ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssectrustid.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Trusted ID evaluator</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h6><a name="wssectrustid"></a>Trusted ID evaluator</h6>

<p>Trusted ID evaluator (com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator) is a abstraction of the mechanism that evaluates whether the given ID name is trusted. Depending upon the implementation, various types of infrastructure can be used to store a list of the trusted IDs are stored, such as:</p>

<ul>
<li>Plain text file</li>
<li>Database</li>
<li>LDAP server</li>
</ul> 

<p>The trusted ID evaluator is typically used by the ultimate receiver in a multi-hop environment. The Web services security implementation invokes the trusted ID evaluator and passes the identity name of the intermediary as a parameter. If the identity is evaluated and deemed trustworthy, the procedure continues. Otherwise, an exception is thrown and the procedure is aborted.</p>

<p><strong>Trusted ID evaluator default implementation</strong></p> 

<p>A trusted ID evaluator is used to determine if a given identity (ID) name is trusted. Trusted ID evaluators are implemented by providing a class that implements the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.</p> 

<p>The default implementation of a trusted ID evaluator is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl. This implementation is initialized with a list of trusted identity names. You can use <tt>trustedId_<em>n</em></tt> as the property key name (where <em>n</em> is an integer greater than 0) to specify a list of trusted identities in the properties. When a name is to be evaluated, it is passed to the evaluate() method. The name is checked against the list of trusted names and returns <tt>true</tt> if it is in the list (this means it is trusted) and <tt>false</tt> if it is not in the list (this means it is not trusted). The trusted identities are specified as TrustedIDEvaluator properties of the Web Services Security binding file (ws-security.xml or ibm-webservices-bnd.xmi).</p> 

<p><strong>Developing a trusted ID evaluator</strong></p>

<p>Perform the following steps to develop your own trusted ID evaluator:</p>

<ol>
<li><p>Define the trusted ID evaluator class method. WebSphere Application Server - Express provides the trusted ID evaluator interface, com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator, which defines the following methods:</p>
    <ul>
    <li><p><tt>public void init(java.util.Map map) throws SoapSecurityException</tt>
    <br>This method initializes the object. The parameter map object contains name and value pairs.</p>
    <p>These pairs are specified in the WebSphere administrative console. Click <strong>Application Servers --&gt; <em>server_name</em> --&gt; Web Services: Default bindings for Web Services Security --&gt; Trusted ID Evaluators --&gt; <em>trusted_ID_evaluator_name</em> --&gt; Properties --&gt; New</strong>, where <em>server_name</em> is the name of your server and <em>trusted_ID_evaluator_name</em> is the name of your implementation.</p></li>

    <li><p><tt>boolean evaluate(String id) throws TrustedIDEvaluatorException</tt>
    <br>This method evaluates whether the received ID is trusted. The parameter object is an ID that must be evaluated. You can specify the realm as &quot;id@realm&quot;. The method returns a <tt>true</tt> value if the ID is trusted, otherwise, it returns a <tt>false</tt> value.</p></li>
  </ul>

<p>You must configure the following methods that are implemented by the custom trusted ID evaluator implementation.</p>
<p><strong>Note:</strong> This listing only shows the methods and does not include any implementation.</p>
<pre>import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator;
import com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorException;
import java.util.Map;

public class MyTIEImpl implements TrustedIDEvaluator {
  public void init(Map map) throws SoapSecurityException {
    // Initialize the trusted ID evaluator object.
  }

  public boolean evaluate(String id) throws TrustedIDEvaluatorException {
    // Evaluate the given ID and return true if successful, or false otherwise.
  }
}</pre></li>

<li><p>Compile the implementation. Make sure that the /QIBM/ProdData/WebASE51/ASE/lib/was-wssecurity.jar file is in the compiler class path.</p></li>

<li><p>Copy the class file to a location in the class path, perferably in the /QIBM/UserData/WebASE51/ASE/<em>instance</em>/lib/ext directory, where <em>instance</em> is the name of your instance.</p></li>

<li><p>Restart your application server.</p></li>

<li><p>Delete the default trusted ID evaluator that is configured in the administrative console. Click <strong>Application Servers --&gt; <em>server_name</em> --&gt; Web Services: Default bindings for Web Services Security --&gt; Trusted ID Evaluators --&gt; <em>trusted_ID_evaluator_name</em></strong>, where <em>server_name</em> is the name of your application server, and <em>trusted_ID_evaluator_name</em> is the name of the default trusted ID evaluator.</p>
<p>Select the box next to the specific trusted ID evaluator name and click <strong> Delete</strong>.</p></li>

<li><p>To add your custom trusted ID evaluator, click <strong>New</strong>. Verify that the class name is dot separated and appears in the class path.</p></li>

<li><p>Under <strong>Additional Properties</strong>, click <strong>Properties</strong> to add additional properties that are required to initialize the custom trusted ID evaluator. These properties are passed to the <tt>init(java.util.Map)</tt> method of your implementation when it extends the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface as described in the first step.</p></li>

<li><p>Save the configuration.</p></li>
<li><p>Restart the application server for the trusted ID evaluator to take effect.</p></li>
</ol>

