CredentialSecret of the secret classes as secret type. This type is not used for creating slots.

SECRET_TYPE_USERID_STRING_PASSWORD_STRING

static final int SECRET_TYPE_USERID_STRING_PASSWORD_STRING

Deprecated.

The user's secret is a userid/password pair.

SECRET_TYPE_BYTEARRAY

static final int SECRET_TYPE_BYTEARRAY

Deprecated.

The user's secret is in binary form.

SECRET_TYPE_JAVA_OBJECT

static final int SECRET_TYPE_JAVA_OBJECT

Deprecated.

The user's secret is a java object.

SECRET_TYPE_NO_SECRET_DATA

static final int SECRET_TYPE_NO_SECRET_DATA

Deprecated.

Type for credential objects that do not contain a secret. The credential only knows where to get the secret.

SECRET_TYPE_JAAS_SUBJECT

static final int SECRET_TYPE_JAAS_SUBJECT

Deprecated.

The user's secret is a JAAS Subject.

PREDEFINED_SLOT_USER_JAAS_SUBJECT

static final java.lang.String PREDEFINED_SLOT_USER_JAAS_SUBJECT

Deprecated.

This is the name of a predefined slot to store the transient JAAS credential.

Method Detail

getCredentialTypes

java.util.Iterator getCredentialTypes()

Deprecated.

Returns an Iterator over all available credential types that are registered in the credential type registry. The result of this method can vary from the default types in the interface CredentialTypes dependent on the actual portal configuration.

Returns:

Iterator over String objects representing all credential types that are registered in the credential type registry

getSlotDescription

java.lang.String getSlotDescription(java.lang.String slotId,
                                    java.util.Locale locale)
                                    throws PortletServiceException

Deprecated.

Returns a credential slot's description for the specified locale.

Parameters:

slotId - The credential (slot) id.

locale - The description locale. If set to null, the default locale will be used.

Returns:

The credential slot description for the specified locale.

Throws:

PortletServiceException - if the description could not been retrieved.

getAccessibleSlots

java.util.Iterator getAccessibleSlots(PortletRequest request)
                                      throws PortletServiceException

Deprecated.

Returns an iterator of all credential slots that a portlet is authorized to use

Parameters:

request - The portlet request is needed by the CredentialVault service in order to determine information about the portlet.

Returns:

Iterator over CredentialSlotConfig objects representing all credential slots that a portlet is authorized to use

Throws:

PortletServiceException - if the list of slots could not been retrieved.

setCredentialSecretBinary

void setCredentialSecretBinary(java.lang.String slotId,
                               byte[] secret,
                               PortletRequest portletRequest)
                               throws PortletServiceException

Deprecated.

Sets a credential's binary secret on a given slot.

Parameters:

slotId - The credential (slot) id.

secret - The credential secret data in binary form.

portletRequest - The portlet request is used to determine parameters like the portlet id and user id.

Throws:

PortletServiceException - if the credential secret is not of the type binary or if the secret could not be set.

setCredentialSecretUserPassword

void setCredentialSecretUserPassword(java.lang.String slotId,
                                     java.lang.String userId,
                                     char[] password,
                                     PortletRequest portletRequest)
                                     throws PortletServiceException

Deprecated.

Sets a credential's user/password secret on a given slot.

Parameters:

slotId - The credential (slot) id.

userId - The credential's userId.

password - The credential's password.

portletRequest - The portlet request is used to determine parameters like the portlet id and user id.

Throws:

PortletServiceException - if the credential secret is not of the type user/password or if the secret could not be set.

ObjectID, java.util.Map, java.util.Map, int, boolean, boolean, org.apache.jetspeed.portlet.PortletRequest)">

createSlot

CredentialSlotConfig createSlot(java.lang.String resourceName,
                                ObjectID segmentId,
                                java.util.Map descriptions,
                                java.util.Map keywords,
                                int secretType,
                                boolean active,
                                boolean portletPrivate,
                                PortletRequest portletRequest)
                                throws PortletServiceException

Deprecated. Use method #createSlot(String, com.ibm.portal.ObjectID, Map, Map, int, boolean, boolean, PortletRequest) taking a com.ibm.portal.ObjectID for the segmentId as parameter.

Creates a new credential slot in the given vault segment. This method should be used by "ordinary" portlets, but not by "admin portlets", because this method only allows to create non system slots. The returned CredentialSlotConfig object holds the Slot ID of the newly generated slot. If one of the required parameters is null, an exception is thrown.

Parameters:

resourceName - Name of the resource. Must not be null.

segmentId - ObjectId of the segment that this slot is created in. Must not be null. Must be the ObjectID of a user mapped segment. As there is currently just one user mapped segment in the system, this parameter must contain the result of the method getDefaultUserVaultSegmentId()!

descriptions - The slot descriptions as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters) Value: String (max length 255 characters) The given map can be empty.

keywords - The slot keywords as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters). Can be null. Value: String (max length 255 characters) The given map can be empty.

secretType - The secrtet type identifier. Must not be null.

active - Flag whether this credential may only be returned in form of an active credential object (true) or both as active and passive credential objects (false)

portletPrivate - Flag whether the credential secret is portlet secific (true) or shared between all of a user's portlets (false).

portletRequest - The portlet request. Must not be null.

Returns:

CredentialSlot The credential slot configuration as CredentialSlotConfig object.

Throws:

PortletServiceException

deleteSlot

void deleteSlot(java.lang.String slotName)
                throws PortletServiceException

Deprecated.

Deletes an existing credential slot. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().

Parameters:

slotName - The credential (slot) id.

Throws:

PortletServiceException - Is thrown if the credential slot could not be deleted or found.

getDefaultUserVaultSegmentId

ObjectID getDefaultUserVaultSegmentId()
                                      throws PortletServiceException

Deprecated. use getDefaultUserVaultSegmentPortalId() instead.

Returns the ObjectID of the default user managed vault segment. Currently there is only one user-managed segment, so this returns the ID of the user managed segment.

Returns:

The ObjectID of the default user managed vault segment, or null, if no user managed vault segment is configured in the system.

Throws:

PortletServiceException - Is thrown if the user segment could not be found.

getDefaultUserVaultSegmentPortalId

ObjectID getDefaultUserVaultSegmentPortalId()
                                            throws PortletServiceException

Deprecated.

Returns the ObjectID of the default user managed vault segment. Currently there is only one user-managed segment, so this returns the ID of the user managed segment.

Returns:

The ObjectID of the default user managed vault segment, or null, if no user managed vault segment is configured in the system.

Throws:

PortletServiceException - Is thrown if the user segment could not be found.

getAllVaultSegments

java.util.List getAllVaultSegments()
                                   throws PortletServiceException

Deprecated.

Returns a List of all available Vault Segments.

Returns:

List of VaultSegmentConfig objects representing all vault segments.

Throws:

PortletServiceException - Is thrown if the segments could not be retrieved.

getCredential

Credential getCredential(java.lang.String slotId,
                         java.lang.String type,
                         java.util.Map config,
                         PortletRequest request)
                         throws PortletServiceException,
                                CredentialSecretNotSetException

Deprecated.

Returns a specific credential from a specific slot. The type of the credential has to map the type of the stored credential. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().

Parameters:

slotId - The credential (slot) id.

type - The credential type as specified in the credential type registry. Default credential type strings are defined as constants in the interface CredentialTypes.

config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service will usually add further information to this config from other sources: the user's secret from the actual credential store and the credential instance specific parameters from the portal's credential configuration. This parameter can be null.

request - The portlet request is used to determine information about the portlet.

Returns:

The retrieved credential object. The actual object will match the Credential Type.

Throws:

PortletServiceException - if the credential could not been retrieved - either for technical or secuity reasons.

CredentialSecretNotSetException - if the requested credential secret is not set (by the user or admin).

getLTPATokenCredential

Credential getLTPATokenCredential(java.lang.String slotId,
                                  java.util.Map config,
                                  PortletRequest request)
                                  throws PortletServiceException,
                                         CredentialSecretNotSetException

Deprecated.

Returns a LTPA Token credential.

Parameters:

slotId - The credential (slot) id.

config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service adds further information to this config from other sources: the user's secret from the actual credential store, the credential instance specific parameters from the portal's credential configuration and the LTPA_TOKEN_TYPE configured in the VaultService.properties file.

request - The portlet request is used to determine information about the portlet.

Returns:

The retrieved credential object. The Credential Type is Ltpa.

Throws:

VaultServiceException - if the credential could not been retrieved - either for technical or secuity reasons.

CredentialSecretNotSetException - if the requested credential secret is not set (by the user or admin).

PortletServiceException

getUserSubject

javax.security.auth.Subject getUserSubject(PortletRequest request)
                                           throws PortletServiceException

Deprecated.

Returns the user's JAAS Subject. The JAAS Subject is retrieved from the user object, so this method should only be called if a user is currently logged in. Otherwise a PortletServiceException is thrown. Note: The returned object is a transient credential.

Parameters:

request - The portlet request is used to determine the user.

Returns:

The user's JAAS Subject.

Throws:

PortletServiceException - if the subject could not been retrieved, e.g. because there is no logged in user.