com.bea.p13n.security.management.credentials
Interface CredentialVaultService


public interface CredentialVaultService

The Credential Vault service interface allows management of credentials

Each credential and its optional metadata are stored in a credential entry. Credentials are stored in encrypted format, while its metadata (name value pairs of String type) are stored in plaintext.

There are 3 types of credential entry:

Credential entries also have 3 different visibilities: A concrete CredentialVaultService implementation may support one or more Credential.CredentialType. and manages storing and retrival credential entries to/from its persistence layer.

The default CredentialVaultService implementation currently support USERNAME_PASSWORD_CREDENTIAL. It can be accessed via service factory:

CredentialVaultService cvs = com.bea.wlp.services.Services.getService(com.bea.p13n.security.management.credentials.CredentialVaultService.class)

See Also
Credential.CredentialType, CredentialEntry.EntryType

Method Summary
 boolean cleanupResourceCredentialEntries(ResourceKey requestResource, String entryName)
          Delete credential entries associated with specified resource for all users
 CredentialEntry createCredentialEntry(String entryName, CredentialEntry.EntryType type, String description, ResourceKey requestResource)
          Reserve an entry to store credential.
 CredentialEntry fetchCredentialEntry(String entryName, CredentialEntry.EntryType type, ResourceKey requestResource)
          Retrieve an entry from credential vault For USER_TYPE or SYSTEM_TYPE entries, if there are more than one entries with same name but in different scope, the one with closest scope to requesting resource will be retrieved.
 Iterator<? extends CredentialEntry> listAccessibleCredentialEntries(ResourceKey requestResource)
          Retrieve all credential entries visible to requesting resource and requester, including RESOURCE_TYPE entries bound to request resource, USER_TYPE entries created by requester, and SYSTEM_TYPE entries.
 boolean removeCredentialEntry(String entryName, CredentialEntry.EntryType type, ResourceKey requestResource)
          Delete credential entry from vault
 

Method Detail

createCredentialEntry

CredentialEntry createCredentialEntry(String entryName,
                                      CredentialEntry.EntryType type,
                                      String description,
                                      ResourceKey requestResource)
                                      throws AlreadyExistsException,
                                             CredentialAccessException,
                                             CredentialVaultException,
                                             IllegalArgumentException
Reserve an entry to store credential. The visibility (a.k.a scope) of newly created credential entry is same as scope of the requesting resource.

Parameters
entryName - name to identify entry
type - predefined value in CredentialEntry.EntryType
description - optional description of the credential entry
requestResource - the resource requesting a credential entry
Returns
newly credential entry
Throws
AlreadyExistsException - If the entry already exists in vault
CredentialAccessException - If user doesn't have privilidge to create the credential entry
CredentialVaultException - persistenct error during credential entry creation
IllegalArgumentException - if entryName is null or empty

fetchCredentialEntry

CredentialEntry fetchCredentialEntry(String entryName,
                                     CredentialEntry.EntryType type,
                                     ResourceKey requestResource)
                                     throws CredentialVaultException
Retrieve an entry from credential vault For USER_TYPE or SYSTEM_TYPE entries, if there are more than one entries with same name but in different scope, the one with closest scope to requesting resource will be retrieved.

Parameters
entryName - name to identify entry
type - predefined value in CredentialEntry.EntryType
requestResource - the resource requesting a credential entry
Returns
a credential entry with specified characters or null if not exists
Throws
CredentialVaultException - Error during credential entry retrieval

listAccessibleCredentialEntries

Iterator<? extends CredentialEntry> listAccessibleCredentialEntries(ResourceKey requestResource)
                                                                    throws CredentialVaultException
Retrieve all credential entries visible to requesting resource and requester, including RESOURCE_TYPE entries bound to request resource, USER_TYPE entries created by requester, and SYSTEM_TYPE entries.

Parameters
requestResource - the resource requesting credential entries
Returns
an iterator to a collection of visible credential entries
Throws
CredentialVaultException - Error during credential entries retrieval

removeCredentialEntry

boolean removeCredentialEntry(String entryName,
                              CredentialEntry.EntryType type,
                              ResourceKey requestResource)
                              throws CredentialAccessException,
                                     CredentialVaultException
Delete credential entry from vault

NOTE: Delete a non-exists credential entry does not fail in this method

Parameters
entryName - name to identify entry
type - predefined value in CredentialEntry.EntryType
requestResource - the resource requesting to delete a credential entry
Returns
true if the specified credential entry is removed from vault
false if the entry is not found in system
Throws
CredentialAccessException - If user doesn't have privilidge to remove the credential entry
CredentialVaultException - Error during delete a credential entry

cleanupResourceCredentialEntries

boolean cleanupResourceCredentialEntries(ResourceKey requestResource,
                                         String entryName)
                                         throws CredentialAccessException,
                                                CredentialVaultException
Delete credential entries associated with specified resource for all users

NOTE: Only user with administrive privildge can do this cleanup operation.
Delete non-existing credential entries do not fail in this method

Parameters
requestResource - the resource requesting to delete credential entries for all users
entryName - name to identify entry. If null, all entries associated with requestResource will be deleted.
Returns
true if any user customized credential entry associated with resource is removed from vault
false if entry is not found in system
Throws
CredentialAccessException - If user doesn't have administrative privilidge to remove credential entries
CredentialVaultException - Error during delete credential entries


Copyright © 2011, Oracle. All rights reserved.