Interface WSCredential
-
- All Superinterfaces:
java.io.Serializable
public interface WSCredential extends java.io.SerializableInterface that defines a Credential used represent an authenticated principal to WebSphere.
Authentication mechanisms are expected to implement this interface.
Several of the method return types in this interface are array types. If implementors internally store instance data as arrays for these methods, they should return a deep copy of the array so that modifying the return result does not also modify the internally stored array.
Once a credential has been created, it is typically immutable except for expiration time.
If a credential is expired, any method access generates a
CredentialExpiredException.Therefresh()method of theRefreshableinterface is not implemented. A new login must be performed.If a credential is destroyed, any method access generates a
CredentialDestroyedException.A destroyed credential can not be used.- Since:
- 1.0
- See Also:
Destroyable,Refreshable
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.Objectget(java.lang.String key)Allows user to get an Object based on a key.java.lang.StringgetAccessId()Returns a string value that represents the access-Id of the principal.byte[]getCredentialToken()Returns the credential token.longgetExpiration()Returns a long value that indicates when a credential will expire.java.util.ArrayListgetGroupIds()Returns a ArrayList which indicates the groups the authenticated principal is a member of.java.lang.StringgetOID()Returns the OID that identifies the authentication mechanism, for example:java.lang.StringgetPrimaryGroupId()Returns a string value that indicates the primary group the authenticated principal is a member of.java.lang.StringgetRealmName()Return the realm name.java.lang.StringgetRealmSecurityName()Returns the realm and the user principal name, the default implementation format isrealm/user principal name
.java.lang.StringgetRealmUniqueSecurityName()Returns the realm and the unique user name, the default implementation format isrealm/unique user name
.java.lang.StringgetSecurityName()Returns the user principal name.java.lang.StringgetUniqueSecurityName()Returns the unique user name as it applies to the configured user registry.booleanisBasicAuth()Determines if the credential is a BasicAuth credential or not.booleanisForwardable()Returns a boolean value that indicates if the credential is forwardable.booleanisUnauthenticated()Return true if the credential is an Unauthenticated Credential.java.lang.Objectset(java.lang.String key, java.lang.Object value)Allows user to set an Object based on a key.
-
-
-
Method Detail
-
getRealmName
java.lang.String getRealmName() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturn the realm name. The format of the realm name depends on the authentication targets, for example:
- LTPA: Returns the domain name of LTPA
- Kerberos: Returns the realm name of Kerberos
If there is no realm name,
nullis returned.- Returns:
- The realm name, a string, or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getSecurityName
java.lang.String getSecurityName() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the user principal name. If there is no principal name,
nullis returned.- Returns:
- The user principal name, a string, or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getRealmSecurityName
java.lang.String getRealmSecurityName() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the realm and the user principal name, the default implementation format is
realm/user principal name
. If there is no valid value,nullis returned.- Returns:
- The realm and user principal name, a string, or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getUniqueSecurityName
java.lang.String getUniqueSecurityName() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the unique user name as it applies to the configured user registry. For LDAP, this would might be the DistinguishedName. For LocalOS, this might return the unique name from the local registry. For Custom, this will be whatever the custom registry getUniqueUserId() API returns.
- Returns:
- The user unique name, a string, or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getRealmUniqueSecurityName
java.lang.String getRealmUniqueSecurityName() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the realm and the unique user name, the default implementation format is
realm/unique user name
. If there is no valid value,nullis returned.- Returns:
- The realm and unique user name, a string, or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getExpiration
long getExpiration() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns a long value that indicates when a credential will expire. The authentication mechanism determines if and when a credential expires typically when the credential was issued. The unit of measure is also determined by the actual authentication mechanism.
If there is no expiration time,
0is returned.- Returns:
- long.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getPrimaryGroupId
java.lang.String getPrimaryGroupId() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns a string value that indicates the primary group the authenticated principal is a member of.
If there is no primary group ID,
nullis returned.- Returns:
- String or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getAccessId
java.lang.String getAccessId() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns a string value that represents the access-Id of the principal. An access-Id is used to uniquely identity the principal in a user registry and is typically used during authorization checks.
If there is no access-Id
nullis returned.- Returns:
- String or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getGroupIds
java.util.ArrayList getGroupIds() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns a ArrayList which indicates the groups the authenticated principal is a member of.
If there are no groups, an empty List is returned.
- Returns:
- ArrayList
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
get
java.lang.Object get(java.lang.String key) throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionAllows user to get an Object based on a key. It is similar to a hash table.
- Parameters:
key- A String value,wssecurity.*
is keys reserved for WebSphere internal usage- Returns:
- return null if no object associated with the key
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
set
java.lang.Object set(java.lang.String key, java.lang.Object value) throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionAllows user to set an Object based on a key. It is similar to a hash table. Please do not use key values begin with
wssecurity.*
, thewssecurity
is the namespace reserved by WebSphere internal usage.- Parameters:
key- A String value,wssecurity.*
is keys reserved for WebSphere internal usagevalue- Object to be set to associate with the key- Returns:
- if there is already an object associated with the key prior to the set, then the object is returned, else null is returned
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
isUnauthenticated
boolean isUnauthenticated()
Return true if the credential is an Unauthenticated Credential.
- Returns:
- Return true if the credential is an Unauthenticated Credential.
-
getCredentialToken
byte[] getCredentialToken() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the credential token.
The Credential Token should be treated as an opaque object. It should be a deep copy of any byte array that an actual WSCredential implementation may use to store the token internally.
If there is no credential token,
nullis returned.- Returns:
- The Credential Token of a credential, a byte array or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
getOID
java.lang.String getOID() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns the OID that identifies the authentication mechanism, for example:
The OID is an object identifier in string format, e.g. 111.222.33 for instance.
If there is no OID,
nullis returned.- Returns:
- The OID of a credential or null.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
isBasicAuth
boolean isBasicAuth()
Determines if the credential is a BasicAuth credential or not. If a BasicAuth credential, it will contain data to authenticate a user, but cannot represent an authenticated user. If not a BasicAuth credential, it can be used for authorization decisions.
-
isForwardable
boolean isForwardable() throws CredentialDestroyedException, javax.security.auth.login.CredentialExpiredExceptionReturns a boolean value that indicates if the credential is forwardable. A forwardable credential can be propagated to other servers as part of a delegated remote method invocation. The authentication mechanism determines forwardability.
- Returns:
- boolean.
- Throws:
CredentialDestroyedException- Thrown if credential is destroyed.javax.security.auth.login.CredentialExpiredException- Thrown if credential is expired.
-
-