weblogic.security.spi

Interface CredentialMapperV2

public interface CredentialMapperV2

The CredentialMapperV2 interface defines the security service provider interface (SSPI) for objects capable of obtaining the appropriate set of credentials for a particular resource that is scoped within an application.

An implementation of the CredentialMapperV2 interface is the part of a Credential Mapping provider that must return at least two specific credential formats:

• Password credentials must be returned as a character array.
• User-Password credentials must be returned as an instance of the javax.resource.spi.security.PasswordCredential class.

Credential Mapping providers may implement other types of objects that represent other types of credentials in addition to the ones listed above.

Field Summary

Fields

Modifier and Type	Field and Description
static String	GSS_KERBEROS_V5_AP_REQ The GSS_KERBEROS_V5_AP_REQ token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST.
static String	GSS_KERBEROS_V5_AP_REQ_1510 The GSS_KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.
static String	GSS_KERBEROS_V5_AP_REQ_4120 The GSS_KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.
static String	KERBEROS_V5_AP_REQ The KERBEROS_V5_AP_REQ token is a base64 encoded string of raw Kerberos V5 AP_REQUEST.
static String	KERBEROS_V5_AP_REQ_1510 The KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC1510.
static String	KERBEROS_V5_AP_REQ_4120 The KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC4120.
static String	PASSWORD_TYPE The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods.
static String	PKI_KEY_PAIR_TYPE The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods.
static String	PKI_TRUSTED_CERTIFICATE_TYPE The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods.
static String	SAML_ASSERTION_B64_TYPE The SAML.Assertion64 token is used to identify a SAML token that is a Base64 encoded SAML.Assertion.
static String	SAML_ASSERTION_DOM_TYPE The SAML.Assertion.DOM token is used to identify a SAML token that is a DOM Element representation of a SAML.Assertion.
static String	SAML_ASSERTION_TYPE The SAML.Assertion token is used to identify a SAML token in string XML form.
static String	SAML2_ASSERTION_DOM_TYPE The SAML2.Assertion.DOM token is used to identify a SAML 2.0 token that is a DOM Element representation of a SAML.Assertion.
static String	SAML2_ASSERTION_TYPE The SAML2.Assertion token is used to identify a SAML 2.0 token in string XML form.
static String	SPNEGO_TOKEN_TYPE The static credentials type used for acquiring SPNEGO token with credential mapping provider.
static String	USER_PASSWORD_TYPE The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods.
static String	WEBLOGIC_OAUTH2_JWT_ACCESS_TOKEN_TYPE The static credentials type used for acquiring OAuth2 style JWT access token with credential mapping provider.

Method Summary

Modifier and Type	Method and Description
Object	getCredential(Subject requestor, String initiator, Resource resource, ContextHandler handler, String credType) Returns credential of the specified type from the target resource associated with the specified initiator.
Object[]	getCredentials(Subject requestor, Subject initiator, Resource resource, ContextHandler handler, String credType) Returns credentials of the specified type from the target resource associated with the specified initiator.

Field Detail

PASSWORD_TYPE

static final String PASSWORD_TYPE

The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods. It is associated with credentials of type char[]

See Also:

Constant Field Values

USER_PASSWORD_TYPE

static final String USER_PASSWORD_TYPE

The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods. It is associated with credentials of type javax.resource.spi.security.PasswordCredential

See Also:

Constant Field Values

PKI_KEY_PAIR_TYPE

static final String PKI_KEY_PAIR_TYPE

The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods. It is associated with credentials of type PKICredential to retrieve the key pair.

See Also:

Constant Field Values

PKI_TRUSTED_CERTIFICATE_TYPE

static final String PKI_TRUSTED_CERTIFICATE_TYPE

The static credentials type identifier that is used by the WebLogic Security Framework and passed to the WebLogic Credential Mapping provider through the Credential Manager in the getCredential methods. It is associated with credentials of type PKICredential to retrieve the trusted certificate.

See Also:

Constant Field Values

SPNEGO_TOKEN_TYPE

static final String SPNEGO_TOKEN_TYPE

The static credentials type used for acquiring SPNEGO token with credential mapping provider.

