|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface CredentialVaultService
Portlet Service for JSR compliant portlets to access the WebSphere Portal Credential Vault. The portlet service offers the following functionality:
Available Secret Types in the Credential Vault are definied as
constants in this interface. Please note that not all types have to be
available in the defined Vault Segments, depending on the utilized Vault
Adapter implementation. Supported types per segment can be retrieved through
VaultSegmentConfig#getSupportedSecretTypes()
.
Available Credential Types in the Credential Vault are defined
externally in a credential type registry configuration file and can be
retrieved through the method
getCredentialTypes()
that returns their
respective type string. Default credential type strings are defined as
constants in the interface CredentialTypes
.
Field Summary | |
---|---|
static java.lang.String |
JNDI_NAME
JNDI name used to lookup this service |
static java.lang.String |
PREDEFINED_SLOT_USER_JAAS_SUBJECT
This is the name of a predefined slot to store the transient JAAS credential. |
static int |
SECRET_TYPE_BYTEARRAY
The secret is given in the form of a byte array |
static int |
SECRET_TYPE_JAAS_SUBJECT
The secret is given in the form of a Jaas Subject |
static int |
SECRET_TYPE_JAVA_OBJECT
The secret is a Java Object |
static int |
SECRET_TYPE_NO_SECRET_DATA
Type for credential objects that do not contain a secret. |
static int |
SECRET_TYPE_UNDEFINED
Used only for the super class CredentialSecret of the secret classes as Secret Type, do not use this for creating Slots |
static int |
SECRET_TYPE_USERID_STRING_PASSWORD_STRING
The secret type is userid / password |
Method Summary | |
---|---|
CredentialSlotConfig |
createCredentialSlot(java.lang.String resourceName,
ObjectID segmentId,
java.util.Map descriptions,
java.util.Map keywords,
int secretType,
boolean active,
boolean portletPrivate,
javax.portlet.PortletRequest portletRequest)
Creates a new credential slot in the given vault segment. |
void |
deleteCredentialSlot(java.lang.String slotName)
Deletes an existing credential slot. |
java.util.Iterator |
getAccessibleSlots(javax.portlet.PortletRequest request)
Returns an iterator of all credential Slots that a portlet is authorized to use |
java.util.List |
getAllCredentialSegments()
Returns a List of all available Vault Segments. |
Credential |
getCredential(java.lang.String slotId,
java.lang.String type,
java.util.Map config,
javax.portlet.PortletRequest request)
Returns a specific credential from a specific slot. |
java.lang.String |
getCredentialSlotDescription(java.lang.String slotId,
java.util.Locale locale)
Returns a credential slot's description for the specified locale. |
java.util.Iterator |
getCredentialTypes()
Returns an Iterator over all available credential types that are registered in the credential type registry. |
ObjectID |
getDefaultUserCredentialSegmentId()
Returns the ObjectID of the default user managed vault segment. |
Credential |
getLTPATokenCredential(java.lang.String slotId,
java.util.Map config,
javax.portlet.PortletRequest request)
Returns a LTPA Token credential. |
javax.security.auth.Subject |
getUserSubject(javax.portlet.PortletRequest request)
Returns the user's JAAS Subject. |
void |
setCredentialSecretBinary(java.lang.String slotId,
byte[] secret,
javax.portlet.PortletRequest portletRequest)
Sets a credential's binary secret on a given slot. |
void |
setCredentialSecretUserPassword(java.lang.String slotId,
java.lang.String userId,
char[] password,
javax.portlet.PortletRequest portletRequest)
Sets a credential's user/password secret on a given slot. |
Field Detail |
---|
static final java.lang.String JNDI_NAME
static final int SECRET_TYPE_UNDEFINED
static final int SECRET_TYPE_USERID_STRING_PASSWORD_STRING
static final int SECRET_TYPE_BYTEARRAY
static final int SECRET_TYPE_JAVA_OBJECT
static final int SECRET_TYPE_NO_SECRET_DATA
static final int SECRET_TYPE_JAAS_SUBJECT
static final java.lang.String PREDEFINED_SLOT_USER_JAAS_SUBJECT
Method Detail |
---|
java.util.Iterator getCredentialTypes()
CredentialTypes
dependent on the actual portal configuration.
String
objects representing all
credential types that are registered in the credential type
registryjava.lang.String getCredentialSlotDescription(java.lang.String slotId, java.util.Locale locale) throws CredentialVaultException
slotId
- The credential (slot) id.locale
- The description locale. If set to null
, the
default locale will be used.
CredentialVaultException
- if the description could not been
retrieved.java.util.Iterator getAccessibleSlots(javax.portlet.PortletRequest request) throws CredentialVaultException
request
- The portlet request is needed by the CredentialVault
service in order to determine information about the portlet.
