com.ibm.websphere.wssecurity.callbackhandler

Class KRBTokenGenerateCallbackHandler

  • java.lang.Object
    • com.ibm.websphere.wssecurity.callbackhandler.KRBTokenGenerateCallbackHandler
  • All Implemented Interfaces:
    java.io.Serializable, javax.security.auth.callback.CallbackHandler


    public class KRBTokenGenerateCallbackHandler
    extends java.lang.Object
    implements javax.security.auth.callback.CallbackHandler, java.io.Serializable
    This is a callback for Kerberos token in generator side. The support of Kerberos token is based on Oasis Kerberos Token Profile v1.1 specification. This instance is used to set into WSSGenerationContext object, or to generate WSSSignature object and WSSEncryption object to generate a Kerberos token.
    See Also:
    KRBToken, KRBTokenGenerateCallback, Serialized Form
    • Constructor Summary

      Constructors 
      Constructor and Description
      KRBTokenGenerateCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
      Class constructor.
      KRBTokenGenerateCallbackHandler(java.lang.String name, java.lang.String password, java.lang.String realm, java.lang.String targetService, java.lang.String targetHost, java.lang.String targetRealm, javax.xml.namespace.QName tokenValuetype, boolean prompt, boolean supportTokenRequireSHA1, boolean alwaysAPREQ, WSSEncryption encComponent, WSSSignature sigComponent)
      Class constructor - should be called to use Kerberos token as a supporting token or use the session key of Kerberos token for message protection.
      KRBTokenGenerateCallbackHandler(java.lang.String name, java.lang.String password, java.lang.String realm, java.lang.String targetService, java.lang.String targetHost, java.lang.String targetRealm, javax.xml.namespace.QName tokenValuetype, boolean requireDKT, java.lang.String clabel, java.lang.String slabel, int keylen, int noncelen, boolean prompt, boolean supportTokenRequireSHA1, boolean alwaysAPREQ, WSSEncryption encComponent, WSSSignature sigComponent)
      Class constructor - should be called to use derived key based on the session key from Kerberos token for message protection.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      void handle(javax.security.auth.callback.Callback[] callbacks)
      Sets necessary information to NameCallback, PasswordCallback, and KRBTokenGenerateCallback objects.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • KRBTokenGenerateCallbackHandler

        public KRBTokenGenerateCallbackHandler(java.util.Map<java.lang.Object,java.lang.Object> properties)
        Class constructor.
        Parameters:
        properties - map including key-value pairs
      • KRBTokenGenerateCallbackHandler

        public KRBTokenGenerateCallbackHandler(java.lang.String name,
                                       java.lang.String password,
                                       java.lang.String realm,
                                       java.lang.String targetService,
                                       java.lang.String targetHost,
                                       java.lang.String targetRealm,
                                       javax.xml.namespace.QName tokenValuetype,
                                       boolean prompt,
                                       boolean supportTokenRequireSHA1,
                                       boolean alwaysAPREQ,
                                       WSSEncryption encComponent,
                                       WSSSignature sigComponent)
        Class constructor - should be called to use Kerberos token as a supporting token or use the session key of Kerberos token for message protection.
        Parameters:
        name - - Kerberos client name
        password - - Kerberos client password
        realm - - Kerberos realm name associated with the Kerberos client
        targetService - - Kerberos service name associated with the target Web Services
        targetHost - - Host name associated with the Kerberos service name
        targetRealm - - Kerberos realm name associated with the Kerberos service name
        tokenValueType - - Kerberos token's value type in QName defined by Oasis Kerberos Token Profile v1.1 specification.
        prompt - - boolean value to enable login prompt
        supportTokenRequireSHA1 - - boolean to require SHA1 key insertion into subsequent messages if the Kerberos token is used as a supporting or authentication only token. If set to true, the SHA1 key insertion is always performed. If set to false, the SHA1 key insertion is performed only if the Kerberos token is protected.
        alwaysAPREQ - - boolean value to indicate to always send AP_REQ token in the request messages
        encComponent - - WSSEncryption object is used to specify the encryption component. However, when both signature and encryption are required, the same Kerberos token is used. Set encComponent and sigComponent to null to initialize first for either encryption or signature component. Then, use the initialized component only in the callback handler constructor for the second component.
        sigComponent - - WSSSignature object is used to specify the signature component. However, when both signature and encryption are required, the same Kerberos token is used. Set sigComponent and encComponent to null to initialize first for either signature or encryption component. Then, use the initialized component only in the callback handler constructor for the second component.
      • KRBTokenGenerateCallbackHandler

