Tree PREV CLASS NEXT CLASS SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD com.ibm.wps.portletservice.credentialvault
Interface CredentialVaultServiceDeprecated. since 6.0. Support of the IBM portlet API may be removed in a future release of WebSphere Portal. Use of the Java Portlet API (javax.portlet) is recommended instead.
- All Superinterfaces:
- org.apache.jetspeed.portlet.service.PortletService
- extends org.apache.jetspeed.portlet.service.PortletService
Portlet Service for legacy portlets to access the WebSphere Portal Credential Vault. The portlet service offers the following functionality:
- Management of Credential Vault Slots. Credential Vault Segments can be retrieved, and Vault Slots can be created and deleted.
- Management of Credential Secrets. The service allows to set or retrieve credentials from the credential vault.
Available Secret Types in the Credential Vault are definied as constants in this interface. Please note that not all types have to be available in the defined Vault Segments, depending on the utilized Vault Adapter implementation. Supported types per segment can be retrieved through VaultSegmentConfig#getSupportedSecretTypes().
Available Credential Types in the Credential Vault are defined externally in a credential type registry configuration file and can be retrieved through the method getCredentialTypes()that returns their respective type string. Default credential type strings are defined as constants in the interface CredentialTypes.
- Since:
- 4.1
Field Summary static java.lang.String PREDEFINED_SLOT_USER_JAAS_SUBJECT
Deprecated. This is the name of a predefined slot to store the transient JAAS credential.static int SECRET_TYPE_BYTEARRAY
Deprecated. The user's secret is in binary form.static int SECRET_TYPE_JAAS_SUBJECT
Deprecated. The user's secret is a JAAS Subject.static int SECRET_TYPE_JAVA_OBJECT
Deprecated. The user's secret is a java object.static int SECRET_TYPE_NO_SECRET_DATA
Deprecated. Type for credential objects that do not contain a secret.static int SECRET_TYPE_UNDEFINED
Deprecated. Used only for the super class CredentialSecret of the secret classes as secret type.static int SECRET_TYPE_USERID_STRING_PASSWORD_STRING
Deprecated. The user's secret is a userid/password pair.
Method Summary CredentialSlotConfig createSlot(java.lang.String resourceName, ObjectID segmentId, java.util.Map descriptions, java.util.Map keywords, int secretType, boolean active, boolean portletPrivate, org.apache.jetspeed.portlet.PortletRequest portletRequest)
Deprecated. Creates a new credential slot in the given vault segment.void deleteSlot(java.lang.String slotName)
Deprecated. Deletes an existing credential slot.java.util.Iterator getAccessibleSlots(org.apache.jetspeed.portlet.PortletRequest request)
Deprecated. Return an iterator of all credential slots that a portlet is authorized to usejava.util.List getAllVaultSegments()
Deprecated. Return a List of all available Vault Segments.Credential getCredential(java.lang.String slotId, java.lang.String type, java.util.Map config, org.apache.jetspeed.portlet.PortletRequest request)
Deprecated. Return a specific credential from a specific slot.java.util.Iterator getCredentialTypes()
Deprecated. Return an Iterator over all available credential types that are registered in the credential type registry.ObjectID getDefaultUserVaultSegmentPortalId()
Deprecated. Return the ObjectID of the default user managed vault segment.Credential getLTPATokenCredential(java.lang.String slotId, java.util.Map config, org.apache.jetspeed.portlet.PortletRequest request)
Deprecated. Return a LTPA Token credential.java.lang.String getSlotDescription(java.lang.String slotId, java.util.Locale locale)
Deprecated. Return a credential slot's description for the specified locale.javax.security.auth.Subject getUserSubject(org.apache.jetspeed.portlet.PortletRequest request)
Deprecated. Return the user's JAAS Subject.void setCredentialSecretBinary(java.lang.String slotId, byte[] secret, org.apache.jetspeed.portlet.PortletRequest portletRequest)
Deprecated. Sets a credential's binary secret on a given slot.void setCredentialSecretUserPassword(java.lang.String slotId, java.lang.String userId, char[] password, org.apache.jetspeed.portlet.PortletRequest portletRequest)
Deprecated. Sets a credential's user/password secret on a given slot.
Field Detail SECRET_TYPE_UNDEFINED
static final int SECRET_TYPE_UNDEFINED
- Deprecated.
