public final class AuthenticationCallbackHandler extends AbstractPortletCallbackHandler
Regardless of which authentication method the portlet chooses to use, the client library and WebSphere Commerce services should not be aware of such when interacting with the portlet in the Portal environment. In order to achieve this goal, a Callback Handler concept is used to generate the proper credential token for use in calling into the client library. Its handle() method will handle all the required operations.
This callback handler supports the following three authentication types:
Depending on the authentication type being set, the callback handler will behave differently.
When the authentication type is LTPA:
This callback handler will retrieve the LTPA directly from the thread using the WAS API every time this callback handler is being called, and the LTPA will not be stored locally in the PortletSession. The Callback[] array will be populated with the LTPATokenCallback object.
When the authentication type is Basic Authentication or Simulated Single Sign On:
This callback handler tries to retrieve the Identity token from the portlet session if possible. If there isn't one found and if the user is authenticated, then the handler will call out to the Business Context Service web service on the WebSphere Commerce side to perform the (single sign on) authentication on behalf of the Portal user. Once authenticated successfully, an Identity token is obtained and it will be stored into the PortletSession for future usage. The Callback[] array will be populated with the following callback objects in the given order:
Note that an anonymous user can be one of the following two corresponding WebSphere Commerce user:
Constructor and Description |
---|
AuthenticationCallbackHandler() |
Modifier and Type | Method and Description |
---|---|
void | handle(javax.security.auth.callback.Callback[] callbacks)
This is the callback method of this handler.
|
public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException