com.ibm.wps.portletservice.credentialvault.credentials
Class LtpaTokenCredential
java.lang.Object
com.ibm.wps.portletservice.credentialvault.credentials.Credential
com.ibm.wps.portletservice.credentialvault.credentials.ActiveCredential
com.ibm.wps.portletservice.credentialvault.credentials.JaasSubjectCredential
com.ibm.wps.portletservice.credentialvault.credentials.LtpaTokenCredential
- All Implemented Interfaces:
- ActiveCredential, Credential, JaasSubjectCredential, LtpaTokenCredential, java.io.Serializable
Deprecated. since 6.0. Support of the IBM portlet API may be removed in a future
release of WebSphere Portal. Use of the Java Portlet API (javax.portlet)
is recommended instead.
public class LtpaTokenCredential
- extends JaasSubjectCredential
- implements LtpaTokenCredential
Credential for authenticating at a back-end system that is within the same WebSphere SSO-Domain as the portal.
This Credential can be used to establish an authenticated outbound URL connection by associating the users
existing Ltpa cookie to that connection.
The Ltpa token credential can be retrieved via the vault service through
CredentialVaultService.getLTPATokenCredential(String slotId, Map config, javax.portlet.PortletRequest request)
where slotId = com.ibm.portal.portlet.service.credentialvault.CredentialVaultService.PREDEFINED_SLOT_USER_JAAS_SUBJECT;
Alternative the Ltpa token credential can be created by:
CredentialFactory.createCredential(CredentialTypes.LTPA_TOKEN)
;
See CredentialFactory
- Initialize the credential via the
init(Map config)
method
After retrieving the Ltpa token credential establish the connection:
- Pass the URL to the method
getAuthenticatedConnection()
in order to get an URLConnection with the current Ltpa token(s) associated
- If necessary, set additional HTTP headers on the resulting URLConnection
- Send the request to a trusted server
Warning 1: Do not send the Ltpa cookie to servers outside the SSO domain! If those servers are hostile, they can use the Ltpa token
data to impersonate the user represented by the Ltpa token and compromise the system.
Warning 2:
This code does not respect the Secure
attribute (as defined by RFC 2109) of the Ltpa cookie(s). Therefore, the code
that uses the Ltpa token credential is responsible for deciding whether it is okay to send the token over unencrypted HTTP connections.
Preconditions:
See init(Map config)
NOTE: This API may only be used in the scope of an HTTP request in WebSphere Portal, i.e. within a theme.
The API can not be invoked directly by a custom servlet.
- Since:
- 5.1.0.1
- See Also:
- Serialized Form
Field Summary |
protected com.ibm.wps.sso.LTPATokenCredential |
ltpaToken
Deprecated. |
protected com.ibm.wps.sso.LTPATokenCredential |
ltpaToken2
Deprecated. |
Fields inherited from class com.ibm.wps.portletservice.credentialvault.credentials.Credential |
LOGGER_NAME |
Method Summary |
java.net.HttpURLConnection |
getAuthenticatedConnection(java.lang.String url)
Deprecated. Returns a new HttpURLConnection with added authentication data. |
java.net.HttpURLConnection |
getAuthenticatedConnection(java.net.URL url)
Deprecated. Returns a new Http Url connection with added authentication data. |
protected void |
getLtpaToken2Credential()
Deprecated. |
protected void |
getLtpaTokenCredential()
Deprecated. |
void |
init(java.util.Map<java.lang.String,java.lang.Object> config)
Deprecated. Initializes a new LtpaToken credential. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ltpaToken
protected com.ibm.wps.sso.LTPATokenCredential ltpaToken
- Deprecated.
ltpaToken2
protected com.ibm.wps.sso.LTPATokenCredential ltpaToken2
- Deprecated.
LtpaTokenCredential
public LtpaTokenCredential()
- Deprecated.
init
public void init(java.util.Map<java.lang.String,java.lang.Object> config)
throws CredentialVaultException
- Deprecated.
- Initializes a new LtpaToken credential.
If you pass in a null pointer to the initialization of this credential for the JaasSubjectCredentialSecret,
this credential will get the current token(s) from the current WAS Security context.
- Specified by:
init
in interface Credential
- Specified by:
init
in interface JaasSubjectCredential
- Specified by:
init
in interface LtpaTokenCredential
- Overrides:
init
in class JaasSubjectCredential
- Parameters:
config
- The configuration needed to initialize this credential:
- Key: KEY_CREDENTIAL_SECRET, value: JaasSubjectCredentialSecret.
The credential's secret.
This paramter is optional.If null the current users caller subject will be used.
The JaasSubjectCredentialSecret can be obtained from the CredentialSecretFactory
See Also: CredentialSecretFactory
- Key: LTPA_TOKEN_TYPE, value: String.
You should use the LTPA_TOKEN_TYPE_VALUE_DEFAULT
here, which means forward exaclty those Ltpa tokens available
on the incomming request. It is also possible to propagate only the Ltpa or only the Ltpa2 token or both tokens. The corresponding values
are represented by the constants: LTPA_TOKEN_TYPE_VALUE_LTPA_ONLY
,
LTPA_TOKEN_TYPE_VALUE_LTPA2_ONLY
, and LTPA_TOKEN_TYPE_VALUE_BOTH
(mandatory)
- Key: HTTP_SERVLET_REQUEST, value: HttpServletRequest
The incoming HTTP request (mandatory)
- Throws:
CredentialVaultException
- If any mandatory parameter is missing or has a wrong object type as value.- Since:
- 6.0.1 The key LTPA_TOKEN_TYPE is available.
getLtpaTokenCredential
protected void getLtpaTokenCredential()
throws CredentialVaultException
- Deprecated.
- Throws:
CredentialVaultException
getLtpaToken2Credential
protected void getLtpaToken2Credential()
throws CredentialVaultException
- Deprecated.
- Throws:
CredentialVaultException
getAuthenticatedConnection
public java.net.HttpURLConnection getAuthenticatedConnection(java.net.URL url)
throws java.io.IOException
- Deprecated.
- Returns a new Http Url connection with added authentication data.
- Specified by:
getAuthenticatedConnection
in interface JaasSubjectCredential
- Specified by:
getAuthenticatedConnection
in interface LtpaTokenCredential
- Specified by:
getAuthenticatedConnection
in class JaasSubjectCredential
- Parameters:
url
- The target URL for the connection. Note that it need not be
opened yet.
- Returns:
- HttpURLConnection A new authenticated (and yet uncommitted)
connection
- Throws:
java.io.IOException
- thrown if anything unexpected happened
getAuthenticatedConnection
public java.net.HttpURLConnection getAuthenticatedConnection(java.lang.String url)
throws java.io.IOException
- Deprecated.
- Returns a new HttpURLConnection with added authentication data.
- Specified by:
getAuthenticatedConnection
in interface JaasSubjectCredential
- Specified by:
getAuthenticatedConnection
in interface LtpaTokenCredential
- Specified by:
getAuthenticatedConnection
in class JaasSubjectCredential
- Parameters:
url
- The target URL for the connection
- Returns:
- HttpURLConnection A new authenticated (and yet uncommitted)
connection.
- Throws:
java.io.IOException
- thrown if anything unexpected happened.