Oracle Entitlements Server Provider SSPI Reference: Interface IdentityAsserter

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

Oracle Entitlements Server Provider SSPI API Reference

weblogic.security.spi
Interface IdentityAsserter

All Known Subinterfaces:: ChallengeIdentityAsserter, ChallengeIdentityAsserterV2

public interface IdentityAsserter

The IdentityAsserter interface exposes the methods that custom Identity Assertion providers need to implement in order to provide token-based client identity assertion. An Identity Assertion provider is a specific form of Authentication provider that is used to establish a client's identity outside of the request.

Author:: Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.

Field Summary
`static java.lang.String`	`AU_TYPE` Used when the Identity Assertion provider supports client identity assertion by using the Weblogic `AuthenticatedUser` token.
`static java.lang.String`	`CSI_ANONYMOUS_TYPE` Used when a CSIv2 anonymous identity token is passed during an invoke.
`static java.lang.String`	`CSI_DISTINGUISHED_NAME_TYPE` Used when a CSIv2 distinguished name identity token is passed during an invoke.
`static java.lang.String`	`CSI_PRINCIPAL_TYPE` Used when a CSIv2 principal name identity token is passed during an invoke.
`static java.lang.String`	`CSI_X509_CERTCHAIN_TYPE` Used when a CSIv2 X509 certificate chain identity token is passed during an invoke.
`static java.lang.String`	`SAML_ASSERTION_TYPE` Used when a SMAL Assertion token is passed during an invoke.
`static java.lang.String`	`X509_TYPE` Used when the Identity Assertion provider supports client identity assertion by using X509 client certificates as identity tokens.

Method Summary
`javax.security.auth.callback.CallbackHandler`	`assertIdentity(java.lang.String type, java.lang.Object token)` Asserts an identity based on token identity information.

Field Detail

X509_TYPE

public static final java.lang.String X509_TYPE

Used when the Identity Assertion provider supports client identity assertion by using X509 client certificates as identity tokens.

AU_TYPE

public static final java.lang.String AU_TYPE

Used when the Identity Assertion provider supports client identity assertion by using the Weblogic AuthenticatedUser token.

CSI_PRINCIPAL_TYPE

public static final java.lang.String CSI_PRINCIPAL_TYPE

Used when a CSIv2 principal name identity token is passed during an invoke. CSIv2 is the common secure interoperability protocol.

CSI_ANONYMOUS_TYPE

public static final java.lang.String CSI_ANONYMOUS_TYPE

Used when a CSIv2 anonymous identity token is passed during an invoke. CSIv2 is the common secure interoperability protocol.

CSI_X509_CERTCHAIN_TYPE

public static final java.lang.String CSI_X509_CERTCHAIN_TYPE

Used when a CSIv2 X509 certificate chain identity token is passed during an invoke. CSIv2 is the common secure interoperability protocol.

CSI_DISTINGUISHED_NAME_TYPE

public static final java.lang.String CSI_DISTINGUISHED_NAME_TYPE

Used when a CSIv2 distinguished name identity token is passed during an invoke. CSIv2 is the common secure interoperability protocol.

SAML_ASSERTION_TYPE

public static final java.lang.String SAML_ASSERTION_TYPE

Used when a SMAL Assertion token is passed during an invoke.

Method Detail

assertIdentity

public javax.security.auth.callback.CallbackHandler assertIdentity(java.lang.String type,
                                                                   java.lang.Object token)
                                                            throws IdentityAssertionException

Asserts an identity based on token identity information. An instance of the Identity Assertion provider's CallbackHandler will be passed to the LoginModules to perform principal mapping. A null CallbackHandler instance signifies that the anonymous user should be used.

This method is called every time identity assertion occurs, but the LoginModules may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or to disable the cache by setting the flag to 0).

It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).

Parameters:: type - the type of token to use for identity assertion.; token - the actual token to be used to assert identity.
Returns:: a CallbackHandler related to the identity, or null to signify the anonymous user.
Throws:: IdentityAssertionException - if the identity assertion fails.