<< Developing TAI's for Websphere Application Server | Home | IBM Champion >>

A TAI code example

To complete my series posts on writing Trust Association Interceptors (TAI's) for Websphere Application Server I wanted to show a real-life example. Not a good example necessarily but an example never the less... :-)

The below example is a very simple TAI that simply does the following:

  1. The initialize() method reads a cookie name from the configuration done in the Websphere Application Server ISC. It illustrates how you can configure a TAI externally without having to hard code it.
  2. The isTargetInterceptor() method looks at the request and sees if a cookie with the configured name is available. If yes it continues to process the request and if not it aborts processing (from the TAI point of view).
  3. The negotiateValidateandEstablishTrust() method does the actual work by simply telling WAS that the username of user is the value from the cookie.
As you see writing a TAI is very simple but extremely powerful. Imagine what could be done if you did SSO between Websphere Application Server and Lotus Domino.

import java.util.Properties;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;

public class ExampleTAI implements TrustAssociationInterceptor {
   // declarations
   private String cookie = null;
   
   @Override
   public void cleanup() {
   }

   @Override
   public String getType() {
      return String.format("Example TAI %s", this.getVersion());
   }

   @Override
   public String getVersion() {
      return "1.0";
   }

   @Override
   public int initialize(Properties props) 
      throws WebTrustAssociationFailedException {
      System.out.println("ExampleTAI.initialize()");
      
      // read properties from configuration in WAS
      this.cookie = props.getProperty("cookieName");
      
      // return 0 to indicate success
      return 0;
   }

   @Override
   public boolean isTargetInterceptor(
      HttpServletRequest req) 
      throws WebTrustAssociationException {
      System.out.println("ExampleTAI.isTargetInterceptor()");
      for (Cookie c : req.getCookies()) {
         if (c.getName().equals(this.cookie)) return true;
      }
      return false;
   }

   @Override
   public TAIResult negotiateValidateandEstablishTrust(
      HttpServletRequest req, 
      HttpServletResponse res) 
      throws WebTrustAssociationFailedException {
      System.out.println("ExampleTAI.negotiate...()");
      for (Cookie c : req.getCookies()) {
         if (c.getName().equals(this.cookie)) {
            // send 200 to signal we're okay
            return TAIResult.create(HttpServletResponse.SC_OK, 
                c.getValue());
         }
      }
      
      // not authenticated
      return TAIResult.create(HttpServletResponse.SC_UNAUTHORIZED);
   }

}

Tags : , , ,


Re: A TAI code example

Supose I am accessing a web resource which caused TAI to be invoked.

If TAI returns  SC_UNAUTHORIZED  then blank page is shown.

Is it correct behaviour ? Ot it should be automatically redirected to some page say, welcome page of web application ?

Or is page where it should redirect is configurable ?

Or I need to write in my TAI impletementation to responce.redirect("somepage.jsp");

 

Avatar: Mikkel Flindt Heisterberg

Re: A TAI code example

 I'm pretty sure that sending an unauthorized back such cause the webapp to show a login page if the protected web page is set up to require authentication. 

Re: A TAI code example

hi can you explian what configuration you have done in the Websphere Application Server ISC for initialize() method to read a cookie name ?
Avatar: Mikkel Flindt Heisterberg

Re: A TAI code example

 When you configure the TAI you can add socalled custom properties which can be read as I do.

Re: A TAI code example

Pretty cool!!!

Avatar: Anonymous

Re: A TAI code example

 I have created the TAi configuration, During the start of the server i can see the initialize method is getting called, But from my webapplication i am not able to invoke any one of the methods like isTargetInterceptor, negotiateValidateandEstablishTrust..etc..

May i know what kind of setup i need to do in web.xml ??

 

Avatar: Anonymous

Re: A TAI code example

We already have a TAI on the Portal Server which is a Siteminder TAI.

I would like to add another TAI.

Once added I would like both the TAIs to function but would like the new TAI to be first in order. Is this possible to do and if yes can you please help with the intructions to achieve ordering of TAIs.


Add a comment Send a TrackBack