ALI Portlet Development: Portlet Security

Using IDK Encryption without the Credential Vault

The AquaLogic Interaction Development Kit (IDK) provides standard methods for encrypting and decrypting credentials stored in the ALI database. In version 6.0, portlets can access the authentication settings stored in the central credential vault. For details, see Using the Credential Vault.

Portlets can use four types of encryption:

Advanced Encryption Standard (AES) is private key encryption using 128-bit keys.
RC2 is private key encryption using 64-bit keys.
Base64 converts binary data into ASCII text and vice versa. Base64 does not require a key for decryption. Base64 is used by the credential vault if no RSA key is provided.
RSA is the public key/private key encryption type used by the credential vault. To use RSA encryption with IDK methods, you must use the credential vault. For details, see Using the Credential Vault.

If you are not using the credential vault, you must set the encryption type and associated key, and the setting type and setting names. You can enter these parameters in the IDK web.xml/Web.config file, or set them programmatically using the methods in ICredentialSetter and ICredentialProvider.

Note: The encryption settings in the configuration file will override any values set programmatically.

Configuration File Settings

To configure encryption in the web.xml/Web.config file, enter values for the following parameters:

Parameter	Accepted Values
CredentialSettingType	Portal setting type: GADGET: Portlet Preference COMMUNITYGADGET: CommunityPortlet Preference COMMUNITY: Community Preference ADMIN: Administrative Preference SESSION: Session Preference USER: User Preference USERINFO: User Information Setting
UsernameParameterName	The setting name for the user name setting (e.g., DctmUserName).
PasswordParameterName	The setting name for the password setting (e.g., DctmPassword).
CredentialEncryptionType	Encryption type: BASE64 RC2 AES NONE (RSA encryption is only available with the credential vault.)
RC2PrivateKey	String of private key for RC2 encryption.
AESPrivateKey	String of private key for AES encryption.

If you do not include these settings in the configuration file, you must set them programmatically as explained below.

IDK Encryption Methods

The IDK encryption methods allow you to set the encryption type and key, and define the setting type and setting names.

Note: The encryption settings in the configuration file will override any values set programmatically.

ICredentialSetter

To encrypt and store credentials in the portal database, use ICredentialSetter.

Java:

// get an ICredentialSetter instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.createPortletContext(req, resp);
ICredentialSetter cSetter = portletContext.getCredentialSetter();

// set the header type and parameter names
// not required if set in web.config
cSetter.setCredentialSettingType(SettingType.User);
cSetter.setUsernameParameterName("DCTMUserName");
cSetter.setPasswordParameterName("DCTMPassword");

// set the encryption type and key
// not required if set in web.xml
cSetter.setCredentialEncryptionType(EncryptionType.RC2);
cSetter.setPrivateKey("skiroblbpauwyryrhfvnmsl");

// set the user name and password
cSetter.setUsername(username);
cSetter.setPassword(password);

C#:

// get an ICredentialSetter instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.CreatePortletContext(req, resp);
ICredentialSetter cSetter = portletContext.GetCredentialSetter();

// set the header type and parameter names
// not required if set in web.config
cSetter.SetCredentialSettingType(SettingType.User);
cSetter.SetUsernameParameterName("DCTMUserName");
cSetter.SetPasswordParameterName("DCTMPassword");

// set the encryption type and key
// not required if set in Web.config
cSetter.SetCredentialEncryptionType(EncryptionType.RC2);
cSetter.SetPrivateKey("skiroblbpauwyryrhfvnmsl");

// set the user name and password
cSetter.SetUsername(username);
cSetter.SetPassword(password);

ICredentialProvider

To decrypt credentials stored in the portal database, use ICredentialProvider.

Java:

// get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.createPortletContext(req, resp);
ICredentialProvider cProvider = portletContext.getCredentialProvider();

// set the header type and parameter names
// not required if set in web.xml
cProvider.setCredentialSettingType(SettingType.User);
cProvider.setUsernameParameterName("DCTMUsername");
cProvider.setPasswordParameterName("DCTMPassword");

// set the encryption type and key
// not required if set in web.xml
cProvider.setCredentialEncryptionType(EncryptionType.RC2);
cProvider.setPrivateKey("skiroblbpauwyryrhfvnmsl");

// get the username and password
String username = cProvider.getUsername();
String password = cProvider.getPassword();

C#:

// get an ICredentialProvider instance from IPortletContext
IPortletContext portletContext = PortletContextFactory.CreatePortletContext(req, resp);
ICredentialProvider cProvider = portletContext.GetCredentialProvider();

// set the header type and parameter names
// not required if set in Web.config
cProvider.SetCredentialSettingType(SettingType.User);
cProvider.SetUsernameParameterName("DCTMUsername");
cProvider.SetPasswordParameterName("DCTMPassword");

// set the encryption type and key
// not required if set in Web.config
cProvider.SetCredentialEncryptionType(EncryptionType.RC2);
cProvider.SetPrivateKey("skiroblbpauwyryrhfvnmsl");

// get the username and password
String username = cProvider.GetUsername();
String password = cProvider.GetPassword();