WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services > Use Web Services Security SPIs
Create custom security tokens for Web services security using the GenericSecurityTokenFactory SPIs
Use the GenericSecurityTokenFactory SPIs to create custom security tokens for use by the WS-Security runtime. These security tokens can be used for, but are not be limited to, WSSAPIs, JAAS login modules, and custom security tokens.
The GenericSecurityTokenFactory provides several SPIs to create custom tokens that can be emitted with the GenericIssuedTokenGenerateLoginModule or as a custom token.
A custom security token that is created with the GenericSecurityTokenFactory is the complete form of a security token that can be emitted by the WS-Security run time. We do not have to write an emitter or receiver, such as writeExternal or readExternal, for the token you create using these SPIs. Only two pieces of information are required:
- The token element, which is either Axiom or w3c.dom implementation
- The value type
In the following steps, the custom token being created is a UsernameToken. This token is was selected as the custom token to create because it is a well-known form, and has a good mix of elements, sub-elements, and attributes. To determine the methods you need to use to build our own custom tokens, look at the XML for a UsernameToken, and match it up with what is being done in the methods included in one of the following steps.
- Create a custom token from a w3c.dom element.
import javax.xml.soap.SOAPElement; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import javax.xml.namespace.QName; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); SOAPElement untElement = getDomUntElement("myUsername", "myPassword", gstFactory.createUniqueId()); QName valueType = new QName("", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"); SecurityToken unt = GenericSecurityTokenFactory.getToken(untElement, valueType); - Create a custom token from an Axiom element.
import org.apache.axiom.om.OMElement; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import javax.xml.namespace.QName; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); OMElement untElement = getAxiomUntElement("myUsername", "myPassword", gstFactory.createUniqueId()); QName valueType = new QName("", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"); SecurityToken unt = GenericSecurityTokenFactory.getToken(untElement, valueType); - Create a w3c.dom custom token element.
import javax.xml.soap.SOAPFactory; import javax.xml.soap.SOAPElement; SOAPElement getDomUntElement(String username, String password, String uniqueId) { SOAPFactory factory = SOAPFactory.newInstance(); //Create the UsernameToken element SOAPElement untElement = factory.createElement("UsernameToken", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); untElement.addAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "utl"), uniqueId); //Create the Username element SOAPElement unameElement = factory.createElement("Username", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); unameElement.addTextNode(username); //Add the Username element to the UsernameToken untElement.addChildElement(unameElement); if (password != null) { //Create the Password element SOAPElement passElement = factory.createElement("Password", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); passElement.addAttribute(new QName("Type"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); passElement.addTextNode(password); //Add the Password element to the UsernameToken untElement.addChildElement(passElement); } return untElement;} - Example 4: Create an Axiom custom token element.
Example #4 Create a Axiom custom token element import org.apache.axiom.om.OMAbstractFactory; import org.apache.axiom.om.OMFactory; import org.apache.axiom.om.OMElement; import org.apache.axiom.om.OMNamespace; OMElement getAxiomUntElement(String username, String password, String uniqueId) { OMFactory factory = OMAbstractFactory.getOMFactory(); //Create the UsernameToken element OMElement untElement = factory.createOMElement("UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); OMNamespace idNs = factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "utl"); untElement.addAttribute("Id", uniqueId, idNs); //Create the Username element OMElement unameElement = factory.createOMElement("Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); unameElement.setText(username); //Add the Username element to the UsernameToken untElement.addChild(unameElement); if (password != null) { //Create the Password element OMElement passElement = factory.createOMElement("Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); passElement.addAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText", null); passElement.setText(password); //Add the Password element to the UsernameToken untElement.addChild(passElement); } return untElement;}
Related
Create fully-populated username tokens for Web services security for use by Generic Issue Login Modules
Generate and Consuming custom tokens with the Generic Issue Login Modules