---

 

com.ibm.websphere.security.cred
Interface WSCredential

All Superinterfaces:

javax.security.auth.Destroyable, javax.security.auth.Refreshable, java.io.Serializable

---

public interface

WSCredential

extends javax.security.auth.Refreshable, javax.security.auth.Destroyable, java.io.Serializable

Interface that defines a Credential used represent an authenticated principal to WebSphere.

Authentication mechanisms are expected to implement this interface.

Several of the method return types in this interface are array types. If implementors internally store instance data as arrays for these methods, they should return a deep copy of the array so that modifying the return result doesn't also modify the internally stored array.

Once a credential has been created, it is typically immutable except for expiration time.

If a credential is expired, any method access generates a CredentialExpiredException. An expired credential can be refreshed by call the refresh() method Refreshable(interface).

If a credential is destroyed, any method access generates a CredentialDestroyedException. A destroyed credential can not be used.

Since:

1.0

Version:

1.0

See Also:

Destroyable, Refreshable

---

Method Summary
java.lang.String	getAccessId() Returns a string value that represents the access-Id of the principal.
byte[]	getCredentialToken() Returns the credential token, for example: LTPA: Returns the credential token name of a LTPA credential Kerberos: Returns the credential token name of a Kerberos credential
long	getExpiration() Returns a long value that indicates when a credential will expire.
java.util.List	getGroupIds() Returns a java.util.List which indicates the groups the authenticated principal is a member of.
java.lang.String	getHostName() Returns the IP address of the local machine.
java.lang.Object	getObject() Returns a java object which can be used for any purpose.
java.lang.String	getOID() Returns the OID that identifies the authentication mechanism, for example:
java.lang.String	getPassword() Returns the password if the credential is a Basic Authen Credential, otherwise null is returned.
java.lang.String	getPrimaryGroupId() Returns a string value that indicates the primary group the authenticated principal is a member of.
java.lang.String	getRealmName() Return the realm name.
java.util.List	getRoles() Returns a java.util.List containing the roles the authenticated principal is a member of.
java.lang.String	getSecurityName() Returns the user principal name.
boolean	isForwardable() Returns a boolean value that indicates if the credential is forwardable.
void	java.lang.String)">setAccessId(java.lang.String accessId) Sets a string value that represents the access-Id of the principal.
void	setCredentialToken(byte[] credToken, long expiration) Sets the credential token, for example: LTPA: Sets the credential token name of a LTPA credential Kerberos: Sets the credential token name of a Kerberos credential
void	setExpiration(long expiration) Sets a long value that indicates when a credential will expire.
void	setForwardable(boolean forwardable) Sets a boolean value that indicates if the credential is forwardable.
void	setGroupIds(java.util.List groupIds) Sets an array of strings value which indicates the groups the authenticated principal is a member of.
void	java.lang.Object)">setObject(java.lang.Object object) Sets a java object which can be used for any purpose.
void	java.lang.String)">setOID(java.lang.String OID) Sets the OID that identifies the authentication mechanism, for example:
void	java.lang.String)">setPassword(java.lang.String password) Sets the password if the credential is a Basic Authen Credential, otherwise this method is not needed.
void	java.lang.String)">setPrimaryGroupId(java.lang.String primaryGroupId) Sets a string value that indicates the primary group the authenticated principal is a member of.
void	java.lang.String)">setRealmName(java.lang.String realm) Set the realm name.
void	setRoles(java.util.List roles) Sets a java.util.List containing the roles the authenticated principal is a member of.
void	java.lang.String)">setSecurityName(java.lang.String securityName) Sets the user principal name.

 Refreshable">

Methods inherited from interface javax.security.auth.Refreshable
isCurrent, refresh

 Destroyable">

Methods inherited from interface javax.security.auth.Destroyable
destroy, isDestroyed

 

Method Detail

 

getRealmName

public java.lang.String 
getRealmName
()
                              throws CredentialDestroyedException,
                                     javax.security.auth.login.CredentialExpiredException

Return the realm name. The format of the realm name depends on the authentication targets, for example:

• LTPA: Returns the domain name of LTPA
• Kerberos: Returns the realm name of Kerberos

If there is no realm name, null is returned.

