ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/webserv/wssecdevloc.htm

130 lines
7.8 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Develop a key locator</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecdevloc"></a>Develop a key locator</h6>
<p>Perform the following steps to develop your own key locator:</p>
<ol>
<li><p>Define the key locator class method. WebSphere Application Server - Express provides the com.ibm.wsspi.wssecurity.config.KeyLocator key locator interface, which defines the following methods:</p>
<ul>
<li><p><tt>void init(java.util.Map map) throws SoapSecurityException</tt>
<br>This method initializes the object. map is a map object that contains name and value pairs. You can specify these name and value pairs in the administrative console: click <strong>Application Servers --&gt; <em>server_name</em> --&gt; Web Services: Default bindings for Web Services Security --&gt; Key Locators --&gt; <em>key_locator_name</em> --&gt; Properties --&gt; New</strong>, where <em>server_name</em> is the name of your server, and <em>key_locator_name</em> is the name of your deployed key locator implementation.</p></li>
<li><p><tt>java.util.Set getNames(java.lang.Object context) throws KeyLocatorException</tt>
<br>This method returns a Set object that contains all the abstract key name values. The input parameter is reserved for the future use.</p></li>
<li><p><tt>java.security.Key getEncryptionKey(java.lang.String name, java.lang.Object context) throws KeyLocatorException</tt>
<br>This method returns an encryption key. For the input parameters, <tt>name</tt> is an abstract key name, and <tt>context</tt> is reserved for the future use.</p></li>
<li><p><tt>java.security.Key getDecryptionKey(java.lang.String name, java.lang.Object context) throws KeyLocatorException</tt>
<br>This method returns an decryption key. For the input parameters, <tt>name</tt> is an abstract key name and <tt>context</tt> is reserved for the future use.</p></li>
<li><p><tt>java.security.Key getSigningKey(java.lang.String name) throws KeyLocatorException</tt>
<br>This method returns a signing key. The input parameter is an abstract key name.</p></li>
<li><p><tt>java.security.Key getVerificationKey(java.lang.String name) throws KeyLocatorException</tt>
<br>This method returns a verification key. This function is not implemented in current Web services security run time because the verification key is embedded in the received message as &lt;BinarySecurityToken&gt;. The input parameter is an abstract key name.</p></li>
<li><p><tt>java.lang.String getName(java.security.Key key) throws KeyLocatorException</tt>
<br>This method returns an abstract key name that corresponds to the specified key. The input parameter is a key that can be retrieved through the KeyLocator object.</p></li>
<li><p><tt>java.security.cert.Certificate getCertificate(java.security.Key key) throws KeyLocatorException</tt>
<br>This method returns a certificate object that corresponds to the specified key. The input parameter is a key that can be retrieved through the KeyLocator object.</p></li>
<li><p><tt>java.security.cert.Certificate getCertificate(java.lang.String name) throws KeyLocatorException</tt>
<br>This method returns a certificate object that corresponds to the abstract key that is specified as the input parameter (an abstract key name).</p></li>
<li><p><tt>java.lang.String getName(java.lang.String name) throws KeyLocatorException</tt>
<br>This method returns a concrete key name that corresponds to the given abstract key name, The key name is used as the value for the &lt;KeyName&gt; element. The input parameter is an abstract key name.</p></li>
</ul>
<p>You must configure the following methods implemented by the custom key locator implementation.</p>
<p><strong>Note:</strong> This listing only shows the methods and does not include an implementation.</p>
<pre>import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.wsspi.wssecurity.config.KeyLocatorException;
import java.security.Key;
import java.security.cert.Certificate;
import java.util.Map;
import java.util.Set;
public class MyKeyLocatorImpl implements KeyLocator {
public void init(Map map) throws SoapSecurityException {
// Initialize the key locator object.
}
public Set getNames(Object context) throws KeyLocatorException {
// Returns all the abstract key &quot;name&quot;s.
}
public Key getEncryptionKey(String name, Object context) throws KeyLocatorException {
// Returns the encryption key that corresponds to the given abstract &quot;name&quot;.
}
public Key getDecryptionKey(String name, Object context) throws KeyLocatorException {
// Returns the decryption key that corresponds to the given abstract &quot;name&quot;.
}
public Key getSigningKey(String name) throws KeyLocatorException {
// Returns the signing key that corresponds to the given abstract &quot;name&quot;.
}
public Key getVerificationKey(String name) throws KeyLocatorException {
// Returns the verification key that corresponds to the given abstract &quot;name&quot;.
}
public String getName(Key key) throws KeyLocatorException {
// Returns the abstract &quot;name&quot; that corresponds to the given key.
}
public Certificate getCertificate(Key key) throws KeyLocatorException {
// Returns the certificate object that corresponds to the given key.
}
public Certificate getCertificate(String name) throws KeyLocatorException {
// Returns the certificate object that corresponds to the given abstract &quot;name&quot;.
}
public String getName(String name) throws KeyLocatorException {
// Returns the concrete &quot;name&quot; that corresponds to the given abstract &quot;name&quot;.
}
}</pre></li>
<li><p>Compile the implementation. Make sure that /QIBM/ProdData/WebASE/ASE5/lib/was-wssecurity.jar is in the compiler class path.</p></li>
<li><p>Copy the class file to a location in the class path, preferably the /QIBM/UserData/WebASE/ASE5/<em>instance</em>/lib/ext directory, where <em>instance</em> is the name of your instance.</p>
<li><p>Restart the application server.</p></li>
<li><p>With the WebSphere administrative console, delete default key locator configuration. Click <strong> Application Servers --&gt; <em>server_name</em> Web Services: Default bindings for Web Services Security --&gt; Key Locators --&gt; <em>key_locator_name</em></strong>, where <em>server_name</em> is the name of your application server, and <em>key_locator_name</em> is the name of the default key locator.</p>
<p>Select the checkbox next to specific key locator name and click <strong>Delete</strong>.</p></li>
<li><p>Add your custom key locator. Click <strong>New</strong>. Verify that the class name is dot-separated and appears in the class path.</p></li>
<li><p>Under <strong>Additional Properties</strong>, click <strong>Properties</strong> to add additional properties that are required to initialize the custom key locator. These properties are passed to the init(java.util.Map) method of your implementation when it extends the com.ibm.wsspi.wssecurity.config.KeyLocator interface as described in the first step.</p></li>
<li><p>Save the configuration.</p></li>
<li><p>Update the runtime configuration by clicking <strong>Servers --&gt; Application Servers --&gt; <em>server_name</em> --&gt; Web Services: Default bindings for Web Services Security</strong> (where <em>server_name</em> is the name of your application server) or <strong>Security --&gt; Web services</strong>.</p></li>
<li><p>Restart the application to use the new key locator implementation.</p></li>
</ol>
</body>
</html>