See Also:

Constant Field Values

SAML_ASSERTION_TYPE

static final String SAML_ASSERTION_TYPE

The SAML.Assertion token is used to identify a SAML token in string XML form.

See Also:

Constant Field Values

SAML_ASSERTION_B64_TYPE

static final String SAML_ASSERTION_B64_TYPE

The SAML.Assertion64 token is used to identify a SAML token that is a Base64 encoded SAML.Assertion.

See Also:

Constant Field Values

SAML_ASSERTION_DOM_TYPE

static final String SAML_ASSERTION_DOM_TYPE

The SAML.Assertion.DOM token is used to identify a SAML token that is a DOM Element representation of a SAML.Assertion.

See Also:

Constant Field Values

SAML2_ASSERTION_TYPE

static final String SAML2_ASSERTION_TYPE

The SAML2.Assertion token is used to identify a SAML 2.0 token in string XML form.

See Also:

Constant Field Values

SAML2_ASSERTION_DOM_TYPE

static final String SAML2_ASSERTION_DOM_TYPE

The SAML2.Assertion.DOM token is used to identify a SAML 2.0 token that is a DOM Element representation of a SAML.Assertion.

See Also:

Constant Field Values

KERBEROS_V5_AP_REQ

static final String KERBEROS_V5_AP_REQ

The KERBEROS_V5_AP_REQ token is a base64 encoded string of raw Kerberos V5 AP_REQUEST.

See Also:

Constant Field Values

GSS_KERBEROS_V5_AP_REQ

static final String GSS_KERBEROS_V5_AP_REQ

The GSS_KERBEROS_V5_AP_REQ token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST.

See Also:

Constant Field Values

KERBEROS_V5_AP_REQ_1510

static final String KERBEROS_V5_AP_REQ_1510

The KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC1510.

See Also:

Constant Field Values

GSS_KERBEROS_V5_AP_REQ_1510

static final String GSS_KERBEROS_V5_AP_REQ_1510

The GSS_KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.

See Also:

Constant Field Values

KERBEROS_V5_AP_REQ_4120

static final String KERBEROS_V5_AP_REQ_4120

The KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of raw Kerberos V5 AP_REQUEST for RFC4120.

See Also:

Constant Field Values

GSS_KERBEROS_V5_AP_REQ_4120

static final String GSS_KERBEROS_V5_AP_REQ_4120

The GSS_KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.

See Also:

Constant Field Values

WEBLOGIC_OAUTH2_JWT_ACCESS_TOKEN_TYPE

static final String WEBLOGIC_OAUTH2_JWT_ACCESS_TOKEN_TYPE

The static credentials type used for acquiring OAuth2 style JWT access token with credential mapping provider.

See Also:

Constant Field Values

Method Detail

getCredential

Object getCredential(Subject requestor,
                     String initiator,
                     Resource resource,
                     ContextHandler handler,
                     String credType)

Returns credential of the specified type from the target resource associated with the specified initiator. Returns null if no credentials were found.

This method will be called when the initiator identity is a an alias or symbolic name, including when the identity is an external user.

Parameters:

requestor - subject requesting credentials

initiator - the identity for which credentials are retrieved

resource - the resource for which credentials are requested

handler - a ContextHandler with optional extra data

credType - credential type

Returns:

Credential of the specified type from the target resource associated with the specified subject

getCredentials

Object[] getCredentials(Subject requestor,
                        Subject initiator,
                        Resource resource,
                        ContextHandler handler,
                        String credType)

Returns credentials of the specified type from the target resource associated with the specified initiator. Returns null if no credentials were found.

This method will be called when the initiator identity is a WebLogic user or group in order that the (optional) identity domain information is available from principals that implement IdentityDomainPrincipal.

Parameters:

requestor - Subject requesting credentials

initiator - the identity for which credentials are retrieved

resource - the resource for which credentials are requested

handler - a ContextHandler with optional extra data

credType - credential type

Returns:

Credentials of the specified type from the target resource associated with the specified subject