com.ibm.websphere.security
Interface TrustAssociationInterceptor
- public interface TrustAssociationInterceptor
The following three API's must be implemented when writing an interceptor
for TrustAssociation between a third party server and WebSphere. When
an interceptor has been configured with WebSphere, the high-level description
of the processing engine executed by WebSphere is as follows:
1. Receive an HTTP Request.
2. Choose an interceptor for this request. For every interceptor configured,
it checks if it is the appropriate interceptor by calling the method
'isTargetInterceptor' of that interceptor.
3. If the interceptor is a target interceptor, WebSphere validates
its trust on the third party server represented by the interceptor
by calling the method 'validateEstablishedTrust' of that interceptor.
4. If the trust has been validated successfully, WebSphere retrieves the
username of the end-user that submitted the HTTP request by calling
the method 'getAuthenticatedUsername' of that interceptor.
5. If a valid username has been retrieved, WebSphere creates the
credentials for that user and proceeds with its normal processing.
Method Summary |
java.lang.String |
getAuthenticatedUsername(javax.servlet.http.HttpServletRequest req)
This method is used to retrieve the username of the end client (or the originator
of the HTTP request). |
boolean |
isTargetInterceptor(javax.servlet.http.HttpServletRequest req)
Every interceptor should know which HTTP requests originate from
the third party server that it is supposed to work with. |
void |
validateEstablishedTrust(javax.servlet.http.HttpServletRequest req)
This method is used to determine whethere trust association can be
established between WebSphere and the third party server. |
isTargetInterceptor
public boolean isTargetInterceptor(javax.servlet.http.HttpServletRequest req)
throws WebTrustAssociationException
- Every interceptor should know which HTTP requests originate from
the third party server that it is supposed to work with.
Given an HTTP request, this method must be used to determine whether or not
this interceptor is designed to process the request, in behalf of the trusted
server it is designed to interoperate with.
The determination algorithm depends on the specific implementation. But it
should be able to unequivocally give either a positive or negative response.
If for any reason the implementation encounters a situation where it is not
able to give a definite response (such as, not enough information, indeterminate
state, remote exception, etc), then the method should throw a
WebTrustAssociationException. The caller is left to decide on what to do if
an exception is received.
validateEstablishedTrust
public void validateEstablishedTrust(javax.servlet.http.HttpServletRequest req)
throws WebTrustAssociationFailedException
- This method is used to determine whethere trust association can be
established between WebSphere and the third party server.
In most situations, this involves authenticating the server. All the required information
to be able to do this should be available in the HTTP request.
If the third party server failed the validation, or is unable to provide the required
information, a WebTrustAssociationFailedException must be thrown.
getAuthenticatedUsername
public java.lang.String getAuthenticatedUsername(javax.servlet.http.HttpServletRequest req)
throws WebTrustAssociationUserException
- This method is used to retrieve the username of the end client (or the originator
of the HTTP request). This method should be called only after validateEstablishTrust
has been called successfully.
The method returns a string. A return value of null implies that an empty string
was provided as a username.
A WebTrustAssociationUserException should be thrown if the username has not
been provided at all or the implementation determines that the username provided
was invalid (based on some criteria, e.g., a list of valid usernames may have been
decided earlier).