Pluggable token support


You can extend the WAS login mapping mechanism to handle new types of authentication tokens. WAS provides a pluggable framework to generate security tokens on the sender-side of the message and to validate the security token on the receiver-side of the message. The framework is based on the JAAS APIs. Pluggable security token support provides plug-in points to support customer security token types including token generation, token validation, and client identity mapping to a WAS identity that is used by the J2EE authorization engine. Moreover, the pluggable token generation and validation framework supports XML-based tokens to be inserted into the Web service message header and validated on the receiver-side validation.

Use the implementation to create a new type of security token following these guidelines:

You can implement the interface, which is a factory for instantiating the implementation. For your own implementation, provide the interface. The Web service security run time instantiates the factory implementation class and passes the authentication information from the Web services message header to the factory class through the setter methods. The Web services security run time then invokes the newCallbackHandler() method of the factory implementation class to obtain an instance of the object. The object is passed to the JAAS login configuration.

The following is an example the definition of the CallbackHandlerFactory interface

public interface {
       public void setUsername String(username);
       public void setRealm String(realm);
       public void setPassword String(password);
       public void setHashMap Map(properties);
       public void setTokenByte(byte[] token);
       public void setXMLToken(Element xmlToken);
       public CallbackHandler newCallbackHandler();


See Also

XML token
Securing Web services using a pluggable token