IdentityAsserter (Java API Reference for Oracle WebLogic Server)

```
public interface IdentityAsserter
```
The IdentityAsserter interface exposes the methods that custom Identity Assertion providers need to implement in order to provide token-based client identity assertion. An Identity Assertion provider is a specific form of Authentication provider that is used to establish a client's identity outside of the request.

Field Summary

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`AU_TYPE`	The `AuthenticatedUser` token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.
`static java.lang.String`	`AUTHORIZATION_NEGOTIATE`	The `AUTHORIZATION_NEGOTIATE` token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory.
`static java.lang.String`	`CSI_ANONYMOUS_TYPE`	The `CSI.ITTAnonymous` token is an internal token and is only used when CSIV2 is being used for communication.
`static java.lang.String`	`CSI_DISTINGUISHED_NAME_TYPE`	The `CSI.DistinguishedName` token is an internal token and is only used when CSIV2 is being used for communication.
`static java.lang.String`	`CSI_PRINCIPAL_TYPE`	The `CSI.PrincipalName` token is an internal token and is only used when CSIV2 is being used for communication.
`static java.lang.String`	`CSI_X509_CERTCHAIN_TYPE`	The `CSI.X509CertChain` token is an internal token and is only used when CSIV2 is being used for communication.
`static java.lang.String`	`OIDC_TYPE`	The `OIDC_TYPE` token is used to handle OpenID Connect passed in through the HTTP header to the Servlet container.
`static java.lang.String`	`WEBLOGIC_JWT_TOKEN_TYPE`	The `weblogic-jwt-token` token is an internal token and is only used for internal apps Only the WebLogic Identity Assertion provider should handle this token type.
`static java.lang.String`	`WSSE_PASSWORD_DIGEST_TYPE`	The `wsse:PasswordDigest` token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest.
`static java.lang.String`	`WWW_AUTHENTICATE_NEGOTIATE`	The `WWW-AUTHENTICATE_NEGOTIATE` token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication.
`static java.lang.String`	`X509_TYPE`	The `X.509` token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`javax.security.auth.callback.CallbackHandler`	`assertIdentity(java.lang.String type, java.lang.Object token)`	Asserts an identity based on token identity information.

- Field Detail
  - X509_TYPE
```
static final java.lang.String X509_TYPE
```
    The X.509 token is used to handle X.509 certificates passed in through the HTTP header to the Servlet container.
    
    See Also:
    
    Constant Field Values
  - AU_TYPE
```
static final java.lang.String AU_TYPE
```
    The AuthenticatedUser token is an internal token and is only used when communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - WEBLOGIC_JWT_TOKEN_TYPE
```
static final java.lang.String WEBLOGIC_JWT_TOKEN_TYPE
```
    The weblogic-jwt-token token is an internal token and is only used for internal apps Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as an exception
    
    See Also:
    
    Constant Field Values
  - CSI_PRINCIPAL_TYPE
```
static final java.lang.String CSI_PRINCIPAL_TYPE
```
    The CSI.PrincipalName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - CSI_ANONYMOUS_TYPE
```
static final java.lang.String CSI_ANONYMOUS_TYPE
```
    The CSI.ITTAnonymous token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - CSI_X509_CERTCHAIN_TYPE
```
static final java.lang.String CSI_X509_CERTCHAIN_TYPE
```
    The CSI.X509CertChain token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - CSI_DISTINGUISHED_NAME_TYPE
```
static final java.lang.String CSI_DISTINGUISHED_NAME_TYPE
```
    The CSI.DistinguishedName token is an internal token and is only used when CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - WSSE_PASSWORD_DIGEST_TYPE
```
static final java.lang.String WSSE_PASSWORD_DIGEST_TYPE
```
    The wsse:PasswordDigest token is an internal token and is used when a web service utilizes the wsse:UsernameToken with a password type of wsse:PasswordDigest. The web services container passes an object of type weblogic.xml.security.UserInfo when using this token type. Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
    
    See Also:
    
    Constant Field Values
  - WWW_AUTHENTICATE_NEGOTIATE
```
static final java.lang.String WWW_AUTHENTICATE_NEGOTIATE
```
    The WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism) protocol for HTTP authentication. The servlet authentication filter requests the initial challenge using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.
    
    See Also:
    
    Constant Field Values
  - AUTHORIZATION_NEGOTIATE
```
static final java.lang.String AUTHORIZATION_NEGOTIATE
```
    The AUTHORIZATION_NEGOTIATE token is an internal token and is used when a web app utilizes the SPNEGO protocol to authenticate via Active Directory. The servlet authentication filter passes an object of type byte[] when using this token type. Base64 encoding is not relevant for this token type as it is passed in via the Servlet authentication filter.
    
    See Also:
    
    Constant Field Values
  - OIDC_TYPE
```
static final java.lang.String OIDC_TYPE
```
    The OIDC_TYPE token is used to handle OpenID Connect passed in through the HTTP header to the Servlet container.
    
    See Also:
    
    Constant Field Values
- Method Detail
  - assertIdentity
```
javax.security.auth.callback.CallbackHandler assertIdentity(java.lang.String type,
                                                            java.lang.Object token)
                                                     throws IdentityAssertionException
```
    Asserts an identity based on token identity information. An instance of the Identity Assertion provider's CallbackHandler will be passed to the LoginModules to perform principal mapping. A null CallbackHandler instance signifies that the anonymous user should be used.
    This method is called every time identity assertion occurs, but the LoginModules may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or to disable the cache by setting the flag to -1).
    It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).
    
    Parameters:
    
    type - the type of token to use for identity assertion
    
    token - the actual token to be used to assert identity
    
    Returns:
    
    a CallbackHandler related to the identity, or null to signify the anonymous user
    
    Throws:
    
    IdentityAssertionException - if the identity assertion fails.

Interface IdentityAsserter

Field Summary

Method Summary

Field Detail

X509_TYPE

AU_TYPE

WEBLOGIC_JWT_TOKEN_TYPE

CSI_PRINCIPAL_TYPE

CSI_ANONYMOUS_TYPE

CSI_X509_CERTCHAIN_TYPE

CSI_DISTINGUISHED_NAME_TYPE

WSSE_PASSWORD_DIGEST_TYPE

WWW_AUTHENTICATE_NEGOTIATE

AUTHORIZATION_NEGOTIATE

OIDC_TYPE

Method Detail

assertIdentity