Returns:

The realm name, a string, or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setRealmName

public void 
setRealmName
(java.lang.String realm)
                  throws CredentialDestroyedException,
                         javax.security.auth.login.CredentialExpiredException

Set the realm name. The format of the realm name depends on the authentication targets, for example:

• LTPA: The domain name of LTPA
• Kerberos: The realm name of Kerberos

Parameters:

The - realm name, a valid string.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getSecurityName

public java.lang.String 
getSecurityName
()
                                 throws CredentialDestroyedException,
                                        javax.security.auth.login.CredentialExpiredException

Returns the user principal name. If there is no principal name, null is returned.

Returns:

The user principal name, a string, or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setSecurityName

public void 
setSecurityName
(java.lang.String securityName)
                     throws CredentialDestroyedException,
                            javax.security.auth.login.CredentialExpiredException

Sets the user principal name.

Parameters:

The - user principal name, a string.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getCredentialToken

public byte[] 
getCredentialToken
()
                          throws CredentialDestroyedException,
                                 javax.security.auth.login.CredentialExpiredException

Returns the credential token, for example:

• LTPA: Returns the credential token name of a LTPA credential
• Kerberos: Returns the credential token name of a Kerberos credential

The Credential Token should be treated as an opaque object. It should be a deep copy of any byte array that an actual WSCredential implementation may use to store the token internally.

If there is no credential token, null is returned.

Returns:

The Credential Token of a credential, a byte array or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

setCredentialToken

public void 
setCredentialToken
(byte[] credToken,
                               long expiration)
                        throws CredentialDestroyedException,
                               javax.security.auth.login.CredentialExpiredException

Sets the credential token, for example:

• LTPA: Sets the credential token name of a LTPA credential
• Kerberos: Sets the credential token name of a Kerberos credential

The Credential Token should be treated as an opaque object. It should be a deep copy of any byte array that an actual WSCredential implementation may use to store the token internally.

Parameters:

The - Credential Token of a credential, a byte array.

The - expiration of the token, a long

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getOID

public java.lang.String 
getOID
()
                        throws CredentialDestroyedException,
                               javax.security.auth.login.CredentialExpiredException

Returns the OID that identifies the authentication mechanism, for example:

The OID is an object identifier in string format, e.g. 111.222.33 for instance.

If there is no OID, null is returned.

Returns:

The OID of a credential or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setOID

public void 
setOID
(java.lang.String OID)
            throws CredentialDestroyedException,
                   javax.security.auth.login.CredentialExpiredException

Sets the OID that identifies the authentication mechanism, for example:

The OID is an object identifier in string format, e.g. 111.222.33 for instance.

If there is no OID, null is returned.

Returns:

The OID of a credential or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

isForwardable

public boolean 
isForwardable
()
                      throws CredentialDestroyedException,
                             javax.security.auth.login.CredentialExpiredException

Returns a boolean value that indicates if the credential is forwardable. A forwardable credential can be propogated to other servers as part of a delegated remote method invocation. The authentication mechanism determines forwardability.

Returns:

boolean.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

setForwardable

public void 
setForwardable
(boolean forwardable)
                    throws CredentialDestroyedException,
                           javax.security.auth.login.CredentialExpiredException

Sets a boolean value that indicates if the credential is forwardable. A forwardable credential can be propogated to other servers as part of a delegated remote method invocation. The authentication mechanism determines forwardability.

Parameters:

boolean. -  

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getObject

public java.lang.Object 
getObject
()
                           throws CredentialDestroyedException,
                                  javax.security.auth.login.CredentialExpiredException

Returns a java object which can be used for any purpose. This could be a GSS credential in the case of Kerberos.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.Object)">

 

setObject

public void 
setObject
(java.lang.Object object)
               throws CredentialDestroyedException,
                      javax.security.auth.login.CredentialExpiredException

Sets a java object which can be used for any purpose. This could be a GSS credential in the case of Kerberos.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getExpiration

public long 
getExpiration
()
                   throws CredentialDestroyedException,
                          javax.security.auth.login.CredentialExpiredException

Returns a long value that indicates when a credential will expire. The authentication mechanism determines if and when a credential expires typically when the credential was issued. The unit of measure is also determined by the actual authentication mechanism.

If there is no expiration time, 0 is returned.

Returns:

long.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

setExpiration

public void 
setExpiration
(long expiration)
                   throws CredentialDestroyedException,
                          javax.security.auth.login.CredentialExpiredException

Sets a long value that indicates when a credential will expire. The authentication mechanism determines if and when a credential expires typically when the credential was issued. The unit of measure is also determined by the actual authentication mechanism.

Parameters:

long. -  

Throws:

CredentialDestroyedException - Thrown if credential is expired.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is destroyed.

---

 

getPrimaryGroupId

public java.lang.String 
getPrimaryGroupId
()
                                   throws CredentialDestroyedException,
                                          javax.security.auth.login.CredentialExpiredException

Returns a string value that indicates the primary group the authenticated principal is a member of.

If there is no primary group ID, null is returned.

Returns:

String or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setPrimaryGroupId

public void 
setPrimaryGroupId
(java.lang.String primaryGroupId)
                       throws CredentialDestroyedException,
                              javax.security.auth.login.CredentialExpiredException

Sets a string value that indicates the primary group the authenticated principal is a member of.

Parameters:

String - or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getRoles

public java.util.List 
getRoles
()
                        throws CredentialDestroyedException,
                               javax.security.auth.login.CredentialExpiredException

Returns a java.util.List containing the roles the authenticated principal is a member of. If the underlying implementation stores the roles internally as an array, then this method should return a deep copy of the array.

If there are no roles ID, an empty List is returned.

Returns:

java.util.List

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

setRoles

public void 
setRoles
(java.util.List roles)
              throws CredentialDestroyedException,
                     javax.security.auth.login.CredentialExpiredException

Sets a java.util.List containing the roles the authenticated principal is a member of. If the underlying implementation stores the roles internally as an array, then this method should return a deep copy of the array.

Parameters:

java.util.List -  

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getAccessId

public java.lang.String 
getAccessId
()
                             throws CredentialDestroyedException,
                                    javax.security.auth.login.CredentialExpiredException

Returns a string value that represents the access-Id of the principal. An access-Id is used to uniquely identity the principal in a user registry and is typically used during authorization checks.

If there is no access-Id null is returned.

Returns:

String or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setAccessId

public void 
setAccessId
(java.lang.String accessId)
                 throws CredentialDestroyedException,
                        javax.security.auth.login.CredentialExpiredException

Sets a string value that represents the access-Id of the principal. An access-Id is used to uniquely identity the principal in a user registry and is typically used during authorization checks.

Parameters:

String - or null.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getGroupIds

public java.util.List 
getGroupIds
()
                           throws CredentialDestroyedException,
                                  javax.security.auth.login.CredentialExpiredException

Returns a java.util.List which indicates the groups the authenticated principal is a member of.

If there are no groups, an empty List is returned.

Returns:

java.util.List

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

setGroupIds

public void 
setGroupIds
(java.util.List groupIds)
                 throws CredentialDestroyedException,
                        javax.security.auth.login.CredentialExpiredException

Sets an array of strings value which indicates the groups the authenticated principal is a member of.

Parameters:

java.util.List -  

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getHostName

public java.lang.String 
getHostName
()
                             throws CredentialDestroyedException,
                                    javax.security.auth.login.CredentialExpiredException

Returns the IP address of the local machine. If there is no IP address, null is returned.

Returns:

The IP of the local machine.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

 

getPassword

public java.lang.String 
getPassword
()
                             throws CredentialDestroyedException,
                                    javax.security.auth.login.CredentialExpiredException

Returns the password if the credential is a Basic Authen Credential, otherwise null is returned. Password is no available to other type of Credential.

Returns:

The password if it is a Basic Authen Credential, otherwise null is returned.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

java.lang.String)">

 

setPassword

public void 
setPassword
(java.lang.String password)
                 throws CredentialDestroyedException,
                        javax.security.auth.login.CredentialExpiredException

Sets the password if the credential is a Basic Authen Credential, otherwise this method is not needed. Password is no available to other type of Credential.

Returns:

The password if it is a Basic Authen Credential, otherwise null is returned.

Throws:

CredentialDestroyedException - Thrown if credential is destroyed.

javax.security.auth.login.CredentialExpiredException - Thrown if credential is expired.

---

---

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.