To complete my series posts on writing Trust Association Interceptors (TAI’s) for Websphere Application Server I wanted to show a real-life example. Not a good example necessarily but an example never the less… 🙂
The below example is a very simple TAI that simply does the following:
- The initialize() method reads a cookie name from the configuration done in the Websphere Application Server ISC. It illustrates how you can configure a TAI externally without having to hard code it.
- The isTargetInterceptor() method looks at the request and sees if a cookie with the configured name is available. If yes it continues to process the request and if not it aborts processing (from the TAI point of view).
- The negotiateValidateandEstablishTrust() method does the actual work by simply telling WAS that the username of user is the value from the cookie.
As you see writing a TAI is very simple but extremely powerful. Imagine what could be done if you did SSO between Websphere Application Server and Lotus Domino.
import java.util.Properties;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
public class ExampleTAI implements TrustAssociationInterceptor {
// declarations
private String cookie = null;
@Override
public void cleanup() {
}
@Override
public String getType() {
return String.format("Example TAI %s", this.getVersion());
}
@Override
public String getVersion() {
return "1.0";
}
@Override
public int initialize(Properties props)
throws WebTrustAssociationFailedException {
System.out.println("ExampleTAI.initialize()");
// read properties from configuration in WAS
this.cookie = props.getProperty("cookieName");
// return 0 to indicate success
return 0;
}
@Override
public boolean isTargetInterceptor(
HttpServletRequest req)
throws WebTrustAssociationException {
System.out.println("ExampleTAI.isTargetInterceptor()");
for (Cookie c : req.getCookies()) {
if (c.getName().equals(this.cookie)) return true;
}
return false;
}
@Override
public TAIResult negotiateValidateandEstablishTrust(
HttpServletRequest req,
HttpServletResponse res)
throws WebTrustAssociationFailedException {
System.out.println("ExampleTAI.negotiate...()");
for (Cookie c : req.getCookies()) {
if (c.getName().equals(this.cookie)) {
// send 200 to signal we're okay
return TAIResult.create(HttpServletResponse.SC_OK,
c.getValue());
}
}
// not authenticated
return TAIResult.create(HttpServletResponse.SC_UNAUTHORIZED);
}
}
lekkimworld.com 
Supose I am accessing a web resource which caused TAI to be invoked.
If TAI returns SC_UNAUTHORIZED then blank page is shown.
Is it correct behaviour ? Ot it should be automatically redirected to some page say, welcome page of web application ?
Or is page where it should redirect is configurable ?
Or I need to write in my TAI impletementation to responce.redirect("somepage.jsp");
LikeLike
I’m pretty sure that sending an unauthorized back such cause the webapp to show a login page if the protected web page is set up to require authentication.
LikeLike
hi
can you explian what configuration you have done in the Websphere Application Server ISC for initialize() method to read a cookie name ?
LikeLike
When you configure the TAI you can add socalled custom properties which can be read as I do.
LikeLike
Pretty cool!!!
LikeLike
I have created the TAi configuration, During the start of the server i can see the initialize method is getting called, But from my webapplication i am not able to invoke any one of the methods like isTargetInterceptor, negotiateValidateandEstablishTrust..etc..
May i know what kind of setup i need to do in web.xml ??
LikeLike
We already have a TAI on the Portal Server which is a Siteminder TAI.
I would like to add another TAI.
Once added I would like both the TAIs to function but would like the new TAI to be first in order. Is this possible to do and if yes can you please help with the intructions to achieve ordering of TAIs.
LikeLike