10.3 Using active credentials
After importing and testing the protected servlet, you will build a portlet application accessing the Treasure servlet and using active credential objects.The portlet will be created based on the Basic portlet type and will
demonstrate
the use of credentials. Once the project is created, you will run it in the WebSphere Portal Test Environment to view it.
Creating the Credential Vault portlet application
To create the new portlet project, follow these steps:
-
Switch to the Portlet perspective (
Window ->
Open
Perspective
).
-
Select
File -> New -> Other
.
Figure 10-10. Invoking New Project wizard
-
Select
Portlet development -> Portlet application project
. Click
Next
.
Figure 10-11. Creating a new portlet application
-
In the Define the Portlet Project page, enter a project
name
of
CredVaultBasicAuth
and click
Next
.
Figure 10-12. Define the Portlet Project
-
In the J2EE Settings Page, leave the defaults and click
Next
.
-
In Portlet Settings, accept all values. Click
Next
.
-
In Event Handling, uncheck
Add form sample
so that only
Add action listener
is checked. Click
Next
.
Figure 10-13. Event Handling page of New Portlet Application wizard
-
In the Single Sign-On page, check
Add credential vault handling
and enter a slot name of
TreasureCredentialSlot
. Click
Next
.
Figure 10-14. Single Sign-On page of the new portlet application wizard
-
Since no additional
markups
and no additional modes will be supported in this scenario, click
Finish
to generate the portlet. After a few minutes, the portlet deployment descriptor of the new portlet application opens.
Reviewing the generated code
Before the portlet code is modified to access the secure portlet, let's examine the wizard generated code.
If you expand the credvaultbasicauth package in the Source folder of the new project, you can see a CredVaultBasicAuthSecurityManager class in addition to the portlet and bean classes. This class is responsible for initializing the Credential Vault service and administering the credentials.
Figure 10-15. Reviewing CredVaultBasicAuthSecurityManager class
The following
methods
are provided in this class to handle Credential Vault issues:
-
The init method of this class initializes the vaultService data member.
-
getCredential returns the
user
name and password by using a string buffer.
-
setCredential sets the user name and password.
-
getSlotld returns the ID of the slot. Depending on the type of slot, this method uses PortletData or VaultService to get the ID.
-
New slots are created in the createNewSlot method.
-
getPrincipalFromSubject retrieves the specified Principal from the provided subject.
-
isWritable checks whether the password can be saved.
The wizard has also created an input form for a user ID and password in the CredVaultBasicAuthPortletEdit.jsp. As previously described, when clicking the
Save
button, the actionPerformed() method in the portlet class is called. This method retrieves the user ID and password from the form and uses the security manager class to set the credentials.
The current version of the doView method retrieves the user credentials from the security manager and displays them in the JSP. Because we want to include the content of the secured Treasure servlet, we will replace this method in the next section of this scenario.
10.3.1 Updating the generated portlet
Modify the portlet application as
follows
:
-
Open CredVaultBasicAuthPortletSecretManager from the credvaultbasicauth package.
-
Using the Java editor, add the method shown in Example 10-1 to the class. The method can be found in the c:\LabFiles\CredentialVault\Snippets folder.
Note
: The sample scenario included in this chapter requires that you download the sample code available as additional materials. See Appendix C, "Additional material" on page 543.
You may want to use WordPad to edit getConnectionUsingActiveObject.java and then copy and paste.
Note
: The getConnectionUsingActiveObject method returns an http connection.
Example 10-1. getConnectionUsingActiveObject method (active credentials)
public static HttpURLConnection getConnectionUsingActiveObject(
PortletRequest portletRequest,
CredVaultBasicAuthPortletSessionBean sessionBean,
String host, String port, String path) {
HttpURLConnection connection=null
;
try {
URL urlSpec =
new URL("http://" + host + ":" + port + path)
;
String slotId = getSlotId(portletRequest, sessionBean, false)
;
if (slotId != null) {
HttpBasicAuthCredential credential =
(HttpBasicAuthCredential) vaultService.getCredential(
slotId,
"HttpBasicAuth",
new HashMap(),
portletRequest)
;
connection = credential.getAuthenticatedConnection(urlSpec)
;
}
} catch (Exception e) {
e.printStackTrace()
;
}
return connection
;
}
-
Some code errors appear because the required import statements are missing. To fix these errors, right-click the Java editor and select
Source -> Organize Imports
.
-
In the Organize Imports dialog, choose
-
java.net.HttpURLConnection
-
select java.net.URL
Click
Finish
to close the Organize Imports dialog.
Figure 10-16. Importing missing import statements using Organize Imports tool
-
Save and close the Java file.
-
Open the class CredVaultBasicAuthPortlet from the credvaultbasicauth package.
-
Replace the doView method so it looks as shown in Example 10-2 on page 337. You may want to copy and paste from c:\LabFiles\CredentialVault\Snippets\doView.java.
Note
: The sample scenario included in this chapter requires that you download the sample code available as additional materials. See Appendix C, "Additional material" on page 543.
Example 10-2. The doView method uses a Http connection from the SecretManager class
public void
doView
(PortletRequest request, PortletResponse response)
throws PortletException, IOException {
// Check if portlet session exists
CredVaultBasicAuthPortletSessionBean sessionBean =
getSessionBean(request);
if (sessionBean == null) {
response.getWriter().println("<b>NO PORTLET SESSION YET</b>");
return;
}
// get output stream to write the results
PrintWriter writer = response.getWriter();
// get the CredentialVault PortletService
PortletContext context = this.getPortletConfig().getContext();
try {
String host = request.getServerName();
//String host = request.getRemoteHost();
String port = String.valueOf(request.getServerPort());
String path = "/TreasureWeb/TreasurePage";
HttpURLConnection connection =
CredVaultBasicAuthPortletSecretManager.getConnectionUsingActiveObject
(
request, sessionBean, host, port, path );
if (connection != null) {
connection.connect();
String responseMessage = connection.getResponseMessage();
int responseCode = connection.getResponseCode();
// Were we successful?
if (HttpURLConnection.HTTP_OK == responseCode) {
writer.println("<P>Successfully connected!</P>");
} else {
writer.println(
"<P>Unable to successfully connect to back end."
+ ", HTTP Response Code = " + responseCode
+ ", HTTP Response Message = \"" + responseMessage
+ "\"</P>");
}
BufferedReader br =
new BufferedReader(
new InputStreamReader(connection.getInputStream()));
String line;
while ((line = br.readLine()) != null)
writer.println(line + "\n");
} else {
writer.println(
"<h2>Credential not found. Please set it in the edit mode!
</h2>");
return;
}
} catch (IOException exc) {
writer.println(
"<h2>Single-sign-on error, login at back-end failed! </h2>");
return;
}
}
-
Organize the import statements as you did before.
-
Save and close the Java file.
Important
: If you get a message indicating that getConnectionUsingActiveObject() is undefined, try making a small modification to the file and enabling the save option. Save the file again. This procedure should resolve any pending undefined issues.
10.3.2 Running the portlet
In this section, you will run the portlet using active credentials to access the back-end resource, a protected servlet in this case.
-
Close any open browser
viewers
.
-
Switch to the Portlet perspective.
-
In the Server Configuration view, right-click the
Servers
folder and choose
New -> Server and Server Configuration
.
Figure 10-17. Creation of a new server
-
In the Server Selection dialog, choose a server of the WebSphere Portal V5.0 Test Environment and enter a server name of
WPS 5.0
. Click
Finish
to add the new server.
Figure 10-18. Create a new WebSphere Portal Test Environment
-
Add the Treasure servlet to the portal test environment, right-click the
WPS5.0
server and choose
Add -> TreasureEAR
.
Figure 10-19. Add Treasure servlet and CredVault portlet to portal test environment
-
Repeat the previous step to add the DefaultEAR to the portal Test Environment. This will also add the CredVaultBasicAuth portlet to the server.
-
In the J2EE Navigator view select
CredVaultBasicAuth
, choose
Run on server
and wait a few minutes for the Portal server to open for e-business. This will start the server and will also open a browser displaying the portlet.
Figure 10-20. Selecting Run on Server... to test the portlet.
-
The portlet will execute the initConcrete method to initialize the Credential Vault Service and the doView method. Since there are no credentials yet, a message is displayed.
-
Switch to the Edit mode and enter the following information:
-
- User ID:
user1
-
- Password:
password1
-
Submit the action. This will generate an action that will be checked by the actionPerformed method in the CredVaultBasicAuthPortlet class. The portlet returns to View mode, showing the contents of the Treasure Servlet.
-
In the Servers view, stop the running portal server.
Figure 10-21. The CredentialVault portlet in action
|
