Developing a custom TAI for Liberty
You can develop a custom trust association interceptor (TAI) class by implementing the com.ibm.wsspi.security.tai.TrustAssociationInterceptor interface provided in the Liberty server.
About this task
The trust association interface is a service provider API that enables the integration of
third-party security services with a Liberty
server. When processing the web request, the Liberty server calls out and passes the
HttpServletRequest
and HttpServletResponse
to the trust
association interceptors. The HttpServletRequest
calls the
isTargetInterceptor
method of the interceptor to see whether the interceptor can
process the request. After an appropriate trust association interceptor is selected, the
HttpServletRequest
is processed by the
negotiateValidateandEstablishTrust
method of the interceptor, and the result is
returned in a TAIResult
object. You can add your own logic code to each method of
the custom TAI class.
See also the Java™ API document for the TAI interface. The Java API documentation for each Liberty API is detailed in the Programming interfaces (Javadoc) section of the online IBM® documentation, and is also available as a separate .zip file in one of the javadoc subdirectories of the ${wlp.install.dir}/dev directory.
TrustAssociationInterceptor
component to call the
InitialDirContext
class, the java.naming.ldap.factory.socket
property must be set to the com.ibm.ws.ssl.protocol.LibertySSLSocketFactory
Liberty
socket factory. Setting this property to other factories can cause a
NoClassDefFoundException
.Example
Here is a sample TAI class called SimpleTAI
, which also lists all available
methods from the TrustAssociationInterceptor
interface.
package com.ibm.websphere.security.sample;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.ibm.websphere.security.WebTrustAssociationException;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.wsspi.security.tai.TAIResult;
import com.ibm.wsspi.security.tai.TrustAssociationInterceptor;
public class SimpleTAI implements TrustAssociationInterceptor {
public SimpleTAI() {
super();
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#isTargetInterceptor
* (javax.servlet.http.HttpServletRequest)
*/
public boolean isTargetInterceptor(HttpServletRequest req)
throws WebTrustAssociationException {
//Add logic to determine whether to intercept this request
return true;
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#negotiateValidateandEstablishTrust
* (javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
*/
public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req,
HttpServletResponse resp) throws WebTrustAssociationFailedException {
// Add logic to authenticate a request and return a TAI result.
String tai_user = "taiUser";
return TAIResult.create(HttpServletResponse.SC_OK, tai_user);
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#initialize(java.util.Properties)
*/
public int initialize(Properties arg0)
throws WebTrustAssociationFailedException {
return 0;
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#getVersion()
*/
public String getVersion() {
return "1.0";
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#getType()
*/
public String getType() {
return this.getClass().getName();
}
/*
* @see com.ibm.wsspi.security.tai.TrustAssociationInterceptor#cleanup()
*/
public void cleanup()
{}
}
What to do next
Add the TAI class to the Liberty server.
- Put the custom TAI class in a JAR file, for example
simpleTAI.jar
, then make the JAR file available as a shared library. See Configuring TAI for Liberty. - Package the custom TAI class as a feature.