| 
 | Oracle Fusion Middleware Oracle WebLogic Server API Reference 11g Release 1 (10.3.5) Part Number E13941-05 | ||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
public interface IdentityAsserterV2
The IdentityAsserter interface exposes the methods that custom
 Identity Assertion providers need to implement in order to provide token-based client
 identity assertion. An Identity Assertion provider is a specific form of Authentication provider
 that is used to establish a client's identity outside of the request.
| Field Summary | |
|---|---|
| static String | AU_TYPEThe AuthenticatedUsertoken is an internal token and is only used when 
 communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP. | 
| static String | AUTHORIZATION_NEGOTIATEThe AUTHORIZATION_NEGOTIATEtoken is an internal token and is used when 
 a web application utilizes the SPNEGO protocol to authenticate via Active Directory. | 
| static String | CSI_ANONYMOUS_TYPEThe CSI.ITTAnonymoustoken is an internal token and is only used when 
 CSIV2 is being used for communication. | 
| static String | CSI_DISTINGUISHED_NAME_TYPEThe CSI.DistinguishedNametoken is an internal token and is only used when 
 CSIV2 is being used for communication. | 
| static String | CSI_PRINCIPAL_TYPEThe CSI.PrincipalNametoken is an internal token and is only used when 
 CSIV2 is being used for communication. | 
| static String | CSI_X509_CERTCHAIN_TYPEThe CSI.X509CertChaintoken is an internal token and is only used when 
 CSIV2 is being used for communication. | 
| static String | GSS_KERBEROS_V5_AP_REQThe GSS_KERBEROS_V5_AP_REQtoken is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST. | 
| static String | GSS_KERBEROS_V5_AP_REQ_1510The GSS_KERBEROS_V5_AP_REQ_1510token is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510. | 
| static String | GSS_KERBEROS_V5_AP_REQ_4120The GSS_KERBEROS_V5_AP_REQ_4120token is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120. | 
| static String | KERBEROS_V5_AP_REQThe KERBEROS_V5_AP_REQtoken is a base64 encoded string of raw 
 Kerberos V5 AP_REQUEST. | 
| static String | KERBEROS_V5_AP_REQ_1510The KERBEROS_V5_AP_REQ_1510token is a base64 encoded string of raw
 Kerberos V5 AP_REQUEST for RFC1510. | 
| static String | KERBEROS_V5_AP_REQ_4120The KERBEROS_V5_AP_REQ_4120token is a base64 encoded string of raw
 Kerberos V5 AP_REQUEST for RFC4120. | 
| static String | SAML_ASSERTION_B64_TYPEThe SAML.Assertion64token is used to identify a SAML token
 that is a Base64 encodedSAML.Assertion. | 
| static String | SAML_ASSERTION_DOM_TYPEThe SAML.Assertion.DOMtoken is used to identify a SAML token
 that is a DOM Element representation of aSAML.Assertion. | 
| static String | SAML_ASSERTION_TYPEThe SAML.Assertiontoken is used to identify a SAML token
 in string XML form. | 
| static String | SAML2_ASSERTION_DOM_TYPEThe SAML2_ASSERTION_DOM_TYPEtoken is used to identify a SAML2 token
 in DOM XML documentation. | 
| static String | SAML2_ASSERTION_TYPEThe SAML2_ASSERTION_TYPEtoken is used to identify a SAML2 token
 in string XML format. | 
| static String | WSSE_PASSWORD_DIGEST_TYPEThe wsse:PasswordDigesttoken is an internal token and is used 
 when a web service utilizes the wsse:UsernameToken with a password type of 
 wsse:PasswordDigest. | 
| static String | WWW_AUTHENTICATE_NEGOTIATEThe WWW-AUTHENTICATE_NEGOTIATEtoken is an internal token and is used  
 when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism)
 protocol for HTTP authentication. | 
| static String | X509_TYPEThe X.509token is used to handle X.509 certificates passed in through 
 the HTTP header to the Servlet container. | 
| Method Summary | |
|---|---|
|  CallbackHandler | assertIdentity(String type,
               Object token,
               ContextHandler handler)Asserts an identity based on token identity information. | 
| Field Detail | 
|---|
static final String X509_TYPE
X.509 token is used to handle X.509 certificates passed in through 
 the HTTP header to the Servlet container.
static final String AU_TYPE
AuthenticatedUser token is an internal token and is only used when 
 communicating with a pre-7.0 WebLogic Server instance or when utilizing RMI over IIOP.  
 Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
 is not relevant for this token type as it is never passed in via the Servlet container.
static final String CSI_PRINCIPAL_TYPE
CSI.PrincipalName token is an internal token and is only used when 
 CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) 
 Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
 is not relevant for this token type as it is never passed in via the Servlet container.
static final String CSI_ANONYMOUS_TYPE
CSI.ITTAnonymous token is an internal token and is only used when 
 CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) 
 Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
 is not relevant for this token type as it is never passed in via the Servlet container.
static final String CSI_X509_CERTCHAIN_TYPE
CSI.X509CertChain token is an internal token and is only used when 
 CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) 
 Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
 is not relevant for this token type as it is never passed in via the Servlet container.
static final String CSI_DISTINGUISHED_NAME_TYPE
CSI.DistinguishedName token is an internal token and is only used when 
 CSIV2 is being used for communication. (CSIv2 is the Common Secure Interoperability Protocol.) 
 Only the WebLogic Identity Assertion provider should handle this token type. Base64 encoding
 is not relevant for this token type as it is never passed in via the Servlet container.
static final String WSSE_PASSWORD_DIGEST_TYPE
wsse:PasswordDigest token is an internal token and is used 
 when a web service utilizes the wsse:UsernameToken with a password type of 
 wsse:PasswordDigest. The web services container passes an object of type 
 weblogic.xml.security.UserInfo when using this token type.Base64 encoding is not relevant for this token type as it is never passed in via the Servlet container.
static final String SAML_ASSERTION_TYPE
SAML.Assertion token is used to identify a SAML token
 in string XML form.
static final String SAML_ASSERTION_B64_TYPE
SAML.Assertion64 token is used to identify a SAML token
 that is a Base64 encoded SAML.Assertion.
static final String SAML_ASSERTION_DOM_TYPE
SAML.Assertion.DOM token is used to identify a SAML token
 that is a DOM Element representation of a SAML.Assertion.
static final String SAML2_ASSERTION_TYPE
SAML2_ASSERTION_TYPE token is used to identify a SAML2 token
 in string XML format.
static final String SAML2_ASSERTION_DOM_TYPE
SAML2_ASSERTION_DOM_TYPE token is used to identify a SAML2 token
 in DOM XML documentation.
static final String WWW_AUTHENTICATE_NEGOTIATE
WWW-AUTHENTICATE_NEGOTIATE token is an internal token and is used  
 when a web application utilizes the SPNEGO (Simple and Protected GSS-API Negotiation Mechanism)
 protocol for HTTP authentication. The servlet authentication filter requests the
 initial challenge using this token type.
 Base64 encoding is not relevant for this token type as it is passed in via the 
 Servlet authentication filter.
static final String AUTHORIZATION_NEGOTIATE
AUTHORIZATION_NEGOTIATE token is an internal token and is used when 
 a web application utilizes the SPNEGO protocol to authenticate via Active Directory.
 The Servlet authentication filter passes an object of type  byte[]
 when using this token type.
 Base64 encoding is not relevant for this token type as it is passed in via the 
 Servlet authentication filter.
static final String KERBEROS_V5_AP_REQ
KERBEROS_V5_AP_REQ token is a base64 encoded string of raw 
 Kerberos V5 AP_REQUEST.
static final String GSS_KERBEROS_V5_AP_REQ
GSS_KERBEROS_V5_AP_REQ token is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST.
static final String KERBEROS_V5_AP_REQ_1510
KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of raw
 Kerberos V5 AP_REQUEST for RFC1510.
static final String GSS_KERBEROS_V5_AP_REQ_1510
GSS_KERBEROS_V5_AP_REQ_1510 token is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST for RFC1510.
static final String KERBEROS_V5_AP_REQ_4120
KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of raw
 Kerberos V5 AP_REQUEST for RFC4120.
static final String GSS_KERBEROS_V5_AP_REQ_4120
GSS_KERBEROS_V5_AP_REQ_4120 token is a base64 encoded string of 
 GSS API wrapped Kerberos V5 AP_REQUEST for RFC4120.
| Method Detail | 
|---|
CallbackHandler assertIdentity(String type,
                               Object token,
                               ContextHandler handler)
                               throws IdentityAssertionException
CallbackHandler will be passed
 to the LoginModules to perform principal mapping. A null CallbackHandler
 instance signifies that the anonymous user should be used.
 This method is called every time identity assertion occurs, but the LoginModules
 may not be called if the Subject is cached. The -Dweblogic.security.identityAssertionTTL
 flag can be used to affect this behavior (for example, to modify the default TTL of 5 minutes or
 to disable the cache by setting the flag to -1).
It is the responsibility of the Identity Assertion provider to ensure not just that the token is valid, but also that the user is still valid (for example, the user has not been deleted).
type - the type of token to use for identity assertion.token - the actual token to be used to assert identity.handler - a ContextHandler object that can optionally
 be used to obtain additional information that may be used in asserting
 the identity.  If the caller is unable to provide additional information,
 a null value should be specified.
CallbackHandler related to the identity, or null
          to signify the anonymous user.
IdentityAssertionException - if the identity assertion fails.| 
 | Copyright 1996, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Fusion Middleware Oracle WebLogic Server API Reference 11g Release 1 (10.3.5) Part Number E13941-05 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||