Tree PREV CLASS NEXT CLASS SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD com.ibm.portal.portlet.service.credentialvault.credentials
Interface LtpaTokenCredential
- All Superinterfaces:
- ActiveCredential, Credential, JaasSubjectCredential
Deprecated. Since 8.5.
- All Known Implementing Classes:
- LtpaTokenCredential
public interface LtpaTokenCredential- extends JaasSubjectCredential
Credential for authenticating at a back-end system that is within the same WebSphere SSO-Domain as the portal. This Credential can be used to establish an authenticated outbound URL connection by associating the users existing Ltpa cookie to that connection.
The Ltpa token credential can be retrieved via the vault service through
CredentialVaultService.getLTPATokenCredential(String slotId, Map config, javax.portlet.PortletRequest request) where slotId = com.ibm.portal.portlet.service.credentialvault.CredentialVaultService.PREDEFINED_SLOT_USER_JAAS_SUBJECT;Alternative the Ltpa token credential can be created by:After retrieving the Ltpa token credential establish the connection:
- CredentialFactory.createCredential(CredentialTypes.LTPA_TOKEN);
See CredentialFactory
- Initialize the credential via the init(Map config) method
Warning 1: Do not send the Ltpa cookie to servers outside the SSO domain! If those servers are hostile, they can use the Ltpa token data to impersonate the user represented by the Ltpa token and compromise the system.
- Pass the URL to the method getAuthenticatedConnection() in order to get an URLConnection with the current Ltpa token(s) associated
- If necessary, set additional HTTP headers on the resulting URLConnection
- Send the request to a trusted server
Warning 2: This code does not respect the Secure attribute (as defiend by RFC 2109) of the Ltpa cookie(s). Therefore, the code that uses the Ltpa token credential is responsible for deciding whether it is okay to send the token over unencrypted HTTP connections.
Preconditions:
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme. The API can not be invoked directly by a custom servlet.
See init(Map config)
- Since:
- 5.1.0.1
Field Summary static java.lang.String HTTP_SERVLET_REQUEST
Deprecated. The incomming HTTP request.static java.lang.String LTPA_TOKEN_TYPE
Deprecated. The name of the parameter in the VaultService.properties file to get the Ltpa Token configuration.static java.lang.String LTPA_TOKEN_TYPE_VALUE_BOTH
Deprecated. Constant indicating that both the old style Ltpa token and the Ltpa2 token are available.static java.lang.String LTPA_TOKEN_TYPE_VALUE_DEFAULT
Deprecated. Constant indicating that default configuration is used, which means that exaclty those Ltpa tokens available on the incomming request are forwarded.static java.lang.String LTPA_TOKEN_TYPE_VALUE_LTPA_ONLY
Deprecated. Constant indicating that only the old style Ltpa token is configured.static java.lang.String LTPA_TOKEN_TYPE_VALUE_LTPA2_ONLY
Deprecated. Constant indicating that only the Ltpa2 token is configured.
Fields inherited from interface com.ibm.portal.portlet.service.credentialvault.credentials.Credential KEY_CREDENTIAL_SECRET
Method Summary java.net.HttpURLConnection getAuthenticatedConnection(java.lang.String url)
Deprecated. Return a new HttpURLConnection with added authentication data.java.net.HttpURLConnection getAuthenticatedConnection(java.net.URL url)
Deprecated. Return a new Http Url connection with added authentication data.void init(java.util.Map<java.lang.String,java.lang.Object> config)
Deprecated. Initializes a new LtpaToken credential.
Methods inherited from interface com.ibm.portal.portlet.service.credentialvault.credentials.JaasSubjectCredential getSecretType
Methods inherited from interface com.ibm.portal.portlet.service.credentialvault.credentials.ActiveCredential isActive
Field Detail LTPA_TOKEN_TYPE
static final java.lang.String LTPA_TOKEN_TYPE
- Deprecated.
- The name of the parameter in the VaultService.properties file to get the Ltpa Token configuration.
- Since:
- 6.0.1
- See Also:
- Constant Field Values
LTPA_TOKEN_TYPE_VALUE_LTPA_ONLY
static final java.lang.String LTPA_TOKEN_TYPE_VALUE_LTPA_ONLY
- Deprecated.
