UserNameMapper (Oracle WebLogic Server 10.3.1 API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware
Oracle WebLogic Server 10.3.1 API Reference
11g Release 1 (10.3.1)

Part Number E13941-02

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

weblogic.security.providers.authentication
Interface UserNameMapper

public interface UserNameMapper

Interface used to perform certificate-based and distinguished name user authentication. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated SSL connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password. Certificate-based and distinguished name authentication can be performed via CSIv2 identity assertion.

You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs. You can also use this interface to map from a X.501 distinguished name to a user name.

To specify an instance of this interface to be used by the default, identity asserter, set the UserNameMapperClassName field on the Default Identity Asserter tab in the Administration Console to the name of a class that implements this interface.

Classes implementing this interface must have a public no-arg constructor.

Method Summary
`String`	`mapCertificateToUserName(X509Certificate[] certs, boolean ssl)` Maps a certificate to a username based on a certificate chain presented.
`String`	`mapDistinguishedNameToUserName(byte[] distinguishedName)` Map a X.501 distinguished name to a username based on the distinguished name attributes and values.

Method Detail

mapCertificateToUserName

String mapCertificateToUserName(X509Certificate[] certs,
                                boolean ssl)

Maps a certificate to a username based on a certificate chain presented. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the certificate, otherwise it returns null.

Parameters:: certs - certificate chain presented by the client. An array of length at least 1. The first certificate is the leaf (i.e. end user's) certificate. If the length is greater than 1, the array is a certificate chain, with the last element being the root CA.; ssl - true if the certificates to check were presented by the client during a successful two-way SSL handshake.
Returns:: user name derived from certificate, if mapping succeeded, or null if failed

mapDistinguishedNameToUserName

String mapDistinguishedNameToUserName(byte[] distinguishedName)

Map a X.501 distinguished name to a username based on the distinguished name attributes and values. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the distinguished name, otherwise it returns null.

Parameters:: distinguishedName - ASN.1 encoding of a X.501 distinguished name.
Returns:: user name derived from distinguished name, if mapping succeeded, or null if failed