Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
BEA Systems, Inc.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

BEA WebLogic Server 9.1 API Reference

weblogic.security.providers.authentication
Interface UserNameMapper

public interface UserNameMapper

Interface used to perform certificate-based and distinguished name user authentication. Certificate-based authentication can be performed when a remote client makes a two-way-authenticated SSL connection to the server, in which case the client's certificate chain can be used to authenticate the remote user. This removes the need for the client to explicitly provide a username and password. Certificate-based and distinguished name authentication can be performed via CSIv2 identity assertion.

You can use this interface to map from a certificate to a user name according to whatever scheme is appropriate for your needs. You can also use this interface to map from a X.501 distinguished name to a user name.

To specify an instance of this interface to be used by the default, identity asserter, set the UserNameMapperClassName field on the Default Identity Asserter tab in the Administration Console to the name of a class that implements this interface.

Classes implementing this interface must have a public no-arg constructor.

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Method Summary
 String mapCertificateToUserName(X509Certificate[] certs, boolean ssl)
          Maps a certificate to a username based on a certificate chain presented.
 String mapDistinguishedNameToUserName(byte[] distinguishedName)
          Map a X.501 distinguished name to a username based on the distinguished name attributes and values.
 

Method Detail

mapCertificateToUserName

public String mapCertificateToUserName(X509Certificate[] certs,
                                       boolean ssl)
Maps a certificate to a username based on a certificate chain presented. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the certificate, otherwise it returns null.

Parameters:
certs - certificate chain presented by the client. An array of length at least 1. The first certificate is the leaf (i.e.  end user's) certificate. If the length is greater than 1, the array is a certificate chain, with the last element being the root CA.
ssl - true if the certificates to check were presented by the client during a successful two-way SSL handshake.
Returns:
user name derived from certificate, if mapping succeeded, or null if failed

mapDistinguishedNameToUserName

public String mapDistinguishedNameToUserName(byte[] distinguishedName)
Map a X.501 distinguished name to a username based on the distinguished name attributes and values. If the user can be mapped successfully, this method returns the user with its WebLogic username optionally derived from the distinguished name, otherwise it returns null.

Parameters:
distinguishedName - ASN.1 encoding of a X.501 distinguished name.
Returns:
user name derived from distinguished name, if mapping succeeded, or null if failed
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Documentation is available at
http://download.oracle.com/docs/cd/E13222_01/wls/docs91
Copyright 2005 BEA Systems Inc.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD