Web services security service provider programming interfaces

Several Service Provider Interfaces (SPIs) are provided to extend the capability of the Web services security run time. The following list contains the SPIs that are available for WAS...

The JAAS LoginModule API is used for token validation on the request receiver side of the message. You can implement a custom LoginModule API to perform validation of the custom token on the request receiver of the message. After the token is verified and validated, the token is set as the caller and then run as the identity in the WAS run time. The identity is used for authorization checks by the containers before a Java 2 Platform, Enterprise Edition (J2EE) resource is invoked. The following list presents the are the default AuthMethod configurations provided by WebSphere Application Server:

BasicAuth Validates a user name token.

Signature Maps the distinguished name (DN) of a verified certificate to a Java Authentication and Authorization Service (JAAS) subject.

IDAssertion Maps a trusted identity to a JAAS subject.

LTPA Validates an LTPA token that is received in the message and creates a JAAS subject.

 

See Also

Lightweight Third Party Authentication
Web services security model in WAS
Login mappings
Securing Web services using XML digital signature
Web services security support