KRBTokenConsumeCallbackHandler (IBM WebSphere Application Server, Release 8.5)

java.lang.Object
- com.ibm.websphere.wssecurity.callbackhandler.KRBTokenConsumeCallbackHandler

All Implemented Interfaces:

java.io.Serializable, javax.security.auth.callback.CallbackHandler
```
public class KRBTokenConsumeCallbackHandler
extends java.lang.Object
implements javax.security.auth.callback.CallbackHandler, java.io.Serializable
```
This class is a callback handler for Kerberos Token in consumer side. This instance is used to set into WSSConsumingContext object or to generate WSSVerification object and WSSDecryption object to validate a Kerberos token

See Also:
KRBToken, KRBTokenConsumeCallback, Serialized Form

Constructor Summary

Constructors
Constructor and Description
`KRBTokenConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)` Class constructor.
`KRBTokenConsumeCallbackHandler(javax.xml.namespace.QName tokenValueType, boolean requireDKT, java.lang.String clabel, java.lang.String slabel, int keylen, int noncelen, boolean supportTokenRequireSHA1, WSSDecryption decComponent, WSSVerification verComponent)` Class constructor - should be called to use derived key based on the session key from Kerberos token for message protection.
`KRBTokenConsumeCallbackHandler(javax.xml.namespace.QName tkntype, boolean supportTokenRequireSHA1, WSSDecryption decComponent, WSSVerification verComponent)` Class constructor - should be called to use Kerberos token as a supporting token or use the session key of Kerberos token for message protection.

Method Summary

Methods
Modifier and Type Method and Description

void handle(javax.security.auth.callback.Callback[] callbacks)
Sets necessary information to a KRBTokenConsumeCallback object.
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods
Modifier and Type	Method and Description
`void`	`handle(javax.security.auth.callback.Callback[] callbacks)` Sets necessary information to a `KRBTokenConsumeCallback` object.

- Constructor Detail
  - KRBTokenConsumeCallbackHandler
```
public KRBTokenConsumeCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
```
    Class constructor.
    
    Parameters:
    properties - map including key-value pairs
  - KRBTokenConsumeCallbackHandler
```
public KRBTokenConsumeCallbackHandler(javax.xml.namespace.QName tkntype,
                              boolean supportTokenRequireSHA1,
                              WSSDecryption decComponent,
                              WSSVerification verComponent)
```
    Class constructor - should be called to use Kerberos token as a supporting token or use the session key of Kerberos token for message protection.
    
    Parameters:
    tokenValueType - - Kerberos token's value type in QName defined by Oasis Kerberos Token Profile v1.1 specification.
    supportTokenRequireSHA1 - - boolean to require SHA1 key insertion into subsequent messages if the Kerberos token is used as a supporting or authentication only token. If set to true, the SHA1 key insertion is always consumed. If set to false, the SHA1 key insertion is consumed only if the Kerberos supporting token is protected.
    decComponent - - WSSDecryption object is used to specify the decryption component. However, when both verification and decryption are required, the same Kerberos token is used. Set decComponent and verComponent to null to initialize first for either decryption or verification component. Then, use the initialized component only in the callback handler constructor for the second component.
    verComponent - - WSSVerification object is used to specify the verification component. However, when both verification and decryption are required, the same Kerberos token is used. Set verComponent and decComponent to null to initialize first for either verification or decryption component. Then, use the initialized component only in the callback handler constructor for the second component.
  - KRBTokenConsumeCallbackHandler
```
public KRBTokenConsumeCallbackHandler(javax.xml.namespace.QName tokenValueType,
                              boolean requireDKT,
                              java.lang.String clabel,
                              java.lang.String slabel,
                              int keylen,
                              int noncelen,
                              boolean supportTokenRequireSHA1,
                              WSSDecryption decComponent,
                              WSSVerification verComponent)
```
    Class constructor - should be called to use derived key based on the session key from Kerberos token for message protection.
    
    Parameters:
    tokenValueType - - Kerberos token's value type in QName defined by Oasis Kerberos Token Profile v1.1 specification.
    requireDKT - - boolean value to indicate derived key token to be required
    clabel - - Client label used for the derived key. If null, default value is WS-SecureConversation
    slabel - - Service label used for the derived key. If null, default value is WS-SecureConversation
    keylen - - length of the derived key.
    noncelen - - length of the Nonce for the derived key.
    supportTokenRequireSHA1 - - boolean to require SHA1 key insertion into subsequent messages if the Kerberos token is used as a supporting or authentication only token. If set to true, the SHA1 key insertion is always consumed. If set to false, the SHA1 key insertion is consumed only if the Kerberos supporting token is protected.
    decComponent - - WSSDecryption object is used to specify the decryption component. However, when both verification and decryption are required, the same Kerberos token is used. Set decComponent and verComponent to null to initialize first for either decryption or verification component. Then, use the initialized component only in the callback handler constructor for the second component.
    verComponent - - WSSVerification object is used to specify the verification component. However, when both verification and decryption are required, the same Kerberos token is used. Set verComponent and decComponent to null to initialize first for either verification or decryption component. Then, use the initialized component only in the callback handler constructor for the second component.
- Method Detail
  - handle
```
public void handle(javax.security.auth.callback.Callback[] callbacks)
            throws java.io.IOException,
                   javax.security.auth.callback.UnsupportedCallbackException
```
    Sets necessary information to a KRBTokenConsumeCallback object.
    
    Specified by:
    
    handle in interface javax.security.auth.callback.CallbackHandler
    
    Parameters:
    callbacks - array of Callback objects provided by the underlying security service which contains the information requested to be retrieved or displayed.
    
    Throws:
    
    java.io.IOException - if an input or output error occurs.
    
    javax.security.auth.callback.UnsupportedCallbackException - if the implementation of this method does not support one or more of the Callbacks specified in the callbacks parameter.
    See Also:
    CallbackHandler.handle(javax.security.auth.callback.Callback[])

Methods inherited from class java.lang.Object

KRBTokenConsumeCallbackHandler

KRBTokenConsumeCallbackHandler

KRBTokenConsumeCallbackHandler

handle