ImpersonationADFSecurityContextCredentialProvider (Oracle Fusion Middleware Java API Reference for Oracle WebCenter Content Remote Intradoc Client (RIDC))

Skip navigation links

Oracle® Fusion Middleware Java API Reference for Oracle WebCenter Content Remote Intradoc Client (RIDC)
12c (12.2.1.4.0)
E95392-01

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- oracle.wcc.ridc.adfca.session.auth.ImpersonationADFSecurityContextCredentialProvider

All Implemented Interfaces:

RidcCredentialProvider
```
public class ImpersonationADFSecurityContextCredentialProvider
extends Object
implements RidcCredentialProvider
```
Warning 1 - Be very careful with sticky impersonation:
Should the session associated with an IdcContext expire, it is possible with certain RIDC protocols that the connection may be silently re-established using the actual impersonator user rather than the impersonatee intended. Subsequently, the request to UCM will go across using the impersonator user rather than the impersonatee (person being impersonated) which could have bad security consequences.
Warning 2 - If the end-user is able to inject properties in to the DataBinder without sanitization, and sticky impersonation is active, a malicious end-user could supply the property "StickyImpersonation" with value "false" in a request, which would restore the connection back as the impersonator user.

Constructor Summary

Constructors
Constructor and Description

ImpersonationADFSecurityContextCredentialProvider()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`IdcContext`	`getCredential(RidcConnection connection, boolean anonymousFallbackAllowed)` Get a suitable credential for the connected ADF session-scope party to use for a session pool session

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ImpersonationADFSecurityContextCredentialProvider
```
public ImpersonationADFSecurityContextCredentialProvider()
```
- Method Detail
  - getCredential
```
public IdcContext getCredential(RidcConnection connection,
                                boolean anonymousFallbackAllowed)
```
    Description copied from interface: RidcCredentialProvider
    
    Get a suitable credential for the connected ADF session-scope party to use for a session pool session
    
    Specified by:
    
    getCredential in interface RidcCredentialProvider
    
    Parameters:
    
    connection - the connection associated with the credential request
    
    anonymousFallbackAllowed - whether if a suitable credential cannot be identified to fallback to the anonymous IdcContext credential
    
    Returns:
    
    an IdcContext credential to leverage, or null if no suitable/valid credential could be determined.

Skip navigation links

Oracle® Fusion Middleware Java API Reference for Oracle WebCenter Content Remote Intradoc Client (RIDC)
12c (12.2.1.4.0)
E95392-01

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2008, 2019, Oracle and/or its affiliates. All rights reserved.