> Oracle WebCenter Interaction Web Service Development Guide > About Oracle WebCenter Interaction Portlet Development > About Oracle WebCenter Interaction Portlet Security > Using Oracle WebCenter Interaction Development Kit (IDK) Encryption

Oracle WebCenter Interaction Web Service Development Guide

     Previous Next  Open TOC in new window   View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Using Oracle WebCenter Interaction Development Kit (IDK) Encryption

The Oracle WebCenter Interaction Development Kit (IDK) provides standard methods for encrypting and decrypting credentials stored in the portal database.

You can use the Oracle WebCenter Interaction Development Kit (IDK) to access credentials from the credential vault. If you are not using the credential vault, you must set the encryption type and associated key, and the setting type and setting names. You can enter these parameters in the Oracle WebCenter Interaction Development Kit (IDK) web.xml/Web.config file, or set them programmatically. Both options are detailed below.
  • To configure encryption in the web.xml/Web.config file, enter values for the following parameters:
    Parameter Accepted Values
    CredentialSettingType Portal setting type:
    • GADGET: Portlet Preference
    • COMMUNITYGADGET: CommunityPortlet Preference
    • COMMUNITY: Community Preference
    • ADMIN: Administrative Preference
    • SESSION: Session Preference
    • USER: User Preference
    • USERINFO: User Information Setting
    UsernameParameterName The setting name for the user name setting (for example, MyAppUserName).
    PasswordParameterName The setting name for the password setting (e.g., MyAppPassword).
    CredentialEncryptionType Encryption type:
    • BASE64
    • RC2
    • AES
    • NONE
    (RSA encryption is only available with the credential vault.)
    RC2PrivateKey String of private key for RC2 encryption.
    AESPrivateKey String of private key for AES encryption.
    Note: The encryption settings in the configuration file will override any values set programmatically. If you do not include encryption settings in the configuration file, you must set them programmatically as shown below.
  • To encrypt and store credentials in the portal database, use ICredentialSetter.

    Java

    // get an ICredentialSetter instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.createPortletContext(req, resp);
ICredentialSetter cSetter = portletContext.getCredentialSetter();

// set the header type and parameter names
cSetter.setCredentialSettingType(SettingType.User);
cSetter.setUsernameParameterName("MyAppUserName");
cSetter.setPasswordParameterName("MyAppPassword");

// set the encryption type and key
cSetter.setCredentialEncryptionType(EncryptionType.RC2);
cSetter.setPrivateKey("skiroblbpauwyryrhfvnmsl");

// set the user name and password
cSetter.setUsername(username);
cSetter.setPassword(password);

    .NET

    // get an ICredentialSetter instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.CreatePortletContext(req, resp);
ICredentialSetter cSetter = portletContext.GetCredentialSetter();

// set the header type and parameter names
cSetter.SetCredentialSettingType(SettingType.User);
cSetter.SetUsernameParameterName("MyAppUserName");
cSetter.SetPasswordParameterName("MyAppPassword");

// set the encryption type and key
cSetter.SetCredentialEncryptionType(EncryptionType.RC2);
cSetter.SetPrivateKey("skiroblbpauwyryrhfvnmsl");

// set the user name and password
cSetter.SetUsername(username);
cSetter.SetPassword(password);
  • To decrypt credentials stored in the portal database, use ICredentialProvider.

    Java

    // get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.createPortletContext(req, resp);
ICredentialProvider cProvider = portletContext.getCredentialProvider();

// set the header type and parameter names
cProvider.setCredentialSettingType(SettingType.User);
cProvider.setUsernameParameterName("MyAppUsername");
cProvider.setPasswordParameterName("MyAppPassword");

// set the encryption type and key
cProvider.setCredentialEncryptionType(EncryptionType.RC2);
cProvider.setPrivateKey("skiroblbpauwyryrhfvnmsl");

// get the username and password
String username = cProvider.getUsername();
String password = cProvider.getPassword();

    .NET

    // get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.CreatePortletContext(req, resp);
ICredentialProvider cProvider = portletContext.GetCredentialProvider();

// set the header type and parameter names
cProvider.SetCredentialSettingType(SettingType.User);
cProvider.SetUsernameParameterName("DCTMUsername");
cProvider.SetPasswordParameterName("DCTMPassword");

// set the encryption type and key
cProvider.SetCredentialEncryptionType(EncryptionType.RC2);
cProvider.SetPrivateKey("skiroblbpauwyryrhfvnmsl");

// get the username and password
String username = cProvider.GetUsername();
String password = cProvider.GetPassword();
Parent topic: About Oracle WebCenter Interaction Portlet Security

  Back to Top      Previous Next