CredentialVaultService (HCL Digital Experience Version 8.5.0.0 API Docs)

Overview

Package

Class

Tree

Serialized

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.portal.portlet.service.credentialvault
Interface CredentialVaultService

All Superinterfaces:: PortletService

public interface CredentialVaultService
extends PortletService
extends PortletService

Portlet Service for JSR compliant portlets to access the WebSphere Portal Credential Vault. The portlet service offers the following functionality:

Management of Credential Vault Slots. Credential Vault Segments can be retrieved, and Vault Slots can be created and deleted.
Management of Credential Secrets. The service allows to set or retrieve credentials from the credential vault.

Available Secret Types in the Credential Vault are definied as constants in this interface. Please note that not all types have to be available in the defined Vault Segments, depending on the utilized Vault Adapter implementation. Supported types per segment can be retrieved through VaultSegmentConfig#getSupportedSecretTypes().

Available Credential Types in the Credential Vault are defined externally in a credential type registry configuration file and can be retrieved through the method getCredentialTypes()that returns their respective type string. Default credential type strings are defined as constants in the interface CredentialTypes.

Since:: 5.1.0.1

Field Summary
`static java.lang.String`	`JNDI_NAME` JNDI name used to lookup this service
`static java.lang.String`	`PREDEFINED_SLOT_USER_JAAS_SUBJECT` This is the name of a predefined slot to store the transient JAAS credential.
`static int`	`SECRET_TYPE_BYTEARRAY` The secret is given in the form of a byte array
`static int`	`SECRET_TYPE_JAAS_SUBJECT` The secret is given in the form of a Jaas Subject
`static int`	`SECRET_TYPE_JAVA_OBJECT` The secret is a Java Object
`static int`	`SECRET_TYPE_NO_SECRET_DATA` Type for credential objects that do not contain a secret.
`static int`	`SECRET_TYPE_UNDEFINED` Used only for the super class CredentialSecret of the secret classes as Secret Type, do not use this for creating Slots
`static int`	`SECRET_TYPE_USERID_STRING_PASSWORD_STRING` The secret type is userid / password

Method Summary
`CredentialSlotConfig`	`createCredentialSlot(java.lang.String resourceName, ObjectID segmentId, java.util.Map descriptions, java.util.Map keywords, int secretType, boolean active, boolean portletPrivate, javax.portlet.PortletRequest portletRequest)` Creates a new credential slot in the given vault segment.
`void`	`deleteCredentialSlot(java.lang.String slotName)` Deletes an existing credential slot.
`java.util.Iterator`	`getAccessibleSlots(javax.portlet.PortletRequest request)` Returns an iterator of all credential Slots that a portlet is authorized to use
`java.util.List`	`getAllCredentialSegments()` Returns a List of all available Vault Segments.
`Credential`	`getCredential(java.lang.String slotId, java.lang.String type, java.util.Map config, javax.portlet.PortletRequest request)` Returns a specific credential from a specific slot.
`java.lang.String`	`getCredentialSlotDescription(java.lang.String slotId, java.util.Locale locale)` Returns a credential slot's description for the specified locale.
`java.util.Iterator`	`getCredentialTypes()` Returns an Iterator over all available credential types that are registered in the credential type registry.
`ObjectID`	`getDefaultUserCredentialSegmentId()` Returns the ObjectID of the default user managed vault segment.
`Credential`	`getLTPATokenCredential(java.lang.String slotId, java.util.Map config, javax.portlet.PortletRequest request)` Returns a LTPA Token credential.
`javax.security.auth.Subject`	`getUserSubject(javax.portlet.PortletRequest request)` Returns the user's JAAS Subject.
`void`	`setCredentialSecretBinary(java.lang.String slotId, byte[] secret, javax.portlet.PortletRequest portletRequest)` Sets a credential's binary secret on a given slot.
`void`	`setCredentialSecretUserPassword(java.lang.String slotId, java.lang.String userId, char[] password, javax.portlet.PortletRequest portletRequest)` Sets a credential's user/password secret on a given slot.

