---

20.4.2 Active credential objects These objects hide the credential's secret from the portlet; there is no way of extracting it out of the credential. In return, active credential objects offer business methods that take care of all the authentication. All passive credential objects must implement the ActiveCredential interface. The following sections present the active credential objects that are shipped with WebSphere Portal. Note: When using active credentials, portlets never get in touch with the credential secrets and thus there is no risk a portlet could violate any security rules such as, for example, storing the secret on the portlet session. While there might not always be an appropriate active credential class available, this is the preferred type of credential objects to use.

---

ibm.com/redbooks