CredentialVaultService (Oracle Fusion Middleware Java API for Oracle WebLogic Portal)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.bea.p13n.security.management.credentials
Interface CredentialVaultService

public interface CredentialVaultService

The Credential Vault service interface allows management of credentials

Each credential and its optional metadata are stored in a credential entry. Credentials are stored in encrypted format, while its metadata (name value pairs of String type) are stored in plaintext.

There are 3 types of credential entry:

RESOURCE_TYPE: credential entry only accessiable to a particular resource instance of a logined user, which create the credential entry.
USER_TYPE: credential entry is accessiable to all the resource instances of a logined user.
SYSTEM_TYPE: credential entry is accessiable to all resource instances of all logined users.

Credential entries also have 3 different visibilities:

Webapp scoped credential entries are not visible to a different webapp of the same enterprise application.
e.g., a USER_TYPE credential entry named "foo" for user "bar" in different portal webapps will have different entries, probably storing different credentials.
Enterprise application scoped credential entries are not visible to a different enterprise application in the same domain.
Domain scoped credential entries are global entries, which visible to all applications within the domain.

A concrete CredentialVaultService implementation may support one or more Credential.CredentialType. and manages storing and retrival credential entries to/from its persistence layer.

The default CredentialVaultService implementation currently support USERNAME_PASSWORD_CREDENTIAL. It can be accessed via service factory:

CredentialVaultService cvs = com.bea.wlp.services.Services.getService(com.bea.p13n.security.management.credentials.CredentialVaultService.class)

See Also: Credential.CredentialType, CredentialEntry.EntryType

Method Summary
`boolean`	`cleanupResourceCredentialEntries(ResourceKey requestResource, String entryName)` Delete credential entries associated with specified resource for all users
`CredentialEntry`	`createCredentialEntry(String entryName, CredentialEntry.EntryType type, String description, ResourceKey requestResource)` Reserve an entry to store credential.
`CredentialEntry`	`fetchCredentialEntry(String entryName, CredentialEntry.EntryType type, ResourceKey requestResource)` Retrieve an entry from credential vault For USER_TYPE or SYSTEM_TYPE entries, if there are more than one entries with same name but in different scope, the one with closest scope to requesting resource will be retrieved.
`Iterator<? extends CredentialEntry>`	`listAccessibleCredentialEntries(ResourceKey requestResource)` Retrieve all credential entries visible to requesting resource and requester, including RESOURCE_TYPE entries bound to request resource, USER_TYPE entries created by requester, and SYSTEM_TYPE entries.
`boolean`	`removeCredentialEntry(String entryName, CredentialEntry.EntryType type, ResourceKey requestResource)` Delete credential entry from vault

Method Detail

createCredentialEntry

CredentialEntry createCredentialEntry(String entryName,
                                      CredentialEntry.EntryType type,
                                      String description,
                                      ResourceKey requestResource)
                                      throws AlreadyExistsException,
                                             CredentialAccessException,
                                             CredentialVaultException,
                                             IllegalArgumentException

Reserve an entry to store credential. The visibility (a.k.a scope) of newly created credential entry is same as scope of the requesting resource.

Parameters: entryName - name to identify entry; type - predefined value in CredentialEntry.EntryType; description - optional description of the credential entry; requestResource - the resource requesting a credential entry
Returns: newly credential entry
Throws: AlreadyExistsException - If the entry already exists in vault; CredentialAccessException - If user doesn't have privilidge to create the credential entry; CredentialVaultException - persistenct error during credential entry creation; IllegalArgumentException - if entryName is null or empty

fetchCredentialEntry

CredentialEntry fetchCredentialEntry(String entryName,
                                     CredentialEntry.EntryType type,
                                     ResourceKey requestResource)
                                     throws CredentialVaultException

Retrieve an entry from credential vault For USER_TYPE or SYSTEM_TYPE entries, if there are more than one entries with same name but in different scope, the one with closest scope to requesting resource will be retrieved.

Parameters: entryName - name to identify entry; type - predefined value in CredentialEntry.EntryType; requestResource - the resource requesting a credential entry
Returns: a credential entry with specified characters or null if not exists
Throws: CredentialVaultException - Error during credential entry retrieval

listAccessibleCredentialEntries

Iterator<? extends CredentialEntry> listAccessibleCredentialEntries(ResourceKey requestResource)
                                                                    throws CredentialVaultException

Retrieve all credential entries visible to requesting resource and requester, including RESOURCE_TYPE entries bound to request resource, USER_TYPE entries created by requester, and SYSTEM_TYPE entries.

Parameters: requestResource - the resource requesting credential entries
Returns: an iterator to a collection of visible credential entries
Throws: CredentialVaultException - Error during credential entries retrieval

removeCredentialEntry

boolean removeCredentialEntry(String entryName,
                              CredentialEntry.EntryType type,
                              ResourceKey requestResource)
                              throws CredentialAccessException,
                                     CredentialVaultException

Delete credential entry from vault

NOTE: Delete a non-exists credential entry does not fail in this method

Parameters: entryName - name to identify entry; type - predefined value in CredentialEntry.EntryType; requestResource - the resource requesting to delete a credential entry
Returns: true if the specified credential entry is removed from vault
false if the entry is not found in system
Throws: CredentialAccessException - If user doesn't have privilidge to remove the credential entry; CredentialVaultException - Error during delete a credential entry

cleanupResourceCredentialEntries

boolean cleanupResourceCredentialEntries(ResourceKey requestResource,
                                         String entryName)
                                         throws CredentialAccessException,
                                                CredentialVaultException

Delete credential entries associated with specified resource for all users

NOTE: Only user with administrive privildge can do this cleanup operation.
Delete non-existing credential entries do not fail in this method

Parameters: requestResource - the resource requesting to delete credential entries for all users; entryName - name to identify entry. If null, all entries associated with requestResource will be deleted.
Returns: true if any user customized credential entry associated with resource is removed from vault
false if entry is not found in system
Throws: CredentialAccessException - If user doesn't have administrative privilidge to remove credential entries; CredentialVaultException - Error during delete credential entries