<< Developing TAI's for Websphere Application Server | Home | IBM Champion >>

About

This is the blog of Mikkel Flindt Heisterberg about all things Lotus. More detailed info about me, incl. bio, can be found on the about me page.

I'm available for consulting work. E-mail me (see the about me page) for address.
IBM Connect 2013
Lotusphere 2012
Lotusphere 2011
Lotusphere 2010
Lotusphere 2009
Lotusphere 2008
Lotusphere 2007
Lotusphere 2006
Disclaimer, copyright and license info.

Donate to LotusScript.doc!

RSS | Atom | E-mail

Navigate

Categories | Tags | Advanced Search

Tags

Recent Blog Entries

Authentication vs. Authorization
When ever I talk to customers and partners about single-sign-on (SSO) and the concepts of "authentication" I'm quite often baffled by the level of misunderstanding, misconception and lack of knowledge about just how "authentication" works. Now the reason ...
Just arrived - thank you IBM
Tags : champion, ibm, ibm_champion
Websphere Application Server WIM LDAP adapter log trace
When debugging LDAP login issues for Websphere Application Server (WAS) you're actually debugging the WIM (Websphere Identity Manager) part of WAS. The actual login piece is part of the adapters (database, ldap, file) which is the repository specific ...
Setting up LDAP failover for Websphere Application Server
As you may know LDAP is crucial to Websphere Application Server (WAS) when using it for IBM Connections so it makes good sense to configure failover for LDAP. If the LDAP server becomes unavailable you can no longer log in (actually you can't even log ...
Looking up a datasource from an IBM Connections event handler
For a customer project I'm working on these days I'm writing an event handler for IBM Connections Profiles to integrate two profile systems in real-time using the IBM Connections 4.0 Event SPI. Pretty powerful stuff in case you've never looked into it. ...
Fixing IBM Connections help for IE users
At a customer site they were actually using the IBM Connections help documents (a first I know) but it didn't work for the users in Internet Explorer. After some research it turned out to be due to a missing compatability statement in the generated HTML ...
Hiding the Social Mail username and password from socialmail-discovery-config.xml
It's been bothering me a while that the username and password for our LDAP user was visible in clear text in our socialmail-discovery...
There's a new sheriff in town
Last week was the annual BLUG event this time in Leuven, Belgium, and as always Theo and team created an amazing event. The BLUG event is now the biggest user group in the a World with a staggering 325 attendes and it really makes BLUG a mini-Connect ...

Recent Responses

Re: C API guru help needed!
When script length64K,How get whole script?
Re: Authentication vs. Authorization
I find myself banging that drum from time to time too. Good post sir.
It is WHO your are vs. WHAT you can do
I usually use the passport example: Show me your passport: Person1: Ah you are John Doe, a citizen- Authentication Person 2: ah you are Frank Foreign, a visitor. - Authentication Then: Citizen: You have the right to vote, stay as long as you want ...
Re: Setting table row height in SWT
Not that I know of. In effect it's the underlying OS widget you're using so I guess not.
Re: Setting table row height in SWT
Is there any way by which i can change the color of the Grid Line Seperator between the rows?
Re: Hiding the Social Mail username and password from socialmail-discovery-config.xml
Strangely I cover that in some slides I just made for the credstore and OpenSocial deployment as a way to secure your environment better.
Re: There's a new sheriff in town
We caught the keynote on film and it is in edit now. Should be out and ready by Monday. The missing tripod caused some grief but I am making adjustments in edit
Re: There's a new sheriff in town
Let us all hope that Scott will not turn out to be one of those "shoot from the hip" types. But I don't think so. Great guy, great start!
Re: Configure Eclipse 4.2 (Juno) for Notes 9
Agree. Will add it. Thanks.
Re: Configure Eclipse 4.2 (Juno) for Notes 9
hi, you forgot to update the guide to say that if the Notes install directory contains a space, then the rcp.home variable should be in double quotes. I don't mean to nag, but these comments are not easily reached from the actual blog page...

