com.ibm.websphere.security

Class WSSecurityHelper

  • java.lang.Object
    • com.ibm.websphere.security.WSSecurityHelper

  • public final class WSSecurityHelper
extends java.lang.Object

    This class is for generic Websphere security helper methods.

    Since:
    WAS 5.1.1
    Version:
    WAS 5.1.1

    • Constructor Summary

      Constructors 
      Constructor and Description
      WSSecurityHelper() 

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      static java.lang.String[] addPropagationAttribute(java.lang.String key, java.lang.String value)
      This method is used for setting an attribute (String value) in the default propagation token.
      static byte[] convertCookieStringToBytes(java.lang.String cookieString)
      This method is used to convert an SSO cookie taken directly from an HttpServletRequest back into the original byte[] used to create the cookie from the getBytes() method on the SingleSignonToken interface.
      static java.lang.String[] getCallerList()
      This returns the entire caller list for this invocation.
      static java.lang.String getFirstCaller()
      This method gets the first caller for this invocation from the PropagationToken on the current thread of execution.
      static java.lang.String getFirstServer()
      This gets the first WebSphere server name where a login occurred for this invocation from the PropagationToken on the current thread of execution in the form Cell:Node:Server.
      static javax.servlet.http.Cookie getLTPACookieFromSSOToken()
      Deprecated. 
      As of WAS 8.5, this API has been replaced with com.ibm.websphere.security.web.WebSecurityHelper.getSSOCookieFromSSOToken
      static java.lang.String[] getPropagationAttributes(java.lang.String key)
      This method is used to retrieve an array of attributes (String[] value) from the default propagation token on the thread of execution.
      static java.lang.String[] getServerList()
      This returns the entire server list for this invocation in the form of "Cell:Node:Server".
      static boolean isGlobalSecurityEnabled()
      This method returns the state of security enablement for the entire cell.
      static boolean isServerSecurityEnabled()
      This method returns the state of security enablement for the process.
      static void revokeSSOCookies(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
      Deprecated. 
      As of WAS 8.5, this API has been replaced with javax.servlet.http.HttpServletRequest.logout
      static void revokeSSOCookiesForPortlets(javax.portlet.ActionRequest actionReq, javax.portlet.ActionResponse actionRes)
      revokeSSOCookiesForPortlets(ActionRequest, ActionResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies for portlets if SSO is enabled.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • WSSecurityHelper

        public WSSecurityHelper()

    • Method Detail

      • isServerSecurityEnabled

        public static boolean isServerSecurityEnabled()

        This method returns the state of security enablement for the process. If global security is enabled, but an application server security is disabled This property returns the state of security just for that application server. This property will always return false when global security is disabled.

        Returns:
        boolean

      • isGlobalSecurityEnabled

        public static boolean isGlobalSecurityEnabled()

        This method returns the state of security enablement for the entire cell. If this API is called from within an application server where security has been explicitly disabled for the server, but the global security is enabled for the cell, this API will return true. This is useful to determine if Administrative security is enabled within a particular process. Admisitrative security is always enabled with global security, regardless of the state of the server security enablement.

        Returns:
        boolean

      • getFirstCaller

        public static java.lang.String getFirstCaller()

        This method gets the first caller for this invocation from the PropagationToken on the current thread of execution. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled). The caller will be returned in the form of "username".

        This method is only applicable on the server-side.

        Returns:
        String

      • getFirstServer

        public static java.lang.String getFirstServer()

        This gets the first WebSphere server name where a login occurred for this invocation from the PropagationToken on the current thread of execution in the form Cell:Node:Server. This will return null if no authenticated user has logged in yet. This will return null if a PropagationToken does not exist on the thread (for example, if Propagation is disabled).

        This method is only applicable on the server-side.

        Returns:
        String

      • getCallerList

        public static java.lang.String[] getCallerList()

        This returns the entire caller list for this invocation. Each caller in the String[] will be in the form of "Cell:Node:Server:Caller". The list comes from the security context in the current thread. The order of the list is the order of the callers for the invocation. The first caller will be the 0 index into the String[]. The last caller will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.

        This method is only applicable on the server-side.

        Returns:
        String[]

      • getServerList

        public static java.lang.String[] getServerList()

        This returns the entire server list for this invocation in the form of "Cell:Node:Server". The list comes from the security context in the current thread. The order of the list is the order of the servers for the invocation. The first server will be the 0 index into the String[]. The last server will be the array.length-1 index into the String[]. This will return null if no authenticated user has logged in yet. This will return null if security attribute propagation is disabled.

        This method is only applicable on the server-side.

