Oracle Entitlements Server for Java API Reference

com.bea.security
Class AuthenticationService

java.lang.Object
  |
  +--com.bea.security.PublicSecurityService
        |
        +--com.bea.security.AuthenticationService
public class AuthenticationService
extends PublicSecurityService

The authentication service provides functions to an application related to establishing, verifying, and transferring an identity.

Author:
Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.

Fields inherited from class com.bea.security.PublicSecurityService
COMPATIBLE, COMPATIBLE_DEPRECATED, COMPATIBLE_UNKNOWN, NOT_COMPATIBLE
 
Method Summary
 AuthenticIdentity assertIdentity(java.lang.String tokentype, java.lang.Object token)
          Establishes an authenticated identity based on an assertion token of a type supported by the configured authentication providers.
 AuthenticIdentity assertIdentity(java.lang.String tokentype, java.lang.Object token, AppContext ctx)
          Establishes an authenticated identity based on an assertion token of a type supported by the configured authentication providers.
 AuthenticIdentity authenticate(javax.security.auth.callback.CallbackHandler handler)
          Starts a JAAS authentication handshake that will produce an authenticated identity.
 AuthenticIdentity authenticate(javax.security.auth.callback.CallbackHandler handler, AppContext ctx)
          Starts a JAAS authentication handshake that will produce an authenticated identity.
 java.lang.Object getChallengeAssertionToken(java.lang.String tokentype)
          Gets an identity assertion challenge for identity asserters that support challenges.
 java.lang.Object getChallengeAssertionToken(java.lang.String tokentype, AppContext ctx)
          Gets an identity assertion challenge for identity asserters that support challenges.
 ServiceType getServiceType()
          Indicates this service's type.
 ServiceVersion getVersion()
          Indicates this service's version.
 boolean isAssertionTokenSupported(java.lang.String tokentype)
          Checks with the security runtime to see if an assertion token type is supported.
 int isCompatible(ServiceVersion version)
          Determines if the version of the public service API specified in the Java application is compatible with the current version of the service API in the security runtime instance.
 boolean validateIdentity(AuthenticIdentity identity)
          Deprecated. Not implemented in ALES30 and above
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

getServiceType

public ServiceType getServiceType()
Indicates this service's type.

Returns:
a ServiceType object indicating this service's type.
Overrides:
getServiceType in class PublicSecurityService

getVersion

public ServiceVersion getVersion()
Indicates this service's version.

Returns:
a ServiceVersion indicating the service version number and patch level.
Overrides:
getVersion in class PublicSecurityService

isCompatible

public int isCompatible(ServiceVersion version)
Determines if the version of the public service API specified in the Java application is compatible with the current version of the service API in the security runtime instance.

Parameters:
version - a ServiceVersion which is being asked for by the Java application. The current service, that is, the service in the security runtime instance, will indiciate if it supports the version specified in the isCompatible() method.
Returns:
an int equaling NOT_COMPATIBLE if the service is not compatible with the supplied version, COMPATIBLE if the service is fully compatible, COMPATIBLE_DEPRECATED if the service is compatible, but some functions have been depricated between the versions, or, finally, COMPATIBLE_UNKNOWN if the version passed in is newer than the current version, so compatibility is unknown.
Overrides:
isCompatible in class PublicSecurityService

assertIdentity

public AuthenticIdentity assertIdentity(java.lang.String tokentype,
                                        java.lang.Object token)
                                 throws IdentityNotAuthenticException,
                                        InvalidAssertionTokenException
Establishes an authenticated identity based on an assertion token of a type supported by the configured authentication providers.

Parameters:
tokentype - the type of token provided for assertion.
token - the object which contains the token of type 'tokentype'.
Returns:
Identity if the assertion was successful or null if the assertion was unsuccessful.

NOTE: A built-in identity asserter is included as part of the java api. This assertor takes a token name of "WLS.Subject" and a token object that is the WebLogic Server form of identity. If an identity assertion provider is plugged in to handle the assertion type of "WLS.Subject", then the provider will be used. If no identity assertion provider is plugged in to handle this type the built-in version will be used.

javax.security.auth.Subject is the form of identity used in WebLogic Servers. This mechanism was built-in to provide an easy way to convert between identity formats.