CredentialSlotConfig
objects
representing all credential slots that a portlet is authorized to
use
CredentialVaultException
- if the list of Slots could not been
retrieved.void setCredentialSecretBinary(java.lang.String slotId, byte[] secret, javax.portlet.PortletRequest portletRequest) throws CredentialVaultException
slotId
- The credential (slot) id.secret
- The credential secret data in binary form.portletRequest
- The portlet request is used to determine parameters
like the portlet id and user id.
CredentialVaultException
- if the credential secret is not of
the type binary or if the secret could not be set.void setCredentialSecretUserPassword(java.lang.String slotId, java.lang.String userId, char[] password, javax.portlet.PortletRequest portletRequest) throws CredentialVaultException
slotId
- The credential (slot) id.userId
- The credential's userId.password
- The credential's password.portletRequest
- The portlet request is used to determine parameters
like the portlet id and user id.
CredentialVaultException
- if the credential secret is not of
the type user/password or if the secret could not be set.CredentialSlotConfig createCredentialSlot(java.lang.String resourceName, ObjectID segmentId, java.util.Map descriptions, java.util.Map keywords, int secretType, boolean active, boolean portletPrivate, javax.portlet.PortletRequest portletRequest) throws CredentialVaultException
CredentialSlotConfig
object holds the Slot ID of the newly
generated slot. If one of the required parameters is null, an exception
is thrown.
resourceName
- Name of the resource. Must not be null.segmentId
- ObjectId of the segment that this slot is created in.
Must not be null. Must be the ObjectID of a user mapped segment.
As there is currently just one user mapped segment in the system,
this parameter must contain the result of the method
getDefaultUserCredentialSegmentId()
!descriptions
- The slot descriptions as a Map
, keyed
by their corresponding Locale
objects Key:
Locale
(max length 64 characters) Value:
String
(max length 255 characters) The given map
can be empty.keywords
- The slot keywords as a Map
, keyed by
their corresponding Locale
objects Key:
Locale
(max length 64 characters). Can be null.
Value: String
(max length 255 characters) The given
map can be empty.secretType
- The secrtet type identifier. Must not be null.active
- Flag whether this credential may only be returned in form
of an active credential object (true
) or both as
active and passive credential objects (false
)portletPrivate
- Flag whether the credential secret is portlet
secific (true
) or shared between all of a user's
portlets (false
).portletRequest
- The portlet request. Must not be null.
CredentialSlotConfig
object.
CredentialVaultException
void deleteCredentialSlot(java.lang.String slotName) throws CredentialVaultException
CredentialSlotConfig#getSlotId()
.
slotName
- The credential (slot) id.
CredentialVaultException
- Is thrown if the credential slot
could not be deleted or found.ObjectID getDefaultUserCredentialSegmentId() throws CredentialVaultException
null
, if no user managed vault segment is
configured in the system.
CredentialVaultException
- Is thrown if the user segment could not
be found.java.util.List getAllCredentialSegments() throws CredentialVaultException
VaultSegmentConfig
objects representing
all vault segments.
CredentialVaultException
- Is thrown if the segments could not be
retrieved.Credential getCredential(java.lang.String slotId, java.lang.String type, java.util.Map config, javax.portlet.PortletRequest request) throws CredentialVaultException
CredentialSlotConfig#getSlotId()
.
slotId
- The credential (slot) id.type
- The credential type as specified in the credential type
registry. Default credential type strings are defined as constants
in the interface CredentialTypes
.config
- The backend application specific configuration that is
needed to initialize this credential. This is one part of the
credential configuration. The credential vault service will
usually add further information to this config from other sources:
the user's secret from the actual credential store and the
credential instance specific parameters from the portal's
credential configuration. This parameter can be null.request
- The portlet request is used to determine information about
the portlet.
CredentialVaultException
- if the credential could not been
retrieved - either for technical or secuity reasons.
CredentialSecretNotSetException
- if the requested credential
secret is not set (by the user or admin).Credential getLTPATokenCredential(java.lang.String slotId, java.util.Map config, javax.portlet.PortletRequest request) throws CredentialVaultException
slotId
- The credential (slot) id.config
- The backend application specific configuration that is
needed to initialize this credential. This is one part of the
credential configuration. The credential vault service adds
further information to this config from other sources:
the user's secret from the actual credential store, the
credential instance specific parameters from the portal's
credential configuration and the LTPA_TOKEN_TYPE configured in
the VaultService.properties file.request
- The portlet request is used to determine information about
the portlet.
CredentialVaultException
- if the credential could not be
retrieved - either for technical or secuity reasons.javax.security.auth.Subject getUserSubject(javax.portlet.PortletRequest request) throws CredentialVaultException
PortletServiceException
is thrown.
Note: The returned object is a transient credential.
request
- The portlet request is used to determine the user.
CredentialVaultException
- if the subject could not been
retrieved, e.g. because there is no logged in user.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |