10.4 Using passive credentials

 < Day Day Up > 

In the previous section, a portlet using an active credential object was built. Although this is the preferred type of credential object, there are certain cases where you have to use passive credential objects, for example when an appropriate active credential class is not available.

In this sample scenario, the portlet will be changed to use a passive credential object.

To modify the portlet application, proceed as follows :

  1. Open the class CredVaultBasicAuthPortletSecretManager from the credvaultbasicauth project.

  2. In the Java editor, add the following method to the class.

    Example 10-3. The getConnectionUsingPassiveObject method (passive credentials)
      public static HttpURLConnection getConnectionUsingPassiveObject(   PortletRequest portletRequest,   CredVaultBasicAuthPortletSessionBean sessionBean,   String host, String port, String path) {   StringBuffer userid = new StringBuffer("")  ;  StringBuffer password = new StringBuffer("")  ;  HttpURLConnection connection = null  ;  try {   getCredential (portletRequest, sessionBean, userid, password)  ;  if (!userid.toString().equals("")) {   String userAndPassword =   new String(userid.toString() + ":" + password.toString())  ;  byte[] userAndPasswordBytes = userAndPassword.getBytes()  ;  BASE64Encoder encoder = new BASE64Encoder()  ;  String basicAuth =   new String(encoder.encode(userAndPasswordBytes))  ;  basicAuth = "Basic " + basicAuth  ;  URL url = new URL("http://" + host + ":" + port + path)  ;  connection = (HttpURLConnection) url.openConnection()  ;  connection.setRequestProperty("authorization", basicAuth)  ;  }   } catch (Exception e) {   e.printStackTrace()  ;  }   return connection  ;  }  
  3. Organize the import statements as you did in the previous scenario.

  4. Save and close the Java file.

  5. Open the class CredVaultBasicAuthPortlet from the credvaultbasicauth package.

     In the doView method, change the line: HttpURLConnection connection = CredVaultBasicAuthPortletSecretManager.getConnectionUsingActiveObject(reque st,   sessionBean,     host, port, path ); 

    to

     HttpURLConnection connection = CredVaultBasicAuthPortletSecretManager.getConnectionUsing  Passive  Object(requ est,  sessionBean,    host,  port, path ); 
  6. Save and close the Java file.

  7. Start the server and test the servlet as described in 10.3.2, "Running the portlet" on page 338. Now the portlet runs exactly the same way as it did in the previous section when it was using active credentials. This time, the getConnectionUsingPassiveObject method has access to the credentials.

Note : Having access to credentials could be a security risk, so when possible, use always active credential objects.

 < Day Day Up > 


IBM WebSphere Portal V5 A Guide for Portlet Application Development
IBM Websphere Portal V5: A Guide for Portlet Application Development
ISBN: 0738498513
EAN: 2147483647
Year: 2004
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net