        Returns:
        String[]

      • getPropagationAttributes

        public static java.lang.String[] getPropagationAttributes(java.lang.String key)
                                                   throws WSSecurityException

        This method is used to retrieve an array of attributes (String[] value) from the default propagation token on the thread of execution. There are two default keys which cannot be set by application code but can be retrieved. These keys are: "com.ibm.wsspi.security.propagation.callers", this returns an array of callers where context switches have occurred. Normally, only valid authenticated users will be shown in the format of "realm/caller". "com.ibm.wsspi.security.propagation.hosts", this returns a String array of hosts which this propagation token has been on in the format of: "Cell:Node:Server". Element 0 in the String[] will be the first host. Element length-1 in the String[] will be the last host. If a propagation token is not present on the thread, then null will be returned. If the key is not present in the propagation token, then null will be returned. A WSSecurityException is thrown for any other unknown problems. Any application calling this API needs to have the following Java 2 Security permission specified: javax.security.auth.AuthPermission("wssecurity.getPropagationAttributes").

        Parameters:
        key - String
        value - String
        Returns:
        String[]
        Throws:
        WSSecurityException

      • addPropagationAttribute

        public static java.lang.String[] addPropagationAttribute(java.lang.String key,
                                         java.lang.String value)
                                                  throws WSSecurityException

        This method is used for setting an attribute (String value) in the default propagation token. This sets an attribute in the token that is present on the thread of execution. A propagation token is only created once a valid authenticated user is on the thread of excecution. If you try to set a value prior to a valid propagation token being present on the thread, a token will get created and the value will get set. The originating caller will be "UNAUTHENTICATED". If a value has been set for the key you are specifying, the previous value will be returned and the new value will be set. You may not use a key that begins with "com.ibm.wsspi.security.*" or "com.ibm.websphere.security.*". These are reserved key prefixes. A WSSecurityException is thrown for unknown problems. This exception would likely contain the root cause exception by calling getCause() on WSSecurityException. Any application calling this API needs to have the following Java 2 Security permission specified: javax.security.auth.AuthPermission("wssecurity.addPropagationAttribute").

        Parameters:
        key - String
        value - String
        Returns:
        String
        Throws:
        WSSecurityException

      • convertCookieStringToBytes

        public static byte[] convertCookieStringToBytes(java.lang.String cookieString)

        This method is used to convert an SSO cookie taken directly from an HttpServletRequest back into the original byte[] used to create the cookie from the getBytes() method on the SingleSignonToken interface. This byte[] can then be used to recreate the SingleSignonToken object. Refer to the Security Attribute Propagation documentation for more information.

        Parameters:
        cookieString - String
        Returns:
        byte[]

      • revokeSSOCookies

        public static void revokeSSOCookies(javax.servlet.http.HttpServletRequest req,
                    javax.servlet.http.HttpServletResponse res)
        Deprecated. As of WAS 8.5, this API has been replaced with javax.servlet.http.HttpServletRequest.logout

        revokeSSOCookies(HttpServletRequest, HttpServletResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies if SSO is enabled.

        Parameters:
        req - HttpServletRequest
        res - HttpServletResponse
        See Also:
        HttpServletRequest.logout()

      • revokeSSOCookiesForPortlets

        public static void revokeSSOCookiesForPortlets(javax.portlet.ActionRequest actionReq,
                               javax.portlet.ActionResponse actionRes)

        revokeSSOCookiesForPortlets(ActionRequest, ActionResponse) method removes the WebSphere Application Server Single Sign-on (SSO) cookies for portlets if SSO is enabled. This also invalidates the portlet session.

        Parameters:
        req - ActionRequest
        res - ActionResponse

      • getLTPACookieFromSSOToken

        public static javax.servlet.http.Cookie getLTPACookieFromSSOToken()
                                                           throws java.lang.Exception
        Deprecated. As of WAS 8.5, this API has been replaced with com.ibm.websphere.security.web.WebSecurityHelper.getSSOCookieFromSSOToken
        Extracts an LTPA sso cookie from the subject of current thread and builds a ltpa cookie out of it for use on downstream web invocations. caller must check for null return value only when not null that getName and getValue can be invoked on the returned Cookie object
        Returns:
        an object of type javax.servlet.http.Cookie. When the returned value is noo * null use Cookie methods getName() and getValue() to set the Cookie header on an http request with header value of Cookie.getName()=Cookie.getValue()
        Throws:
        java.lang.Exception
        See Also:
        WebSecurityHelper.getSSOCookieFromSSOToken()
IBM WebSphere Application ServerTM
Release 8.5