Throws:
IdentityNotAuthenticException - This exception is thrown if the assertion token cannot produce an authenticated identity.
InvalidAssertionTokenException - This exception is thown if the token provided is not valid or does not match the tokentype passed in.

assertIdentity

public AuthenticIdentity assertIdentity(java.lang.String tokentype,
                                        java.lang.Object token,
                                        AppContext ctx)
                                 throws IdentityNotAuthenticException,
                                        InvalidAssertionTokenException
Establishes an authenticated identity based on an assertion token of a type supported by the configured authentication providers.

Parameters:
tokentype - the type of token provided for assertion.
token - the object which contains the token of type 'tokentype'.
Returns:
Identity if the assertion was successful; otherwise, an exception is throw.

NOTE: A built-in identity asserter is included as part of the java api. This assertor takes a token name of "WLS.Subject" and a token object that is the WebLogic Server form of identity. If an identity assertion provider is plugged in to handle the assertion type of "WLS.Subject", then the provider will be used. If no identity assertion provider is plugged in to handle this type the built-in version will be used.

javax.security.auth.Subject is the form of identity used in WebLogic Servers. This mechanism was built-in to provide an easy way to convert between identity formats.

Throws:
IdentityNotAuthenticException - This exception is thrown if the assertion token cannot produce an authenticated identity.
InvalidAssertionTokenException - This exception is thown if the token provided is not valid or does not match the tokentype passed in.

isAssertionTokenSupported

public boolean isAssertionTokenSupported(java.lang.String tokentype)
Checks with the security runtime to see if an assertion token type is supported. If the tokentype is supported, assertions can be made with tokens of that type by using assertIdentity.

Parameters:
tokentype - the type of token you wish to use.
Returns:
true if the token type is supported, false if it is not.

getChallengeAssertionToken

public java.lang.Object getChallengeAssertionToken(java.lang.String tokentype)
                                            throws InvalidAssertionTokenException
Gets an identity assertion challenge for identity asserters that support challenges. This challenge needs to be filled with values by the application before it can be presented as an assertion token to establish a user identity.

Parameters:
tokentype - the type of identity assertion challenge requested.
ctx - the application context relevant to the identity asseertion
Returns:
an Object appropriate for the assertion type containing the challenge.
Throws:
InvalidAssertionTokenException - This exception is thrown if the token type provided does not support challenges, or is invalid

getChallengeAssertionToken

public java.lang.Object getChallengeAssertionToken(java.lang.String tokentype,
                                                   AppContext ctx)
                                            throws InvalidAssertionTokenException
Gets an identity assertion challenge for identity asserters that support challenges. This challenge needs to be filled with values by the application before it can be presented as an assertion token to establish a user identity.

Parameters:
tokentype - the type of identity assertion challenge requested.
ctx - the application context relevant to the identity asseertion
Returns:
an Object appropriate for the assertion type containing the challenge.
Throws:
InvalidAssertionTokenException - This exception is thrown if the token type provided does not support challenges, or is invalid

authenticate

public AuthenticIdentity authenticate(javax.security.auth.callback.CallbackHandler handler)
                               throws IdentityNotAuthenticException
Starts a JAAS authentication handshake that will produce an authenticated identity.

Parameters:
handler - a handler (javax.security.auth.callback.CallbackHandler) that can respond to callbacks and provide information to the runtime that can authenticate a user..
Returns:
an AuthenticIdentity representing the authenticated user.
Throws:
IdentityNotAuthenticException - This exception is thrown if the runtime cannot authenticate the user through the callback handler, or if the authenticating information is incorrect

authenticate

public AuthenticIdentity authenticate(javax.security.auth.callback.CallbackHandler handler,
                                      AppContext ctx)
                               throws IdentityNotAuthenticException
Starts a JAAS authentication handshake that will produce an authenticated identity.

Parameters:
handler - a handler (javax.security.auth.callback.CallbackHandler) that can respond to callbacks and provide information to the runtime that can authenticate a user.
ctx - application context to be considered during authentication
Returns:
an AuthenticIdentity representing the authenticated user.
Throws:
IdentityNotAuthenticException - This exception is thrown if the runtime cannot authenticate the user through the callback handler, or if the authenticating information is incorrect

validateIdentity

public boolean validateIdentity(AuthenticIdentity identity)
Deprecated. Not implemented in ALES30 and above
Validate than an identity is valid by checking its cryptographic signature.

Parameters:
identity - an AuthenticIdentity representing the authenticated user to validate.
Returns:
TRUE if this user is valid, otherwise FALSE