- Constant indicating that only the old style Ltpa token is configured.
- Since:
- 6.0.1
- See Also:
- Constant Field Values
LTPA_TOKEN_TYPE_VALUE_LTPA2_ONLY
static final java.lang.String LTPA_TOKEN_TYPE_VALUE_LTPA2_ONLY
- Deprecated.
- Constant indicating that only the Ltpa2 token is configured.
- Since:
- 6.0.1
- See Also:
- Constant Field Values
LTPA_TOKEN_TYPE_VALUE_DEFAULT
static final java.lang.String LTPA_TOKEN_TYPE_VALUE_DEFAULT
- Deprecated.
- Constant indicating that default configuration is used, which means that exaclty those Ltpa tokens available on the incomming request are forwarded.
- Since:
- 6.0.1
- See Also:
- Constant Field Values
LTPA_TOKEN_TYPE_VALUE_BOTH
static final java.lang.String LTPA_TOKEN_TYPE_VALUE_BOTH
- Deprecated.
- Constant indicating that both the old style Ltpa token and the Ltpa2 token are available.
- Since:
- 6.0.1
- See Also:
- Constant Field Values
HTTP_SERVLET_REQUEST
static final java.lang.String HTTP_SERVLET_REQUEST
- Deprecated.
- The incomming HTTP request.
- See Also:
- Constant Field Values
Method Detail init
void init(java.util.Map<java.lang.String,java.lang.Object> config) throws CredentialVaultException
- Deprecated.
- Initializes a new LtpaToken credential. If you pass in a null pointer to the initialization of this credential for the JaasSubjectCredentialSecret, this credential will get the current token(s) from the current WAS Security context.
- Specified by:
- init in interface Credential
- Specified by:
- init in interface JaasSubjectCredential
- Parameters:
- config - The configuration needed to initialize this credential:
- Key: KEY_CREDENTIAL_SECRET, value: JaasSubjectCredentialSecret.
The credential's secret.
This paramter is optional.If null the current users caller subject will be used.
The JaasSubjectCredentialSecret can be obtained from the CredentialSecretFactory
See Also: CredentialSecretFactory- Key: LTPA_TOKEN_TYPE, value: String.
You should use the LTPA_TOKEN_TYPE_VALUE_DEFAULT here, which means forward exaclty those Ltpa tokens available on the incomming request. It is also possible to propagate only the Ltpa or only the Ltpa2 token or both tokens. The corresponding values are represented by the constants: LTPA_TOKEN_TYPE_VALUE_LTPA_ONLY, LTPA_TOKEN_TYPE_VALUE_LTPA2_ONLY, and LTPA_TOKEN_TYPE_VALUE_BOTH (mandatory)- Key: HTTP_SERVLET_REQUEST, value: HttpServletRequest
The incomming HTTP request (mandatory)- Throws:
- CredentialVaultException - If any mandatory parameter is missing or has a wrong object type as value.
- Since:
- 6.0.1 The key LTPA_TOKEN_TYPE is available.
getAuthenticatedConnection
java.net.HttpURLConnection getAuthenticatedConnection(java.net.URL url) throws java.io.IOException
- Deprecated.
- Returns a new Http Url connection with added authentication data.
- Specified by:
- getAuthenticatedConnection in interface JaasSubjectCredential
- Parameters:
- url - The target URL for the connection. Note that it need not be opened yet.
- Returns:
- HttpURLConnection A new authenticated (and yet uncommitted) connection
- Throws:
- java.io.IOException - thrown if anything unexpected happened
getAuthenticatedConnection
java.net.HttpURLConnection getAuthenticatedConnection(java.lang.String url) throws java.io.IOException
- Deprecated.
- Returns a new HttpURLConnection with added authentication data.
- Specified by:
- getAuthenticatedConnection in interface JaasSubjectCredential
- Parameters:
- url - The target URL for the connection
- Returns:
- HttpURLConnection A new authenticated (and yet uncommitted) connection.
- Throws:
- java.io.IOException - thrown if anything unexpected happened.
Tree PREV CLASS NEXT CLASS SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD