|
BEA Systems, Inc. | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object | +--weblogic.security.providers.authentication.DefaultUserNameMapperImpl
Implementation of the UserNameMapper interface used to perform certificate-based and distinguished name user authentication via configuration attributes. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated secure connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password. Distinguished name authentication can be performed via CSIv2 identity assertion.
To this implementation in the Default Identity Asserter, set the UseDefaultUserNameMapper field on the Default Identity Asserter tab in the Administration Console. To configure what attributes in the DN are used to map to the username, set the DefaultUserNameMapperAttribute and DefaultUserNameMapperAttributeDelimiter fields on he Default Identity Asserter tab in the Administration Console. Example values are E and @. For a Email value of smith@bea.com, the user would be mapped to smith.
| Constructor Summary | |
DefaultUserNameMapperImpl(java.lang.String subjectDNAttribute,
java.lang.String attributeDelimiter)
Creates the DefaultUserNameMapper implementation. |
|
| Method Summary | |
java.lang.String |
mapCertificateToUserName(java.security.cert.X509Certificate[] certs,
boolean ssl)
Maps a certificate to a username based on a certificate chain presented. |
java.lang.String |
mapDistinguishedNameToUserName(byte[] distinguishedName)
Map a X.501 distinguised name to a username based on the distinguished name attributes and values. |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
| Constructor Detail |
public DefaultUserNameMapperImpl(java.lang.String subjectDNAttribute,
java.lang.String attributeDelimiter)
subjectDNAttribute - The attribute in the subject DN from the certificate
that should be used in the mapping from certificate to username. This
should be a value such as "ST", "E", or "CN".attributeDelimiter - The delimiter to use as the end of the username
in the mapping. For example, "@" in the value "E=smith@bea.com".| Method Detail |
public java.lang.String mapCertificateToUserName(java.security.cert.X509Certificate[] certs,
boolean ssl)
certs - certificate chain presented by the client. An array
of length at least 1. The first certificate is the leaf
(i.e. end user's) certificate. If the length is greater
than 1, the array is a certificate chain, with the last element
being the root CA.ssl - true if the certificates to check were presented by the
client during a successful two-way SSL handshake.public java.lang.String mapDistinguishedNameToUserName(byte[] distinguishedName)
distinguishedName - ASN.1 encoding of a X.501 distinguised name.
|
Documentation is available at http://download.oracle.com/docs/cd/E13222_01/wls/docs81b |
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||