Oracle Entitlements Server Provider SSPI API Reference

weblogic.security.spi
Interface IdentityAsserterV2

public interface IdentityAsserterV2

The IdentityAsserter interface exposes the methods that custom Identity Assertion providers need to implement in order to provide token-based client identity assertion. An Identity Assertion provider is a specific form of Authentication provider that is used to establish a client's identity outside of the request.

Author:
Copyright © 2004-2008, Oracle and/or its affiliates. All rights reserved.

Field Summary
static java.lang.String AU_TYPE
          The AuthenticatedUser token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.
static java.lang.String AUTHORIZATION_NEGOTIATE
          The AUTHORIZATION_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory.
static java.lang.String CSI_ANONYMOUS_TYPE
          The CSI.ITTAnonymous token is an internal token and is only used when CSIV2 is being used for communication.
static java.lang.String CSI_DISTINGUISHED_NAME_TYPE
          The CSI.DistinguishedName token is an internal token and is only used when CSIV2 is being used for communication.
static java.lang.String CSI_PRINCIPAL_TYPE
          The CSI.PrincipalName token is an internal token and is only used when CSIV2 is being used for communication.
static java.lang.String CSI_X509_CERTCHAIN_TYPE
          The CSI.X509CertChain token is an internal token and is only used when CSIV2 is being used for communication.
static java.lang.String SAML_ASSERTION_TYPE
          Used when a SMAL Assertion token is passed during an invoke.
static java.lang.String WSSE_PASSWORD_DIGEST_TYPE
          The wsse:PasswordDigest token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest.
static java.lang.String WWW_AUTHENTICATE_NEGOTIATE
          The WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication.
static java.lang.String X509_TYPE
          The X.509 token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.
 
Method Summary
 javax.security.auth.callback.CallbackHandler assertIdentity(java.lang.String type, java.lang.Object token, ContextHandler handler)
          Asserts an identity based on token identity information.
 

Field Detail

X509_TYPE

public static final java.lang.String X509_TYPE
The X.509 token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

AU_TYPE

public static final java.lang.String AU_TYPE
The AuthenticatedUser token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

CSI_PRINCIPAL_TYPE

public static final java.lang.String CSI_PRINCIPAL_TYPE
The CSI.PrincipalName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

CSI_ANONYMOUS_TYPE

public static final java.lang.String CSI_ANONYMOUS_TYPE
The CSI.ITTAnonymous token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

CSI_X509_CERTCHAIN_TYPE

public static final java.lang.String CSI_X509_CERTCHAIN_TYPE
The CSI.X509CertChain token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

CSI_DISTINGUISHED_NAME_TYPE

public static final java.lang.String CSI_DISTINGUISHED_NAME_TYPE
The CSI.DistinguishedName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

SAML_ASSERTION_TYPE

public static final java.lang.String SAML_ASSERTION_TYPE
Used when a SMAL Assertion token is passed during an invoke.

WSSE_PASSWORD_DIGEST_TYPE

public static final java.lang.String WSSE_PASSWORD_DIGEST_TYPE
The wsse:PasswordDigest token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest. The web services container passes an object of type weblogic.xml.security.UserInfo when using this token type.

Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

WWW_AUTHENTICATE_NEGOTIATE

public static final java.lang.String WWW_AUTHENTICATE_NEGOTIATE
The WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication. The servlet authentication filter requests the initial challenge using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

AUTHORIZATION_NEGOTIATE

public static final java.lang.String AUTHORIZATION_NEGOTIATE
The AUTHORIZATION_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory. The servlet authentication filter passes an object of type byte[] when using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

Method Detail

assertIdentity

public javax.security.auth.callback.CallbackHandler assertIdentity(java.lang.String type,
                                                                   java.lang.Object token,
                                                                   ContextHandler handler)
                                                            throws IdentityAssertionException
Asserts an identity based on token identity information. An instance of the Identity Assertion provider's CallbackHandler will be passed to the LoginModules to perform principal mapping. A null CallbackHandler instance signifies that the anonymous user should be used.

This method is called every time identity assertion occurs, but the LoginModules may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or to disable the cache by setting the flag to 0).

It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).

Parameters:
type - the type of token to use for identity assertion.

token - the actual token to be used to assert identity.

Returns:
a CallbackHandler related to the identity, or null to signify the anonymous user.

Throws:
IdentityAssertionException - if the identity assertion fails.