IBM BPM, V8.0.1, All platforms > Authoring services in Integration Designer > Services and service-related functions > Create a service for Cognos reports in Integration Designer > Work with Cognos reports
JAX-WS single sign-on security handler
A JAX-WS security handler is required when using the Java API for XML Web Services (JAX-WS) with single sign-on security. Single sign-on security is only available if Cognos is running on WebSphere Application Server.
- Creating a JAX-WS single sign-on handler
- Configuring single sign-on security with Lightweight Third-Party Authentication (LTPA)
Create a JAX-WS single sign-on handler
Use the following Java code to create a JAX-WS handler for single sign-on security, which includes handling the Lightweight Third-Party Authentication (LTPA) token.
The final method, cleanHeader, also should be added to the end of your business process (see Retrieving a Cognos report to see how it is invoked).
To specify this handler in your application, see Setting a JAX-WS handler.
package com.ibm.wbit.cognos;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPHandler;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import java.util.Iterator;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import com.ibm.wsspi.security.token.SingleSignonToken;
import javax.security.auth.Subject;
import com.ibm.websphere.security.auth.WSSubject;
public class CognosSOAPHandler implements SOAPHandler<SOAPMessageContext> {
private static ThreadLocal<SOAPHeader> soapHeader = new ThreadLocal<SOAPHeader>();
@Override
public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
@Override
public void close(MessageContext context) {
// TODO Auto-generated method stub
}
@Override
public boolean handleFault(SOAPMessageContext context) {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean handleMessage(SOAPMessageContext context) {
Boolean outboundProperty = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
try {
// Get the LTPA token
String tokenData = "";
final Subject subject = WSSubject.getRunAsSubject();
Iterator ssoTokensFromSubject = null;
ArrayList ssoArrayList = new ArrayList();
// Get the default sso token
if (subject != null) {
Set privateCredentials = null;
Set publicCredentials = null;
Set newSet = new HashSet();
privateCredentials = (Set) AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return subject.getPrivateCredentials(SingleSignonToken.class);
} });
if (privateCredentials != null && privateCredentials.size() > 0) {
newSet.addAll(privateCredentials);
}
publicCredentials = subject.getPublicCredentials(SingleSignonToken.class);
if (publicCredentials != null && publicCredentials.size() > 0) {
newSet.addAll(publicCredentials);
}
ssoTokensFromSubject = newSet.iterator();
}
if (ssoTokensFromSubject != null) {
while (ssoTokensFromSubject.hasNext()) {
SingleSignonToken ssoToken = (SingleSignonToken) ssoTokensFromSubject.next();
if (ssoToken != null) {
byte[] ssoTokenBytes = ssoToken.getBytes();
tokenData = Base64.encode(ssoTokenBytes);
break;
} } }
// Set the Cookie
Map<String, List<String>> headers = (Map<String, List<String>>)context.get(MessageContext.HTTP_REQUEST_HEADERS);
if(headers == null){
headers = new HashMap<String, List<String>>();
context.put(MessageContext.HTTP_REQUEST_HEADERS, headers);
}
List<String> cookie = headers.get("Cookie");
if(cookie == null){
cookie = new ArrayList<String>();
headers.put("Cookie", cookie);
} cookie.add("LtpaToken2=" + tokenData);
// Set the soap header
SOAPMessage message = context.getMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
if (soapEnvelope.getHeader() == null) {
soapEnvelope.addHeader();
}
// Set the soap header got from the response SOAPHeader latestSOAPHeader = soapHeader.get();
if (latestSOAPHeader != null) {
Iterator iterator = latestSOAPHeader.getChildElements();
while(iterator.hasNext()) {
SOAPHeaderElement soapHeaderElement = (SOAPHeaderElement)iterator.next();
soapEnvelope.getHeader().addChildElement(soapHeaderElement);
} }
} catch (Exception e) {
e.printStackTrace();
} } else {
try {
SOAPMessage message = context.getMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope soapEnvelope = soapPart.getEnvelope();
soapHeader.set(soapEnvelope.getHeader());
// clear the default soap header.
soapEnvelope.getHeader().detachNode();
} catch (Exception e) {
e.printStackTrace();
} }
return true;
}
public static void cleanHeader() {
soapHeader.set(null);
} }
Configure single sign-on security with Lightweight Third-Party Authentication (LTPA)
A single sign-on configuration is a way of letting users access one or more
systems by logging on once. This configuration involves passing a Lightweight Third-Party Authentication (LTPA) token. Single sign-on
security is only available if Cognos is running on WebSphere Application Server. This article on 
enabling single sign-on discusses the configuration setup required.