Field Detail

JNDI_NAME

static final java.lang.String JNDI_NAME

JNDI name used to lookup this service

Since:: 8.5
See Also:: Constant Field Values

SECRET_TYPE_UNDEFINED

static final int SECRET_TYPE_UNDEFINED

Used only for the super class CredentialSecret of the secret classes as Secret Type, do not use this for creating Slots

See Also:: Constant Field Values

SECRET_TYPE_USERID_STRING_PASSWORD_STRING

static final int SECRET_TYPE_USERID_STRING_PASSWORD_STRING

The secret type is userid / password

See Also:: Constant Field Values

SECRET_TYPE_BYTEARRAY

static final int SECRET_TYPE_BYTEARRAY

The secret is given in the form of a byte array

See Also:: Constant Field Values

SECRET_TYPE_JAVA_OBJECT

static final int SECRET_TYPE_JAVA_OBJECT

The secret is a Java Object

See Also:: Constant Field Values

SECRET_TYPE_NO_SECRET_DATA

static final int SECRET_TYPE_NO_SECRET_DATA

Type for credential objects that do not contain a secret. The credential only knows where to get the secret.

See Also:: Constant Field Values

SECRET_TYPE_JAAS_SUBJECT

static final int SECRET_TYPE_JAAS_SUBJECT

The secret is given in the form of a Jaas Subject

See Also:: Constant Field Values

PREDEFINED_SLOT_USER_JAAS_SUBJECT

static final java.lang.String PREDEFINED_SLOT_USER_JAAS_SUBJECT

This is the name of a predefined slot to store the transient JAAS credential.

Method Detail

getCredentialTypes

java.util.Iterator getCredentialTypes()

Returns an Iterator over all available credential types that are registered in the credential type registry. The result of this method can vary from the default types in the interface CredentialTypes dependent on the actual portal configuration.

Returns:: Iterator over String objects representing all credential types that are registered in the credential type registry

getCredentialSlotDescription

java.lang.String getCredentialSlotDescription(java.lang.String slotId,
                                              java.util.Locale locale)
                                              throws CredentialVaultException

Returns a credential slot's description for the specified locale.

Parameters:: slotId - The credential (slot) id.; locale - The description locale. If set to null, the default locale will be used.
Returns:: String The credential slot description for the specified locale.
Throws:: CredentialVaultException - if the description could not been retrieved.

getAccessibleSlots

java.util.Iterator getAccessibleSlots(javax.portlet.PortletRequest request)
                                      throws CredentialVaultException

Returns an iterator of all credential Slots that a portlet is authorized to use

Parameters:: request - The portlet request is needed by the CredentialVault service in order to determine information about the portlet.
Returns:: Iterator over CredentialSlotConfig objects representing all credential slots that a portlet is authorized to use
Throws:: CredentialVaultException - if the list of Slots could not been retrieved.

setCredentialSecretBinary

void setCredentialSecretBinary(java.lang.String slotId,
                               byte[] secret,
                               javax.portlet.PortletRequest portletRequest)
                               throws CredentialVaultException

Sets a credential's binary secret on a given slot.

Parameters:: slotId - The credential (slot) id.; secret - The credential secret data in binary form.; portletRequest - The portlet request is used to determine parameters like the portlet id and user id.
Throws:: CredentialVaultException - if the credential secret is not of the type binary or if the secret could not be set.

setCredentialSecretUserPassword

void setCredentialSecretUserPassword(java.lang.String slotId,
                                     java.lang.String userId,
                                     char[] password,
                                     javax.portlet.PortletRequest portletRequest)
                                     throws CredentialVaultException

Sets a credential's user/password secret on a given slot.

Parameters:: slotId - The credential (slot) id.; userId - The credential's userId.; password - The credential's password.; portletRequest - The portlet request is used to determine parameters like the portlet id and user id.
Throws:: CredentialVaultException - if the credential secret is not of the type user/password or if the secret could not be set.

createCredentialSlot

CredentialSlotConfig createCredentialSlot(java.lang.String resourceName,
                                          ObjectID segmentId,
                                          java.util.Map descriptions,
                                          java.util.Map keywords,
                                          int secretType,
                                          boolean active,
                                          boolean portletPrivate,
                                          javax.portlet.PortletRequest portletRequest)
                                          throws CredentialVaultException

Creates a new credential slot in the given vault segment. This method should be used by "ordinary" portlets, but not by "admin portlets", because this method only allows to create non system slots. The returned CredentialSlotConfig object holds the Slot ID of the newly generated slot. If one of the required parameters is null, an exception is thrown.

