ChallengeIdentityAsserterV2
public interface IdentityAsserterV2
IdentityAsserter
interface exposes the methods that custom
Identity Assertion providers need to implement in order to provide token-based client
identity assertion. An Identity Assertion provider is a specific form of Authentication provider
that is used to establish a client's identity outside of the request.Modifier and Type | Field | Description |
---|---|---|
static java.lang.String |
AU_TYPE |
The
AuthenticatedUser token is an internal token and is only used when
communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. |
static java.lang.String |
AUTHORIZATION_NEGOTIATE |
The
AUTHORIZATION_NEGOTIATE token is an internal token and is used when
a web application utilizes the SPNEGO protocol to authenticate via Active Directory. |
static java.lang.String |
CSI_ANONYMOUS_TYPE |
The
CSI.ITTAnonymous token is an internal token and is only used when
CSIV2 is being used for communication. |
static java.lang.String |
CSI_DISTINGUISHED_NAME_TYPE |
The
CSI.DistinguishedName token is an internal token and is only used when
CSIV2 is being used for communication. |
static java.lang.String |
CSI_PRINCIPAL_TYPE |
The
CSI.PrincipalName token is an internal token and is only used when
CSIV2 is being used for communication. |
static java.lang.String |
CSI_X509_CERTCHAIN_TYPE |
The
CSI.X509CertChain token is an internal token and is only used when
CSIV2 is being used for communication. |
static java.lang.String |
GSS_KERBEROS_V5_AP_REQ |
The
GSS_KERBEROS_V5_AP_REQ token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST. |
static java.lang.String |
GSS_KERBEROS_V5_AP_REQ_1510 |
The
GSS_KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510. |
static java.lang.String |
GSS_KERBEROS_V5_AP_REQ_4120 |
The
GSS_KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120. |
static java.lang.String |
KERBEROS_V5_AP_REQ |
The
KERBEROS_V5_AP_REQ token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST. |
static java.lang.String |
KERBEROS_V5_AP_REQ_1510 |
The
KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST for RFC1510. |
static java.lang.String |
KERBEROS_V5_AP_REQ_4120 |
The
KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST for RFC4120. |
static java.lang.String |
SAML_ASSERTION_B64_TYPE |
The
SAML.Assertion64 token is used to identify a SAML token
that is a Base64 encoded SAML.Assertion . |
static java.lang.String |
SAML_ASSERTION_DOM_TYPE |
The
SAML.Assertion.DOM token is used to identify a SAML token
that is a DOM Element representation of a SAML.Assertion . |
static java.lang.String |
SAML_ASSERTION_TYPE |
The
SAML.Assertion token is used to identify a SAML token
in string XML form. |
static java.lang.String |
SAML2_ASSERTION_DOM_TYPE |
The
SAML2_ASSERTION_DOM_TYPE token is used to identify a SAML2 token
in DOM XML documentation. |
static java.lang.String |
SAML2_ASSERTION_TYPE |
The
SAML2_ASSERTION_TYPE token is used to identify a SAML2 token
in string XML format. |
static java.lang.String |
WSSE_PASSWORD_DIGEST_TYPE |
The
wsse:PasswordDigest token is an internal token and is used
when a web service utilizes the wsse:UsernameToken with a password type of
wsse:PasswordDigest. |
static java.lang.String |
WWW_AUTHENTICATE_NEGOTIATE |
The
WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used
when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism)
protocol for HTTP authentication. |
static java.lang.String |
X509_TYPE |
The
X.509 token is used to handle X.509 certificates passed in through
the HTTP header to the Servlet container. |
Modifier and Type | Method | Description |
---|---|---|
javax.security.auth.callback.CallbackHandler |
assertIdentity(java.lang.String type,
java.lang.Object token,
ContextHandler handler) |
Asserts an identity based on token identity information.
|
static final java.lang.String X509_TYPE
X.509
token is used to handle X.509 certificates passed in through
the HTTP header to the Servlet container.static final java.lang.String AU_TYPE
AuthenticatedUser
token is an internal token and is only used when
communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.
Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
is not relevant for this token type as it is never passed in via the Servlet container.static final java.lang.String CSI_PRINCIPAL_TYPE
CSI.PrincipalName
token is an internal token and is only used when
CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.)
Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
is not relevant for this token type as it is never passed in via the Servlet container.static final java.lang.String CSI_ANONYMOUS_TYPE
CSI.ITTAnonymous
token is an internal token and is only used when
CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.)
Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
is not relevant for this token type as it is never passed in via the Servlet container.static final java.lang.String CSI_X509_CERTCHAIN_TYPE
CSI.X509CertChain
token is an internal token and is only used when
CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.)
Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
is not relevant for this token type as it is never passed in via the Servlet container.static final java.lang.String CSI_DISTINGUISHED_NAME_TYPE
CSI.DistinguishedName
token is an internal token and is only used when
CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.)
Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
is not relevant for this token type as it is never passed in via the Servlet container.static final java.lang.String WSSE_PASSWORD_DIGEST_TYPE
wsse:PasswordDigest
token is an internal token and is used
when a web service utilizes the wsse:UsernameToken with a password type of
wsse:PasswordDigest. The web services container passes an object of type
weblogic.xml.security.UserInfo
when using this token type.Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
static final java.lang.String SAML_ASSERTION_TYPE
SAML.Assertion
token is used to identify a SAML token
in string XML form.static final java.lang.String SAML_ASSERTION_B64_TYPE
SAML.Assertion64
token is used to identify a SAML token
that is a Base64 encoded SAML.Assertion
.static final java.lang.String SAML_ASSERTION_DOM_TYPE
SAML.Assertion.DOM
token is used to identify a SAML token
that is a DOM Element representation of a SAML.Assertion
.static final java.lang.String SAML2_ASSERTION_TYPE
SAML2_ASSERTION_TYPE
token is used to identify a SAML2 token
in string XML format.static final java.lang.String SAML2_ASSERTION_DOM_TYPE
SAML2_ASSERTION_DOM_TYPE
token is used to identify a SAML2 token
in DOM XML documentation.static final java.lang.String WWW_AUTHENTICATE_NEGOTIATE
WWW-AUTHENTICATE_NEGOTIATE
token is an internal token and is used
when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism)
protocol for HTTP authentication. The servlet authentication filter requests the
initial challenge using this token type.
Base64 encoding is not relevant for this token type as it is passed in via the
Servlet authentication filter.static final java.lang.String AUTHORIZATION_NEGOTIATE
AUTHORIZATION_NEGOTIATE
token is an internal token and is used when
a web application utilizes the SPNEGO protocol to authenticate via Active Directory.
The Servlet authentication filter passes an object of type byte[]
when using this token type.
Base64 encoding is not relevant for this token type as it is passed in via the
Servlet authentication filter.static final java.lang.String KERBEROS_V5_AP_REQ
KERBEROS_V5_AP_REQ
token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST.static final java.lang.String GSS_KERBEROS_V5_AP_REQ
GSS_KERBEROS_V5_AP_REQ
token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST.static final java.lang.String KERBEROS_V5_AP_REQ_1510
KERBEROS_V5_AP_REQ_1510
token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST for RFC1510.static final java.lang.String GSS_KERBEROS_V5_AP_REQ_1510
GSS_KERBEROS_V5_AP_REQ_1510
token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.static final java.lang.String KERBEROS_V5_AP_REQ_4120
KERBEROS_V5_AP_REQ_4120
token is a base64 encoded string of raw
Kerberos V5 AP_REQUEST for RFC4120.static final java.lang.String GSS_KERBEROS_V5_AP_REQ_4120
GSS_KERBEROS_V5_AP_REQ_4120
token is a base64 encoded string of
GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.javax.security.auth.callback.CallbackHandler assertIdentity(java.lang.String type, java.lang.Object token, ContextHandler handler) throws IdentityAssertionException
CallbackHandler
will be passed
to the LoginModules to perform principal mapping. A null CallbackHandler
instance signifies that the anonymous user should be used.
This method is called every time identity assertion occurs, but the LoginModules
may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL
flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or
to disable the cache by setting the flag to -1).
It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).
type
- the type of token to use for identity assertion.token
- the actual token to be used to assert identity.handler
- a ContextHandler
object that can optionally
be used to obtain additional information that may be used in asserting
the identity. If the caller is unable to provide additional information,
a null
value should be specified.CallbackHandler
related to the identity, or null
to signify the anonymous user.IdentityAssertionException
- if the identity assertion fails.