Secure Web services for version 5.x applications using a pluggable token
To use pluggable tokens to secure the Web services, configure both the client request sender and the server request receiver. We can configure your pluggable tokens using the WAS admin console.
There is an important distinction between Version 5.x and V6.0.x and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6.0.x and later applications. WAS provides several different methods to secure the Web services. A pluggable token is one of these methods. We might secure the Web services by using any of the following methods:
- XML digital signature
- XML encryption
- Basicauth authentication
- Identity assertion authentication
- Signature authentication
- Pluggable token
Complete the following steps to secure the Web services using a pluggable token:
- Generate a security token using the JAAS CallbackHandler interface. The WS-Security runtime uses the JAAS CallbackHandler interface as a plug-in to generate security tokens on the client side or when Web services is acting as a client.
- Set the pluggable token.
See the following tasks:
Set pluggable tokens using an assembly tool
Set pluggable tokens
Pluggable token support
Set the client for LTPA token authentication: specifying LTPA token authentication
Set the client for LTPA token authentication: collecting the authentication method information
Set the server to handle LTPA token authentication information
Set the server to validate LTPA token authentication information 
Related concepts
Lightweight Third Party Authentication
Related tasks
Secure Web services for V5.x applications based on WS-Security