Class WebSecurityHelper
- Since:
- WAS 8.0
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic StringExtracts the JWT cookie name for use on downstream web invocations.static jakarta.servlet.http.CookieExtracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it and builds an SSO cookie out of it for use on downstream web invocations.static jakarta.servlet.http.CookiegetSSOCookieFromSSOTokenWithoutAttrs(String... removeAttributes) Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it.static StringExtracts the SSO cookie name for use on downstream web invocations.
-
Constructor Details
-
WebSecurityHelper
public WebSecurityHelper()
-
-
Method Details
-
getSSOCookieFromSSOToken
Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it and builds an SSO cookie out of it for use on downstream web invocations. The caller must check for a null return value.Return null if there is an invalid or expired SSO token, no subject on the current thread, no SSO token in subject or no webAppSecurityConfig object. If the returned value is not null, use Cookie methods getName() and getValue() to set the Cookie header on an HTTP request with header value of Cookie.getName()=Cookie.getValue()
- Returns:
- An object of type jakarta.servlet.http.Cookie. May return
null - Throws:
Exception
-
getSSOCookieFromSSOTokenWithoutAttrs
public static jakarta.servlet.http.Cookie getSSOCookieFromSSOTokenWithoutAttrs(String... removeAttributes) throws Exception Extracts the Single Sign-On (SSO) token from the subject of the current thread and builds an SSO cookie out of it. The new SSO token does not include the attributes specified in the removeAttributes parameter for use on downstream web invocations. The caller must check for a null return value. The security permission WebSphereRuntimePermission("updateToken") is needed when security manager is enabled.Return null if there is an invalid or expired SSO token, no subject on the current thread, no SSO token in subject or no webAppSecurityConfig object. If the returned value is not null, use Cookie methods getName() and getValue() to set the Cookie header on an HTTP request with header value of Cookie.getName()=Cookie.getValue()
- Parameters:
String- ... A list of attributes to be removed from the SSO token. If no attributes is specified, all the attributes are kept.- Returns:
- An object of type jakarta.servlet.http.Cookie. May return
null - Throws:
Exception- If SecurityManager exists and does not permit token update.For example: 1) To remove the custom cache key AttributeNameConstants.WSCREDENTIAL_CACHE_KEY from SSO token: Cookie cookie = getSSOCookieFromSSOToken(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY); 2) To keep all attributes in SSO token: Cookie cookie = getSSOCookieFromSSOToken();
-
getSSOCookieName
Extracts the SSO cookie name for use on downstream web invocations. Return null when the service is not started or activated.- Returns:
- a String.
- Throws:
Exception
-
getJwtCookieName
Extracts the JWT cookie name for use on downstream web invocations. Return null when the service is not started or activated.- Returns:
- a String.
-