Custom Password Lookup
By default authentication is checked against the usernames and passwords stored in TIBCO Administrator. TIBCO Administrator can also point to an LDAP registry for username/password lookup. If you store usernames and passwords in your own database or LDAP system, you can write your own password callback class that implements the javax.security.auth.callback.CallbackHandler
interface.
The CallbackHandler
implementation must iterate over each Callback
object and look for the WSPasswordCallback
type. You can use the WSPasswordCallback.getIdentifier()
method to obtain the username. Then you can write code to lookup the password for that username in your system. Once obtained, you must set the password in the Callback
object using the setPassword()
method.
Here is a simple example of a CallbackHandler
implementation:
public class MyPasswordCallback implements CallbackHandler {
private HashMap passwords = new HashMap();
public MyPasswordCallback() {
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc =
(WSPasswordCallback) callbacks[i];
String identifier = pc.getIdentifier();
int usage = pc.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN
|| usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN)
{
String pw = (String) passwords.get(sub);
if(pw == null){
pw = lookupPassword(identifier);
//lookup password using any mechanism.
}
pc.setPassword(pw);
}
}
}
}
For more information about implementing the CallbackHandler interface, see the custom password examples in the BW_HOME/examples/activities/soap
directory or see https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/security/auth/callback/CallbackHandler.html.
To use custom password lookup in a security policy, perform the following procedure:
Procedure
-
Compile your Callback object into a
.jar
file. -
Open the ActiveMatrix BusinessWorks project containing the processes for which you are creating security policies.
-
Click the General palette and drag and drop an AliasLibrary resource into the design panel.
-
Place your Callback object
.jar
file into the AliasLibrary resource, and also include any classes that your object depends on (for example, third-party classes for LDAP access). See Sharing Common Resources with Other Projects for more information about using AliasLibrary resources. -
Click the Policy palette and drag and drop a Security Policy resource into the design panel. Alternatively, click an existing Security Policy resource to edit the resource.
-
On the Configuration tab, click the checkbox in the Custom Password Lookup field.
-
In the Custom Password Callback Java Class field, use the Browse button to locate and select the AliasLibrary resource you created in step-4.
-
In the Class field, use the Show Class Browser button to locate and select your Callback object.
-
Click Apply, then associate your security policy with the desired web services, if you have not already done so.
-
Save the project.