Parameters:: resourceName - Name of the resource. Must not be null.; segmentId - ObjectId of the segment that this slot is created in. Must not be null. Must be the ObjectID of a user mapped segment. As there is currently just one user mapped segment in the system, this parameter must contain the result of the method getDefaultUserCredentialSegmentId()!; descriptions - The slot descriptions as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters) Value: String (max length 255 characters) The given map can be empty.; keywords - The slot keywords as a Map, keyed by their corresponding Locale objects Key: Locale (max length 64 characters). Can be null. Value: String (max length 255 characters) The given map can be empty.; secretType - The secrtet type identifier. Must not be null.; active - Flag whether this credential may only be returned in form of an active credential object (true) or both as active and passive credential objects (false); portletPrivate - Flag whether the credential secret is portlet secific (true) or shared between all of a user's portlets (false).; portletRequest - The portlet request. Must not be null.
Returns:: CredentialSlot The credential slot configuration as CredentialSlotConfig object.
Throws:: CredentialVaultException

deleteCredentialSlot

void deleteCredentialSlot(java.lang.String slotName)
                          throws CredentialVaultException

Deletes an existing credential slot. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().

Parameters:: slotName - The credential (slot) id.
Throws:: CredentialVaultException - Is thrown if the credential slot could not be deleted or found.

getDefaultUserCredentialSegmentId

ObjectID getDefaultUserCredentialSegmentId()
                                           throws CredentialVaultException

Returns the ObjectID of the default user managed vault segment. Currently there is only one user managed segment, so this returns the ID of the user managed segment.

Returns:: ObjectID The ObjectID of the default user managed vault segment, or null, if no user managed vault segment is configured in the system.
Throws:: CredentialVaultException - Is thrown if the user segment could not be found.

getAllCredentialSegments

java.util.List getAllCredentialSegments()
                                        throws CredentialVaultException

Returns a List of all available Vault Segments.

Returns:: List of VaultSegmentConfig objects representing all vault segments.
Throws:: CredentialVaultException - Is thrown if the segments could not be retrieved.

getCredential

Credential getCredential(java.lang.String slotId,
                         java.lang.String type,
                         java.util.Map config,
                         javax.portlet.PortletRequest request)
                         throws CredentialVaultException

Returns a specific credential from a specific slot. The type of the credential has to map the type of the stored credential. The parameter is the Slot ID that can be retrieved through CredentialSlotConfig#getSlotId().

Parameters:: slotId - The credential (slot) id.; type - The credential type as specified in the credential type registry. Default credential type strings are defined as constants in the interface CredentialTypes.; config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service will usually add further information to this config from other sources: the user's secret from the actual credential store and the credential instance specific parameters from the portal's credential configuration. This parameter can be null.; request - The portlet request is used to determine information about the portlet.
Returns:: The retrieved credential object. The actual object will match the Credential Type.
Throws:: CredentialVaultException - if the credential could not been retrieved - either for technical or secuity reasons.; CredentialSecretNotSetException - if the requested credential secret is not set (by the user or admin).

getLTPATokenCredential

Credential getLTPATokenCredential(java.lang.String slotId,
                                  java.util.Map config,
                                  javax.portlet.PortletRequest request)
                                  throws CredentialVaultException

Returns a LTPA Token credential.

Parameters:: slotId - The credential (slot) id.; config - The backend application specific configuration that is needed to initialize this credential. This is one part of the credential configuration. The credential vault service adds further information to this config from other sources: the user's secret from the actual credential store, the credential instance specific parameters from the portal's credential configuration and the LTPA_TOKEN_TYPE configured in the VaultService.properties file.; request - The portlet request is used to determine information about the portlet.
Returns:: The retrieved credential object. The Credential Type is Ltpa.
Throws:: CredentialVaultException - if the credential could not be retrieved - either for technical or secuity reasons.

getUserSubject

javax.security.auth.Subject getUserSubject(javax.portlet.PortletRequest request)
                                           throws CredentialVaultException

Returns the user's JAAS Subject. The JAAS Subject is retrieved from the user object, so this method should only be called if a user is currently logged in. Otherwise a PortletServiceException is thrown. Note: The returned object is a transient credential.

Parameters:: request - The portlet request is used to determine the user.
Returns:: Subject The user's JAAS subject.
Throws:: CredentialVaultException - if the subject could not been retrieved, e.g. because there is no logged in user.