public class WSOpaqueTokenHelper
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
customPrincipalTokensHeader |
static java.lang.String |
customPrincipalTokensHeaderEnding |
static java.lang.String |
customPrivateTokensHeader |
static java.lang.String |
customPrivateTokensHeaderEnding |
static java.lang.String |
customPublicTokensHeader |
static java.lang.String |
customPublicTokensHeaderEnding |
static java.lang.String |
customTokensHeader |
static java.lang.String |
tokenHeader |
static java.lang.String |
wsCredHashHeader |
static java.lang.String |
wsTokensHeader |
Modifier and Type | Method and Description |
---|---|
byte[] |
createOpaqueTokenFromSubject(javax.security.auth.Subject subject)
This method is called from the RMI Outbound LoginModule to get
the opaque token used for the CSIv2 authorization token.
|
byte[] |
createOpaqueTokenFromTokenHolderList(javax.security.auth.Subject subject,
java.util.ArrayList tokenHolders)
This method is called from the WSOpaqueTokenHelper.createOpaqueTokenFromSubject()
to create the byte[] from the ArrayList of token types.
|
java.util.ArrayList |
createTokenHolderListFromOpaqueToken(byte[] opaque_token)
This method is called by the RMI protocol to get the ArrayList
of TokenHolder objects which are passed into the login via
the WSTokenHolderCallback.
|
static java.lang.Object |
deserialize(byte[] buf)
Deserialize an object
|
static WSOpaqueTokenHelper |
getInstance() |
java.lang.String |
getOpaqueTokenLookup() |
java.lang.String |
getOpaqueTokenName() |
int |
getOpaqueTokenVersion() |
static byte[] |
serialize(java.lang.Object src)
Serialize an object
|
public static final java.lang.String tokenHeader
public static final java.lang.String wsCredHashHeader
public static final java.lang.String wsTokensHeader
public static final java.lang.String customTokensHeader
public static final java.lang.String customPublicTokensHeader
public static final java.lang.String customPublicTokensHeaderEnding
public static final java.lang.String customPrivateTokensHeader
public static final java.lang.String customPrivateTokensHeaderEnding
public static final java.lang.String customPrincipalTokensHeader
public static final java.lang.String customPrincipalTokensHeaderEnding
public static WSOpaqueTokenHelper getInstance()
public java.lang.String getOpaqueTokenName()
public java.lang.String getOpaqueTokenLookup()
public int getOpaqueTokenVersion()
public byte[] createOpaqueTokenFromSubject(javax.security.auth.Subject subject) throws com.ibm.websphere.security.auth.WSLoginFailedException
This method is called from the RMI Outbound LoginModule to get the opaque token used for the CSIv2 authorization token. It combines the authorization token(s) + propagation token(s) + WSCredential hash table + custom objects to create an opaque token that can be regenerated at the target.
The following is the format of the opaque token (version 1) which is identified using the OMG VMCID 0x494210CF. Any other token flowing in the CSIv2 authorization token layer will have a different VMCID and thus a different format. It's possible for different versions of this token (WSOPAQUE) to be carried using the same VMCID. The token version can be identified during deserialization and the appropriate method for deserializing can be chosen at that time.
Token Header = "WSOPAQUE" Token Version (byte) = 1 (optional) { WSCred Hashtable Header = "WSCREDHASH" Hashtable length (integer) = length Hashtable bytes } WebSphere Token(s) Header = "WSTOKEN" Number of tokens present (byte) = # of tokens (sequence of) [ Token name length (byte) = length Token name bytes = token name (typically the class name) Token version (byte) = version Token bytes length (byte) = length Token bytes = token ] (optional) { Custom Token(s) Header = "CUSTOM" Number of custom tokens present (byte) = # of tokens (sequence of) [ Token name length (byte) = length Token name bytes = token name (either "CUSTOM_PUBLIC", "CUSTOM_PRIVATE" or "CUSTOM_PRINCIPAL") Token version (byte) = version Token bytes length (byte) = length Token bytes = token ] }
com.ibm.websphere.security.auth.WSLoginFailedException
public byte[] createOpaqueTokenFromTokenHolderList(javax.security.auth.Subject subject, java.util.ArrayList tokenHolders) throws java.lang.Exception
This method is called from the WSOpaqueTokenHelper.createOpaqueTokenFromSubject() to create the byte[] from the ArrayList of token types.
java.lang.Exception
public java.util.ArrayList createTokenHolderListFromOpaqueToken(byte[] opaque_token) throws com.ibm.websphere.security.WSSecurityException
This method is called by the RMI protocol to get the ArrayList of TokenHolder objects which are passed into the login via the WSTokenHolderCallback. The RMI Inbound login modules handle deserializing the majority of the TokenHolders in this list. Custom login modules need to only be concerned with deserializing the custom AuthorizationToken or PropagationToken implementations which may have custom encryption (why we cannot deserialize it).
com.ibm.websphere.security.WSSecurityException
public static byte[] serialize(java.lang.Object src) throws java.lang.Exception
java.lang.Exception
public static java.lang.Object deserialize(byte[] buf) throws java.lang.Exception
java.lang.Exception