| IBM WebSphere Extended Deployment (XD)TM
Release 6.0.1 |
com.ibm.websphere.objectgrid.security.plugins
SecureTokenManager
This interface is used on the ObjectGrid servers to transfor an object to a secure toke and vice
versa. A secure token is a byte array.
Here is one example of possible usages: When a server joins the cluster, the joining server needs to present a password
to the preseident server in the clusters. Before sending the password out, the joining server calls
#generateToken(Object) to generate a token for this password. This token will then be sent
across the wire. Usually the token is associated with a time stamp so the malicious replay attack
will be difficult. On the receving side, the server calls #verifyToken(byte[]) to verfiy the
token and reconstruct the Object from the token.
WebSphere object utilize the JCE to provide a default implementation of this interface. In this
implementation, to generate the toke, the object is encrypted with a time stamp and then signed, and
to verify a token, the token's signature is verified and then decrypted. This implementation will need
a key store configured in the ObjectGrid servers so support the data encrypting/decrypting and signature
signing/verifying. Please see
{@link com.ibm.websphere.objectgrid.security.config.ServerSecurityConfiguration) for the secure token key settings.
generateToken
public byte generateToken( | | Object o )
|
Generate the token for an object
Parameters:
o
-
the object to be protected
Returns:
a token representing the object to be protected
Throws:
com.ibm.websphere.objectgrid.security.ObjectGridSecurityException
verifyToken
public Object verifyToken( | | byte[] bytes )
|
Verify the token and reconstruct the object.
Parameters:
bytes
-
the byte array representing the protected object.
Returns:
the protected object
Throws:
com.ibm.websphere.objectgrid.security.ObjectGridSecurityException
| IBM WebSphere Extended Deployment (XD)TM
Release 6.0.1 |