</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`

			`<title>Trusted ID evaluator</title>`
			`</head>`

			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`

			`<h6><a name="wssectrustid"></a>Trusted ID evaluator</h6>`

			`<p>Trusted ID evaluator (com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator) is a abstraction of the mechanism that evaluates whether the given ID name is trusted. Depending upon the implementation, various types of infrastructure can be used to store a list of the trusted IDs are stored, such as:</p>`

			`<ul>`
			`<li>Plain text file</li>`
			`<li>Database</li>`
			`<li>LDAP server</li>`
			`</ul>`

			`<p>The trusted ID evaluator is typically used by the ultimate receiver in a multi-hop environment. The Web services security implementation invokes the trusted ID evaluator and passes the identity name of the intermediary as a parameter. If the identity is evaluated and deemed trustworthy, the procedure continues. Otherwise, an exception is thrown and the procedure is aborted.</p>`

			`<p><strong>Trusted ID evaluator default implementation</strong></p>`

			`<p>A trusted ID evaluator is used to determine if a given identity (ID) name is trusted. Trusted ID evaluators are implemented by providing a class that implements the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.</p>`

			<p>The default implementation of a trusted ID evaluator is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl. This implementation is initialized with a list of trusted identity names. You can use <tt>trustedId_<em>n</em></tt> as the property key name (where <em>n</em> is an integer greater than 0) to specify a list of trusted identities in the properties. When a name is to be evaluated, it is passed to the evaluate() method. The name is checked against the list of trusted names and returns <tt>true</tt> if it is in the list (this means it is trusted) and <tt>false</tt> if it is not in the list (this means it is not trusted). The trusted identities are specified as TrustedIDEvaluator properties of the Web Services Security binding file (ws-security.xml or ibm-webservices-bnd.xmi).</p>

			`<p><strong>Developing a trusted ID evaluator</strong></p>`

			`<p>Perform the following steps to develop your own trusted ID evaluator:</p>`

			`<ol>`
			`<li><p>Define the trusted ID evaluator class method. WebSphere Application Server - Express provides the trusted ID evaluator interface, com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator, which defines the following methods:</p>`
			`<ul>`
			`<li><p><tt>public void init(java.util.Map map) throws SoapSecurityException</tt>`
			`<br>This method initializes the object. The parameter map object contains name and value pairs.</p>`
			`<p>These pairs are specified in the WebSphere administrative console. Click <strong>Application Servers --> <em>server_name</em> --> Web Services: Default bindings for Web Services Security --> Trusted ID Evaluators --> <em>trusted_ID_evaluator_name</em> --> Properties --> New</strong>, where <em>server_name</em> is the name of your server and <em>trusted_ID_evaluator_name</em> is the name of your implementation.</p></li>`

			`<li><p><tt>boolean evaluate(String id) throws TrustedIDEvaluatorException</tt>`
			`<br>This method evaluates whether the received ID is trusted. The parameter object is an ID that must be evaluated. You can specify the realm as "id@realm". The method returns a <tt>true</tt> value if the ID is trusted, otherwise, it returns a <tt>false</tt> value.</p></li>`
			`</ul>`

			`<p>You must configure the following methods that are implemented by the custom trusted ID evaluator implementation.</p>`
			`<p><strong>Note:</strong> This listing only shows the methods and does not include any implementation.</p>`
			`<pre>import com.ibm.wsspi.wssecurity.SoapSecurityException;`
			`import com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator;`
			`import com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorException;`
			`import java.util.Map;`

			`public class MyTIEImpl implements TrustedIDEvaluator {`
			`public void init(Map map) throws SoapSecurityException {`
			`// Initialize the trusted ID evaluator object.`
			`}`

			`public boolean evaluate(String id) throws TrustedIDEvaluatorException {`
			`// Evaluate the given ID and return true if successful, or false otherwise.`
			`}`
			`}</pre></li>`

			`<li><p>Compile the implementation. Make sure that the /QIBM/ProdData/WebASE51/ASE/lib/was-wssecurity.jar file is in the compiler class path.</p></li>`

			`<li><p>Copy the class file to a location in the class path, perferably in the /QIBM/UserData/WebASE51/ASE/<em>instance</em>/lib/ext directory, where <em>instance</em> is the name of your instance.</p></li>`

			`<li><p>Restart your application server.</p></li>`

			`<li><p>Delete the default trusted ID evaluator that is configured in the administrative console. Click <strong>Application Servers --> <em>server_name</em> --> Web Services: Default bindings for Web Services Security --> Trusted ID Evaluators --> <em>trusted_ID_evaluator_name</em></strong>, where <em>server_name</em> is the name of your application server, and <em>trusted_ID_evaluator_name</em> is the name of the default trusted ID evaluator.</p>`
			`<p>Select the box next to the specific trusted ID evaluator name and click <strong> Delete</strong>.</p></li>`

			`<li><p>To add your custom trusted ID evaluator, click <strong>New</strong>. Verify that the class name is dot separated and appears in the class path.</p></li>`

			`<li><p>Under <strong>Additional Properties</strong>, click <strong>Properties</strong> to add additional properties that are required to initialize the custom trusted ID evaluator. These properties are passed to the <tt>init(java.util.Map)</tt> method of your implementation when it extends the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface as described in the first step.</p></li>`

			`<li><p>Save the configuration.</p></li>`
			`<li><p>Restart the application server for the trusted ID evaluator to take effect.</p></li>`
			`</ol>`

			`</body>`
			`</html>`