        public KRBTokenGenerateCallbackHandler(java.lang.String name,
                                       java.lang.String password,
                                       java.lang.String realm,
                                       java.lang.String targetService,
                                       java.lang.String targetHost,
                                       java.lang.String targetRealm,
                                       javax.xml.namespace.QName tokenValuetype,
                                       boolean requireDKT,
                                       java.lang.String clabel,
                                       java.lang.String slabel,
                                       int keylen,
                                       int noncelen,
                                       boolean prompt,
                                       boolean supportTokenRequireSHA1,
                                       boolean alwaysAPREQ,
                                       WSSEncryption encComponent,
                                       WSSSignature sigComponent)
        Class constructor - should be called to use derived key based on the session key from Kerberos token for message protection.
        Parameters:
        name - - Kerberos client name
        password - - Kerberos client password
        realm - - Kerberos realm name associated with the Kerberos client
        targetService - - Kerberos service name associated with the target Web Services
        targetHost - - Host name associated with the Kerberos service name
        targetRealm - - Kerberos realm name associated with the Kerberos service name
        tokenValueType - - Kerberos token's value type in QName defined by Oasis Kerberos Token Profile v1.1 specification.
        requireDKT - - boolean value to indicate derived key to be required
        clabel - - Client label used for the derived key. If null, default value is WS-SecureConversation
        slabel - - Service label used for the derived key. If null, default value is WS-SecureConversation
        keylen - - length of the derived key.
        noncelen - - length of the Nonce for the derived key.
        prompt - - boolean value to enable login prompt
        supportTokenRequireSHA1 - - boolean to require SHA1 key insertion into subsequent messages if the Kerberos token is used as a supporting or authentication only token. If set to true, the SHA1 key insertion is always performed. If set to false, the SHA1 key insertion is performed only if the Kerberos token is protected.
        alwaysAPREQ - - boolean value to indicate to always send AP_REQ token in the request messages
        encComponent - - WSSEncryption object is used to specify the encryption component. However, when both signature and encryption are required, the same Kerberos token is used. Set encComponent and sigComponent to null to initialize first for either encryption or signature component. Then, use the initialized component only in the callback handler constructor for the second component.
        sigComponent - - WSSSignature object is used to specify the signature component. However, when both signature and encryption are required, the same Kerberos token is used. Set sigComponent and encComponent to null to initialize first for either signature or encryption component. Then, use the initialized component only in the callback handler constructor for the second component.
    • Method Detail

      • handle

        public void handle(javax.security.auth.callback.Callback[] callbacks)
                    throws java.io.IOException,
                           javax.security.auth.callback.UnsupportedCallbackException
        Sets necessary information to NameCallback, PasswordCallback, and KRBTokenGenerateCallback objects.
        Specified by:
        handle in interface javax.security.auth.callback.CallbackHandler
        Parameters:
        callbacks - array of Callback objects provided by the underlying security service which contains the information requested to be retrieved or displayed.
        Throws:
        java.io.IOException - if an input or output error occurs.
        javax.security.auth.callback.UnsupportedCallbackException - if the implementation of this method does not support one or more of the Callbacks specified in the callbacks parameter.
        See Also:
        CallbackHandler.handle(javax.security.auth.callback.Callback[])
IBM WebSphere Application ServerTM
Release 9.0