SecureTokenManager (IBM WebSphere eXtreme Scale API Specification)

Overview

Package

Class

Tree

Serialized

Deprecated

Index

Help

IBM WebSphere^TM eXtreme Scale, Release 8.6
API Specification

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.websphere.objectgrid.security.plugins
Interface SecureTokenManager

public interface SecureTokenManager

This interface is used by ObjectGrid servers to transform an object to a secure token and vice versa. A secure token is a byte array.

Here is one example of a possible usage: When a server joins the cluster, the joining server needs to present a password to the president server in the cluster. Before sending the password out, the joining server calls the generateToken(Object) method to generate a token for this password. The token should be hard to break so the password can be protected securely. The token will then be sent across the wire. Usually the token is associated with a time stamp so the malicious replay attack will be difficult. On the receving side, the server calls the verifyToken(byte[]) method to verfiy the token and reconstruct the corresponding object from the token.

ObjectGrid utilizes JCE to provide a default implementation of this interface. In this implementation, when generating the token, the object is encrypted with a time stamp and then signed. To verify a token, the token's signature is verified and then decrypted. This implementation will need a key store configured in the ObjectGrid servers to support the data encrypting and decrypting and signature signing and verifying. Please use security.ogserver.props for the secure token key settings.

An implementation class should have a default constructor. Users can set the CustomSecureTokenManagerProps property in the server security configuration property file. This property will be set on the object using the setProperties(String) method.

Since:: WAS XD 6.0.1
See Also:: SecurityConstants.SECURE_TOKEN_MANAGER_CUSTOM_STRING, SecurityConstants.SECURE_TOKEN_MANAGER_DEFAULT_STRING

Method Summary
`byte[]`	`generateToken(Object o)` Generates the token for the specified object.
`void`	`setProperties(String properties)` Sets the user defined properties to the factory.
`Object`	`verifyToken(byte[] bytes)` Verifies the token and reconstruct the object.

Method Detail

generateToken

byte[] generateToken(Object o)
                     throws ObjectGridSecurityException

Generates the token for the specified object.

The generated token should be hard to break.

Parameters:: o - the object to be protected
Returns:: a token representing the object to be protected
Throws:: ObjectGridSecurityException - if any exception occurs during generation of the token byte array

verifyToken

Object verifyToken(byte[] bytes)
                   throws ObjectGridSecurityException

Verifies the token and reconstruct the object.

Parameters:: bytes - the token byte array representing the protected object.
Returns:: the protected object
Throws:: ObjectGridSecurityException - if any exception occurs during verification of the token byte array

setProperties

void setProperties(String properties)

Sets the user defined properties to the factory.

This method is used to set SecureTokenManager properties to the object. These properties can be set using the "SecureTokenManagerProps" property in the server security configuration property file. This way, you can customize your factory.

Parameters:: properties - user defined properties