- Used only for the super class CredentialSecret of the secret classes as secret type. This type is not used for creating slots.
- See Also:
- Constant Field Values
SECRET_TYPE_USERID_STRING_PASSWORD_STRING
static final int SECRET_TYPE_USERID_STRING_PASSWORD_STRING
- Deprecated.
- The user's secret is a userid/password pair.
- See Also:
- Constant Field Values
SECRET_TYPE_BYTEARRAY
static final int SECRET_TYPE_BYTEARRAY
- Deprecated.
- The user's secret is in binary form.
- See Also:
- Constant Field Values
SECRET_TYPE_JAVA_OBJECT
static final int SECRET_TYPE_JAVA_OBJECT
- Deprecated.
- The user's secret is a java object.
- See Also:
- Constant Field Values
SECRET_TYPE_NO_SECRET_DATA
static final int SECRET_TYPE_NO_SECRET_DATA
- Deprecated.
- Type for credential objects that do not contain a secret. The credential only knows where to get the secret.
- See Also:
- Constant Field Values
SECRET_TYPE_JAAS_SUBJECT
static final int SECRET_TYPE_JAAS_SUBJECT
- Deprecated.
- The user's secret is a JAAS Subject.
- See Also:
- Constant Field Values
PREDEFINED_SLOT_USER_JAAS_SUBJECT
static final java.lang.String PREDEFINED_SLOT_USER_JAAS_SUBJECT
- Deprecated.
- This is the name of a predefined slot to store the transient JAAS credential.
Method Detail getCredentialTypes
java.util.Iterator getCredentialTypes()
- Deprecated.
- Returns an Iterator over all available credential types that are registered in the credential type registry. The result of this method can vary from the default types in the interface CredentialTypes dependent on the actual portal configuration.
- Returns:
- Iterator over String objects representing all credential types that are registered in the credential type registry
getSlotDescription
java.lang.String getSlotDescription(java.lang.String slotId, java.util.Locale locale) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Returns a credential slot's description for the specified locale.
- Parameters:
- slotId - The credential (slot) id.
- locale - The description locale. If set to null, the default locale will be used.
- Returns:
- The credential slot description for the specified locale.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the description could not been retrieved.
getAccessibleSlots
java.util.Iterator getAccessibleSlots(org.apache.jetspeed.portlet.PortletRequest request) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Returns an iterator of all credential slots that a portlet is authorized to use
- Parameters:
- request - The portlet request is needed by the CredentialVault service in order to determine information about the portlet.
- Returns:
- Iterator over CredentialSlotConfig objects representing all credential slots that a portlet is authorized to use
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the list of slots could not been retrieved.
setCredentialSecretBinary
void setCredentialSecretBinary(java.lang.String slotId, byte[] secret, org.apache.jetspeed.portlet.PortletRequest portletRequest) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Sets a credential's binary secret on a given slot.
- Parameters:
- slotId - The credential (slot) id.
- secret - The credential secret data in binary form.
- portletRequest - The portlet request is used to determine parameters like the portlet id and user id.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the credential secret is not of the type binary or if the secret could not be set.
setCredentialSecretUserPassword
void setCredentialSecretUserPassword(java.lang.String slotId, java.lang.String userId, char[] password, org.apache.jetspeed.portlet.PortletRequest portletRequest) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Sets a credential's user/password secret on a given slot.
- Parameters:
- slotId - The credential (slot) id.
- userId - The credential's userId.
- password - The credential's password.
- portletRequest - The portlet request is used to determine parameters like the portlet id and user id.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the credential secret is not of the type user/password or if the secret could not be set.
createSlot
CredentialSlotConfig createSlot(java.lang.String resourceName, ObjectID segmentId, java.util.Map descriptions, java.util.Map keywords, int secretType, boolean active, boolean portletPrivate, org.apache.jetspeed.portlet.PortletRequest portletRequest) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Creates a new credential slot in the given vault segment. This method should be used by "ordinary" portlets, but not by "admin portlets", because this method only allows to create non system slots. The returned CredentialSlotConfig object holds the Slot ID of the newly generated slot. If one of the required parameters is null, an exception is thrown.
- Parameters:
- resourceName - Name of the resource. Must not be null.
