IdentityAsserterV2 (Oracle WebLogic Server API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.4)

Part Number E13941-04

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

weblogic.security.spi
Interface IdentityAsserterV2

All Known Subinterfaces:: ChallengeIdentityAsserterV2

public interface IdentityAsserterV2

The IdentityAsserter interface exposes the methods that custom Identity Assertion providers need to implement in order to provide token-based client identity assertion. An Identity Assertion provider is a specific form of Authentication provider that is used to establish a client's identity outside of the request.

Field Summary
`static String`	`AU_TYPE` The `AuthenticatedUser` token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.
`static String`	`AUTHORIZATION_NEGOTIATE` The `AUTHORIZATION_NEGOTIATE` token is an internal token and is used when a web application utilizes the SPNEGO protocol to authenticate via Active Directory.
`static String`	`CSI_ANONYMOUS_TYPE` The `CSI.ITTAnonymous` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_DISTINGUISHED_NAME_TYPE` The `CSI.DistinguishedName` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_PRINCIPAL_TYPE` The `CSI.PrincipalName` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_X509_CERTCHAIN_TYPE` The `CSI.X509CertChain` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`GSS_KERBEROS_V5_AP_REQ` The `GSS_KERBEROS_V5_AP_REQ` token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST.
`static String`	`GSS_KERBEROS_V5_AP_REQ_1510` The `GSS_KERBEROS_V5_AP_REQ_1510` token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.
`static String`	`GSS_KERBEROS_V5_AP_REQ_4120` The `GSS_KERBEROS_V5_AP_REQ_4120` token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.
`static String`	`KERBEROS_V5_AP_REQ` The `KERBEROS_V5_AP_REQ` token is a base64 encoded string of raw Kerberos V5 AP_REQUEST.
`static String`	`KERBEROS_V5_AP_REQ_1510` The `KERBEROS_V5_AP_REQ_1510` token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC1510.
`static String`	`KERBEROS_V5_AP_REQ_4120` The `KERBEROS_V5_AP_REQ_4120` token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC4120.
`static String`	`SAML_ASSERTION_B64_TYPE` The `SAML.Assertion64` token is used to identify a SAML token that is a Base64 encoded `SAML.Assertion`.
`static String`	`SAML_ASSERTION_DOM_TYPE` The `SAML.Assertion.DOM` token is used to identify a SAML token that is a DOM Element representation of a `SAML.Assertion`.
`static String`	`SAML_ASSERTION_TYPE` The `SAML.Assertion` token is used to identify a SAML token in string XML form.
`static String`	`SAML2_ASSERTION_DOM_TYPE` The `SAML2_ASSERTION_DOM_TYPE` token is used to identify a SAML2 token in DOM XML documentation.
`static String`	`SAML2_ASSERTION_TYPE` The `SAML2_ASSERTION_TYPE` token is used to identify a SAML2 token in string XML format.
`static String`	`WSSE_PASSWORD_DIGEST_TYPE` The `wsse:PasswordDigest` token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest.
`static String`	`WWW_AUTHENTICATE_NEGOTIATE` The `WWW-AUTHENTICATE_NEGOTIATE` token is an internal token and is used when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication.
`static String`	`X509_TYPE` The `X.509` token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

Method Summary
`CallbackHandler`	`assertIdentity(String type, Object token, ContextHandler handler)` Asserts an identity based on token identity information.

Field Detail

X509_TYPE

static final String X509_TYPE

The X.509 token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

See Also:: Constant Field Values

AU_TYPE

static final String AU_TYPE

The AuthenticatedUser token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_PRINCIPAL_TYPE

static final String CSI_PRINCIPAL_TYPE

The CSI.PrincipalName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_ANONYMOUS_TYPE

static final String CSI_ANONYMOUS_TYPE

The CSI.ITTAnonymous token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_X509_CERTCHAIN_TYPE

static final String CSI_X509_CERTCHAIN_TYPE

The CSI.X509CertChain token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_DISTINGUISHED_NAME_TYPE

static final String CSI_DISTINGUISHED_NAME_TYPE

The CSI.DistinguishedName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

WSSE_PASSWORD_DIGEST_TYPE

static final String WSSE_PASSWORD_DIGEST_TYPE

The wsse:PasswordDigest token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest. The web services container passes an object of type weblogic.xml.security.UserInfo when using this token type.

Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

SAML_ASSERTION_TYPE

static final String SAML_ASSERTION_TYPE

The SAML.Assertion token is used to identify a SAML token in string XML form.

See Also:: Constant Field Values

SAML_ASSERTION_B64_TYPE

static final String SAML_ASSERTION_B64_TYPE

The SAML.Assertion64 token is used to identify a SAML token that is a Base64 encoded SAML.Assertion.

See Also:: Constant Field Values

SAML_ASSERTION_DOM_TYPE

static final String SAML_ASSERTION_DOM_TYPE

The SAML.Assertion.DOM token is used to identify a SAML token that is a DOM Element representation of a SAML.Assertion.

See Also:: Constant Field Values

SAML2_ASSERTION_TYPE

static final String SAML2_ASSERTION_TYPE

The SAML2_ASSERTION_TYPE token is used to identify a SAML2 token in string XML format.

See Also:: Constant Field Values

SAML2_ASSERTION_DOM_TYPE

static final String SAML2_ASSERTION_DOM_TYPE

The SAML2_ASSERTION_DOM_TYPE token is used to identify a SAML2 token in DOM XML documentation.

See Also:: Constant Field Values

WWW_AUTHENTICATE_NEGOTIATE

static final String WWW_AUTHENTICATE_NEGOTIATE

The WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication. The servlet authentication filter requests the initial challenge using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

See Also:: Constant Field Values

AUTHORIZATION_NEGOTIATE

static final String AUTHORIZATION_NEGOTIATE

The AUTHORIZATION_NEGOTIATE token is an internal token and is used when a web application utilizes the SPNEGO protocol to authenticate via Active Directory. The Servlet authentication filter passes an object of type byte[] when using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

See Also:: Constant Field Values

KERBEROS_V5_AP_REQ

static final String KERBEROS_V5_AP_REQ

The KERBEROS_V5_AP_REQ token is a base64 encoded string of raw Kerberos V5 AP_REQUEST.

See Also:: Constant Field Values

GSS_KERBEROS_V5_AP_REQ

static final String GSS_KERBEROS_V5_AP_REQ

The GSS_KERBEROS_V5_AP_REQ token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST.

See Also:: Constant Field Values

KERBEROS_V5_AP_REQ_1510

static final String KERBEROS_V5_AP_REQ_1510

The KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC1510.

See Also:: Constant Field Values

GSS_KERBEROS_V5_AP_REQ_1510

static final String GSS_KERBEROS_V5_AP_REQ_1510

The GSS_KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.

See Also:: Constant Field Values

KERBEROS_V5_AP_REQ_4120

static final String KERBEROS_V5_AP_REQ_4120

The KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC4120.

See Also:: Constant Field Values

GSS_KERBEROS_V5_AP_REQ_4120

static final String GSS_KERBEROS_V5_AP_REQ_4120

The GSS_KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.

See Also:: Constant Field Values

Method Detail

assertIdentity

CallbackHandler assertIdentity(String type,
                               Object token,
                               ContextHandler handler)
                               throws IdentityAssertionException

Asserts an identity based on token identity information. An instance of the Identity Assertion provider's CallbackHandler will be passed to the LoginModules to perform principal mapping. A null CallbackHandler instance signifies that the anonymous user should be used.

This method is called every time identity assertion occurs, but the LoginModules may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or to disable the cache by setting the flag to -1).

It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).

Parameters:: type - the type of token to use for identity assertion.; token - the actual token to be used to assert identity.; handler - a ContextHandler object that can optionally be used to obtain additional information that may be used in asserting the identity. If the caller is unable to provide additional information, a null value should be specified.
Returns:: a CallbackHandler related to the identity, or null to signify the anonymous user.
Throws:: IdentityAssertionException - if the identity assertion fails.