IdentityAsserter (Oracle WebLogic Server API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware
Oracle WebLogic Server API Reference
11g Release 1 (10.3.3)

Part Number E13941-03

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

weblogic.security.spi
Interface IdentityAsserter

All Known Subinterfaces:: ChallengeIdentityAsserter

public interface IdentityAsserter

The IdentityAsserter interface exposes the methods that custom Identity Assertion providers need to implement in order to provide token-based client identity assertion. An Identity Assertion provider is a specific form of Authentication provider that is used to establish a client's identity outside of the request.

Field Summary
`static String`	`AU_TYPE` The `AuthenticatedUser` token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.
`static String`	`AUTHORIZATION_NEGOTIATE` The `AUTHORIZATION_NEGOTIATE` token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory.
`static String`	`CSI_ANONYMOUS_TYPE` The `CSI.ITTAnonymous` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_DISTINGUISHED_NAME_TYPE` The `CSI.DistinguishedName` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_PRINCIPAL_TYPE` The `CSI.PrincipalName` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`CSI_X509_CERTCHAIN_TYPE` The `CSI.X509CertChain` token is an internal token and is only used when CSIV2 is being used for communication.
`static String`	`WSSE_PASSWORD_DIGEST_TYPE` The `wsse:PasswordDigest` token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest.
`static String`	`WWW_AUTHENTICATE_NEGOTIATE` The `WWW-AUTHENTICATE_NEGOTIATE` token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication.
`static String`	`X509_TYPE` The `X.509` token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

Method Summary
`CallbackHandler`	`assertIdentity(String type, Object token)` Asserts an identity based on token identity information.

Field Detail

X509_TYPE

static final String X509_TYPE

The X.509 token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

See Also:: Constant Field Values

AU_TYPE

static final String AU_TYPE

The AuthenticatedUser token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_PRINCIPAL_TYPE

static final String CSI_PRINCIPAL_TYPE

The CSI.PrincipalName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_ANONYMOUS_TYPE

static final String CSI_ANONYMOUS_TYPE

The CSI.ITTAnonymous token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_X509_CERTCHAIN_TYPE

static final String CSI_X509_CERTCHAIN_TYPE

The CSI.X509CertChain token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

CSI_DISTINGUISHED_NAME_TYPE

static final String CSI_DISTINGUISHED_NAME_TYPE

The CSI.DistinguishedName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

WSSE_PASSWORD_DIGEST_TYPE

static final String WSSE_PASSWORD_DIGEST_TYPE

The wsse:PasswordDigest token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest. The web services container passes an object of type weblogic.xml.security.UserInfo when using this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.

See Also:: Constant Field Values

WWW_AUTHENTICATE_NEGOTIATE

static final String WWW_AUTHENTICATE_NEGOTIATE

The WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication. The servlet authentication filter requests the initial challenge using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

See Also:: Constant Field Values

AUTHORIZATION_NEGOTIATE

static final String AUTHORIZATION_NEGOTIATE

The AUTHORIZATION_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory. The servlet authentication filter passes an object of type byte[] when using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.

See Also:: Constant Field Values

Method Detail

assertIdentity

CallbackHandler assertIdentity(String type,
                               Object token)
                               throws IdentityAssertionException

Asserts an identity based on token identity information. An instance of the Identity Assertion provider's CallbackHandler will be passed to the LoginModules to perform principal mapping. A null CallbackHandler instance signifies that the anonymous user should be used.

This method is called every time identity assertion occurs, but the LoginModules may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or to disable the cache by setting the flag to -1).

It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).

Parameters:: type - the type of token to use for identity assertion; token - the actual token to be used to assert identity
Returns:: a CallbackHandler related to the identity, or null to signify the anonymous user
Throws:: IdentityAssertionException - if the identity assertion fails.