|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ibm.websphere.wssecurity.callbackhandler.KRBTokenGenerateCallbackHandler
public class KRBTokenGenerateCallbackHandler
This is a callback for Kerberos token in generator side. The support of Kerberos token is based on Oasis Kerberos Token Profile v1.1 specification. This instance is used to set into WSSGenerationContext object, or to generate WSSSignature object and WSSEncryption object to generate a Kerberos token.
KRBToken
,
KRBTokenGenerateCallback
,
Serialized FormConstructor Summary | |
---|---|
KRBTokenGenerateCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
Class constructor. |
|
KRBTokenGenerateCallbackHandler(java.lang.String name,
java.lang.String password,
java.lang.String realm,
java.lang.String targetService,
java.lang.String targetHost,
java.lang.String targetRealm,
javax.xml.namespace.QName tokenValuetype,
boolean prompt,
boolean supportTokenRequireSHA1,
boolean alwaysAPREQ,
WSSEncryption encComponent,
WSSSignature sigComponent)
Class constructor - should be called to use Kerberos token as a supporting token or use the session key of Kerberos token for message protection. |
|
KRBTokenGenerateCallbackHandler(java.lang.String name,
java.lang.String password,
java.lang.String realm,
java.lang.String targetService,
java.lang.String targetHost,
java.lang.String targetRealm,
javax.xml.namespace.QName tokenValuetype,
boolean requireDKT,
java.lang.String clabel,
java.lang.String slabel,
int keylen,
int noncelen,
boolean prompt,
boolean supportTokenRequireSHA1,
boolean alwaysAPREQ,
WSSEncryption encComponent,
WSSSignature sigComponent)
Class constructor - should be called to use derived key based on the session key from Kerberos token for message protection. |
Method Summary | |
---|---|
void |
handle(javax.security.auth.callback.Callback[] callbacks)
Sets necessary information to NameCallback ,
PasswordCallback , and KRBTokenGenerateCallback objects. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public KRBTokenGenerateCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
properties
- map including key-value pairspublic KRBTokenGenerateCallbackHandler(java.lang.String name, java.lang.String password, java.lang.String realm, java.lang.String targetService, java.lang.String targetHost, java.lang.String targetRealm, javax.xml.namespace.QName tokenValuetype, boolean prompt, boolean supportTokenRequireSHA1, boolean alwaysAPREQ, WSSEncryption encComponent, WSSSignature sigComponent)
name
- - Kerberos client namepassword
- - Kerberos client passwordrealm
- - Kerberos realm name associated with the Kerberos clienttargetService
- - Kerberos service name associated with the target Web ServicestargetHost
- - Host name associated with the Kerberos service nametargetRealm
- - Kerberos realm name associated with the Kerberos service nametokenValueType
- - Kerberos token's value type in QName defined by Oasis
Kerberos Token Profile v1.1 specification.prompt
- - boolean value to enable login promptsupportTokenRequireSHA1
- - boolean to require SHA1 key insertion into
subsequent messages if the Kerberos token is used as a supporting or authentication
only token. If set to true, the SHA1 key insertion is always performed. If set to
false, the SHA1 key insertion is performed only if the Kerberos token is protected.alwaysAPREQ
- - boolean value to indicate to always send AP_REQ token in the
request messagesencComponent
- - WSSEncryption
object is used to specify the encryption component. However, when both signature
and encryption are required, the same Kerberos token is used. Set encComponent
and sigComponent to null to initialize first for either encryption or signature
component. Then, use the initialized component only in the callback handler
constructor for the second component.sigComponent
- - WSSSignature
object is used to specify the signature component. However, when both signature
and encryption are required, the same Kerberos token is used. Set sigComponent
and encComponent to null to initialize first for either signature or encryption
component. Then, use the initialized component only in the callback handler
constructor for the second component.public KRBTokenGenerateCallbackHandler(java.lang.String name, java.lang.String password, java.lang.String realm, java.lang.String targetService, java.lang.String targetHost, java.lang.String targetRealm, javax.xml.namespace.QName tokenValuetype, boolean requireDKT, java.lang.String clabel, java.lang.String slabel, int keylen, int noncelen, boolean prompt, boolean supportTokenRequireSHA1, boolean alwaysAPREQ, WSSEncryption encComponent, WSSSignature sigComponent)
name
- - Kerberos client namepassword
- - Kerberos client passwordrealm
- - Kerberos realm name associated with the Kerberos clienttargetService
- - Kerberos service name associated with the target Web ServicestargetHost
- - Host name associated with the Kerberos service nametargetRealm
- - Kerberos realm name associated with the Kerberos service nametokenValueType
- - Kerberos token's value type in QName defined by Oasis
Kerberos Token Profile v1.1 specification.requireDKT
- - boolean value to indicate derived key to be requiredclabel
- - Client label used for the derived key. If null, default value is WS-SecureConversationslabel
- - Service label used for the derived key. If null, default value is WS-SecureConversationkeylen
- - length of the derived key.noncelen
- - length of the Nonce for the derived key.prompt
- - boolean value to enable login promptsupportTokenRequireSHA1
- - boolean to require SHA1 key insertion into
subsequent messages if the Kerberos token is used as a supporting or authentication
only token. If set to true, the SHA1 key insertion is always performed. If set to
false, the SHA1 key insertion is performed only if the Kerberos token is protected.alwaysAPREQ
- - boolean value to indicate to always send AP_REQ token in the
request messagesencComponent
- - WSSEncryption
object is used to specify the encryption component. However, when both signature
and encryption are required, the same Kerberos token is used. Set encComponent
and sigComponent to null to initialize first for either encryption or signature
component. Then, use the initialized component only in the callback handler
constructor for the second component.sigComponent
- - WSSSignature
object is used to specify the signature component. However, when both signature
and encryption are required, the same Kerberos token is used. Set sigComponent
and encComponent to null to initialize first for either signature or encryption
component. Then, use the initialized component only in the callback handler
constructor for the second component.Method Detail |
---|
public void handle(javax.security.auth.callback.Callback[] callbacks) throws java.io.IOException, javax.security.auth.callback.UnsupportedCallbackException
NameCallback
,
PasswordCallback
, and KRBTokenGenerateCallback
objects.
handle
in interface javax.security.auth.callback.CallbackHandler
callbacks
- array of Callback
objects provided by the
underlying security service which contains the information requested
to be retrieved or displayed.
java.io.IOException
- if an input or output error occurs.
javax.security.auth.callback.UnsupportedCallbackException
- if the implementation of this method does not support one or more
of the Callback
s specified in the callbacks parameter.CallbackHandler.handle(javax.security.auth.callback.Callback[])
|
IBM WebSphere Application ServerTM Release 8 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |