Methods; Configuration Properties - Novell ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010 Manual

Methods

The TAI classes implement five methods:
initialize(Properties): Module initialization, based on a configuration that is provided to the
TAI as a java.util.Properties set.
getType(): Returns the module's Java class name, thereby identifying it to WebSphere
Application Server (WAS).
get Version(): Returns the module's version number, normally a fixed string.
isTargetInterceptor(HttpServletRequest): Establishes whether this particular TAI instance
(of wnegotiateValidateandEstablishTrust(HttpServletRequest,
HttpServletResponse)negotiateValidateandEstablishTrust(HttpServletRequest,
HttpServletResponse) performs the validation of a particular HTTP request, throwing an
WebTrustAssociationFailedException on failure.
cleanup(): Releases any resources held by the TAI while in its active state.

Configuration Properties

The initialize() method of the TAI currently recognizes the following configuration properties:
Secret-Value: Value of the authentication secret placed into requests by Access Manager..
Secret-Header: Name of the HTTP request header in which the secret value is placed. As with
the other ...-header properties, Access Manager. is expected to set the header in question.
User-Name Header: Name of the HTTP request header that contains the short user name. It is
passed on to WebSphere Application Server as the WSCREDENTIAL_SECURITYNAME
attribute.
User-ID-Header: Name of the HTTP request header that contains the fully distinguished user
name in LDAP format. It is passed on to WebSphere Application Server as the
WSCREDENTIAL_UNIQUEID attribute, and used in the arrangement of group membership
for role determination by WebSphere Portal Server .
Cache-Key-Header: Name of the HTTP request header that contains the cache key for the
session. It is initialized by the TAI to the current system time in milliseconds, and expressed as
a decimal number when it is unset by Access Manager. It is passed on to WebSphere
Application Server as the WSCREDENTIAL_CACHE_KEY attribute.
Role-Header: Name of the HTTP request header that lists the user's roles.
Role-Separator: Fixed character string that separates individual role names. Used with the
role-header, update-roles, and presentation-roles values, all concatenations of role names.
Presentation-Roles: Names of the roles that should be presented to WebSphere Application
Server (through the WSCREDENTIAL_ GROUPS attribute) as the names of LDAP groups of
which the user is a member. Individual presentation role names are separated by the (global)
role separator string.
Update-Roles: Names of the roles for which the TAI should prepare corresponding LDAP
group objects for direct LDAP readout by Websphere Portal Service.
Presentation-Container: Distinguished name of the LDAP container that is expected to
contain the WebSphere Application Server groups; that is the objects that are merely
presented as being groups of which the user is a member.
Update-Container: Distinguished name of the LDAP container that is expected to contain the
groups for which the TAI should actually manipulate the membership.
Preparing the Applications and the J2EE Servers 75