Class WebSecurityHelper

java.lang.Object
com.ibm.websphere.security.web.WebSecurityHelper

public class WebSecurityHelper extends Object
Provides methods to perform security functions for web applications.
Since:
WAS 8.0
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    static String
    Extracts the JWT cookie name for use on downstream web invocations.
    static jakarta.servlet.http.Cookie
    Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it and builds an SSO cookie out of it for use on downstream web invocations.
    static jakarta.servlet.http.Cookie
    Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it.
    static String
    Extracts the SSO cookie name for use on downstream web invocations.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • WebSecurityHelper

      public WebSecurityHelper()
  • Method Details

    • getSSOCookieFromSSOToken

      public static jakarta.servlet.http.Cookie getSSOCookieFromSSOToken() throws Exception
      Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it and builds an SSO cookie out of it for use on downstream web invocations. The caller must check for a null return value.

      Return null if there is an invalid or expired SSO token, no subject on the current thread, no SSO token in subject or no webAppSecurityConfig object. If the returned value is not null, use Cookie methods getName() and getValue() to set the Cookie header on an HTTP request with header value of Cookie.getName()=Cookie.getValue()

      Returns:
      An object of type jakarta.servlet.http.Cookie. May return null
      Throws:
      Exception
    • getSSOCookieFromSSOTokenWithoutAttrs

      public static jakarta.servlet.http.Cookie getSSOCookieFromSSOTokenWithoutAttrs(String... removeAttributes) throws Exception
      Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it. The new SSO token does not include the attributes specified in the removeAttributes parameter for use on downstream web invocations. The caller must check for a null return value. The security permission WebSphereRuntimePermission("updateToken") is needed when security manager is enabled.

      Return null if there is an invalid or expired SSO token, no subject on the current thread, no SSO token in subject or no webAppSecurityConfig object. If the returned value is not null, use Cookie methods getName() and getValue() to set the Cookie header on an HTTP request with header value of Cookie.getName()=Cookie.getValue()

      Parameters:
      String - ... A list of attributes to be removed from the SSO token. If no attributes is specified, all the attributes are kept.
      Returns:
      An object of type jakarta.servlet.http.Cookie. May return null
      Throws:
      Exception - If SecurityManager exists and does not permit token update.

      For example: 1) To remove the custom cache key AttributeNameConstants.WSCREDENTIAL_CACHE_KEY from SSO token: Cookie cookie = getSSOCookieFromSSOToken(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY); 2) To keep all attributes in SSO token: Cookie cookie = getSSOCookieFromSSOToken();

    • getSSOCookieName

      public static String getSSOCookieName() throws Exception
      Extracts the SSO cookie name for use on downstream web invocations. Return null when the service is not started or activated.
      Returns:
      a String.
      Throws:
      Exception
    • getJwtCookieName

      public static String getJwtCookieName()
      Extracts the JWT cookie name for use on downstream web invocations. Return null when the service is not started or activated.
      Returns:
      a String.