Log me in using Google

A TAI code example

To complete my series posts on writing Trust Association Interceptors (TAI's) for Websphere Application Server I wanted to show a real-life example. Not a good example necessarily but an example never the less... :-)

The below example is a very simple TAI that simply does the following:

The initialize() method reads a cookie name from the configuration done in the Websphere Application Server ISC. It illustrates how you can configure a TAI externally without having to hard code it.
The isTargetInterceptor() method looks at the request and sees if a cookie with the configured name is available. If yes it continues to process the request and if not it aborts processing (from the TAI point of view).
The negotiateValidateandEstablishTrust() method does the actual work by simply telling WAS that the username of user is the value from the cookie.

As you see writing a TAI is very simple but extremely powerful. Imagine what could be done if you did SSO between Websphere Application Server and Lotus Domino.

import java.util.Properties;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;

public class ExampleTAI implements TrustAssociationInterceptor {
   // declarations
   private String cookie = null;
   
   @Override
   public void cleanup() {
   }

   @Override
   public String getType() {
      return String.format("Example TAI %s", this.getVersion());
   }

   @Override
   public String getVersion() {
      return "1.0";
   }

   @Override
   public int initialize(Properties props) 
      throws WebTrustAssociationFailedException {
      System.out.println("ExampleTAI.initialize()");
      
      // read properties from configuration in WAS
      this.cookie = props.getProperty("cookieName");
      
      // return 0 to indicate success
      return 0;
   }

   @Override
   public boolean isTargetInterceptor(
      HttpServletRequest req) 
      throws WebTrustAssociationException {
      System.out.println("ExampleTAI.isTargetInterceptor()");
      for (Cookie c : req.getCookies()) {
         if (c.getName().equals(this.cookie)) return true;
      }
      return false;
   }

   @Override
   public TAIResult negotiateValidateandEstablishTrust(
      HttpServletRequest req, 
      HttpServletResponse res) 
      throws WebTrustAssociationFailedException {
      System.out.println("ExampleTAI.negotiate...()");
      for (Cookie c : req.getCookies()) {
         if (c.getName().equals(this.cookie)) {
            // send 200 to signal we're okay
            return TAIResult.create(HttpServletResponse.SC_OK, 
                c.getValue());
         }
      }
      
      // not authenticated
      return TAIResult.create(HttpServletResponse.SC_UNAUTHORIZED);
   }

}

Tags : java, tai, was, websphere

Add a comment

Posted by Mikkel Flindt Heisterberg on 10 June 2011 14:06:58 CEST #

Add a comment Send a TrackBack

June 2011
Mon	Tue	Wed	Thu	Fri	Sat	Sun
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30
May \| Today \| Jul

2013 May (4) April (3) March (10) February (4) January (8)	2012 December (8) November (3) October (3) September (4) August (7) July (3) June (6) May (4) April (8) March (8) February (12) January (3)
2011 December (11) November (1) October (13) September (7) August (8) July (7) June (8) May (13) April (1) March (7) February (4) January (5)	2010 December (10) November (7) October (13) September (10) August (18) July (11) June (16) May (12) April (11) March (14) February (12) January (9)
2009 December (17) November (12) October (20) September (3) August (17) July (12) June (15) May (6) April (19) March (14) February (23) January (25)	2008 December (24) November (14) October (10) September (15) August (18) July (12) June (14) May (26) April (22) March (32) February (29) January (37)
2007 December (17) November (24) October (20) September (23) August (20) July (9) June (17) May (24) April (12) March (8) February (18) January (33)	2006 December (13) November (29) October (32) September (22) August (30) July (18) June (47) May (33) April (43) March (28) February (28) January (20)
2005 December (14) November (19) October (11) September (13) August (24) July (22) April (9) March (14) February (10) January (3)	2004 December (13) November (6)

Re: A TAI code example Comment from Anonymous on 20 May 2013 17:54:59 CEST #
Title
Body	HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
OpenID Login	(Not me?)
Name
E-mail address
Website
Remember me	Yes No
E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

A TAI code example

Re: A TAI code example