- segmentId - ObjectId of the segment that this slot is created in. Must not be null. Must be the ObjectID of a user mapped segment. As there is currently just one user mapped segment in the system, this parameter must contain the result of the method getDefaultUserVaultSegmentPortalId()!
- descriptions - The slot descriptions as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters) Value: String (max length 255 characters) The given map can be empty.
- keywords - The slot keywords as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters). Can be null. Value: String (max length 255 characters) The given map can be empty.
- secretType - The secrtet type identifier. Must not be null.
- active - Flag whether this credential may only be returned in form of an active credential object (true) or both as active and passive credential objects (false)
- portletPrivate - Flag whether the credential secret is portlet secific (true) or shared between all of a user's portlets (false).
- portletRequest - The portlet request. Must not be null.
- Returns:
- CredentialSlot The credential slot configuration as CredentialSlotConfig object.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException
deleteSlot
void deleteSlot(java.lang.String slotName) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Deletes an existing credential slot. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().
- Parameters:
- slotName - The credential (slot) id.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - Is thrown if the credential slot could not be deleted or found.
getDefaultUserVaultSegmentPortalId
ObjectID getDefaultUserVaultSegmentPortalId() throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Returns the ObjectID of the default user managed vault segment. Currently there is only one user-managed segment, so this returns the ID of the user managed segment.
- Returns:
- The ObjectID of the default user managed vault segment, or null, if no user managed vault segment is configured in the system.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - Is thrown if the user segment could not be found.
getAllVaultSegments
java.util.List getAllVaultSegments() throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Returns a List of all available Vault Segments.
- Returns:
- List of VaultSegmentConfig objects representing all vault segments.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - Is thrown if the segments could not be retrieved.
getCredential
Credential getCredential(java.lang.String slotId, java.lang.String type, java.util.Map config, org.apache.jetspeed.portlet.PortletRequest request) throws org.apache.jetspeed.portlet.service.PortletServiceException, CredentialSecretNotSetException
- Deprecated.
- Returns a specific credential from a specific slot. The type of the credential has to map the type of the stored credential. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().
- Parameters:
- slotId - The credential (slot) id.
- type - The credential type as specified in the credential type registry. Default credential type strings are defined as constants in the interface CredentialTypes.
- config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service will usually add further information to this config from other sources: the user's secret from the actual credential store and the credential instance specific parameters from the portal's credential configuration. This parameter can be null.
- request - The portlet request is used to determine information about the portlet.
- Returns:
- The retrieved credential object. The actual object will match the Credential Type.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the credential could not been retrieved - either for technical or secuity reasons.
- CredentialSecretNotSetException - if the requested credential secret is not set (by the user or admin).
getLTPATokenCredential
Credential getLTPATokenCredential(java.lang.String slotId, java.util.Map config, org.apache.jetspeed.portlet.PortletRequest request) throws org.apache.jetspeed.portlet.service.PortletServiceException, CredentialSecretNotSetException
- Deprecated.
- Returns a LTPA Token credential.
- Parameters:
- slotId - The credential (slot) id.
- config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service adds further information to this config from other sources: the user's secret from the actual credential store, the credential instance specific parameters from the portal's credential configuration and the LTPA_TOKEN_TYPE configured in the VaultService.properties file.
- request - The portlet request is used to determine information about the portlet.
- Returns:
- The retrieved credential object. The Credential Type is Ltpa.
- Throws:
- com.ibm.wps.services.credentialvault.exceptions.VaultServiceException - if the credential could not been retrieved - either for technical or secuity reasons.
- CredentialSecretNotSetException - if the requested credential secret is not set (by the user or admin).
- org.apache.jetspeed.portlet.service.PortletServiceException
getUserSubject
javax.security.auth.Subject getUserSubject(org.apache.jetspeed.portlet.PortletRequest request) throws org.apache.jetspeed.portlet.service.PortletServiceException
- Deprecated.
- Returns the user's JAAS Subject. The JAAS Subject is retrieved from the user object, so this method should only be called if a user is currently logged in. Otherwise a PortletServiceException is thrown. Note: The returned object is a transient credential.
- Parameters:
- request - The portlet request is used to determine the user.
- Returns:
- The user's JAAS Subject.
- Throws:
- org.apache.jetspeed.portlet.service.PortletServiceException - if the subject could not been retrieved, e.g. because there is no logged in user.
Tree PREV CLASS NEXT CLASS SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD