WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services > Use Web Services Security SPIs
Create fully-populated username tokens for Web services security for use by Generic Issue Login Modules
We can use the GenericSecurityTokenFactory APIs to create fully-populated UsernameToken security tokens for use by the WS-Security runtime. These security tokens can be used for, but are not be limited to, WSSAPIs, and JAAS login modules.
The GenericSecurityTokenFactory provides several APIs used to create UsernameTokens that can be emitted with the GenericIssuedTokenGenerateLoginModule.
When a fully-populated UsernameToken is created using a GenericSecurityTokenFactory API, the token is the complete form of a security token that can be emitted by the WS-Security run time. After the token is created, the username and password in the token cannot be modified. Therefore, determine the type of token to create, and then issue commands, similar to the ones specified in one of the following steps, to create your token.
- Create a UsernameToken with a username and password.
import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); UsernameToken myUnt = gstFactory.getFullUsernameToken("myUsername", "myPassword".toCharArray()); - Create a UsernameToken with a Username and timestamp, but no password.
import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); UsernameToken myUnt = gstFactory.getFullUsernameToken("myUsername", null, true); - Create a JAAS login module that can be stacked on top of GenericIssuedTokenGenerateLoginModule to emit a UsernameToken.
package test.tokens; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import java.util.HashMap; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import com.ibm.websphere.wssecurity.wssapi.token.UsernameToken; import java.util.ArrayList; public class MyUntGenerator implements LoginModule { private Map _sharedState; private Map _options; private CallbackHandler _handler; public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { this._handler = callbackHandler; this._sharedState = sharedState; this._options = options; } public boolean login() throws LoginException { GenericSecurityTokenFactory factory = null; try { factory = GenericSecurityTokenFactory.getInstance(); } catch (Exception e) { throw new LoginException(e.toString()); } if (factory == null) { throw new LoginException("GenericSecurityTokenFactory.getInstance() returned null"); } UsernameToken unt = null; try { //The userid and password can be obtained however you want unt = factory.getFullUsernameToken("myUsername", "myPassword".toCharArray()); } catch (Exception e) { throw new LoginException(e.toString()); } if (unt == null) { throw new LoginException("unt is null"); } //Put the token in a list on the shared state where it will be available to be used by //stacked login modules factory.putGeneratorTokenToSharedState(_sharedState, unt); return true; } public boolean logout() throws LoginException { return false; } public boolean abort() throws LoginException { return false; } public boolean commit() throws LoginException { return true; }} -
Related
Create custom security tokens for Web services security using the GenericSecurityTokenFactory SPIs
Generate and Consuming custom tokens with the Generic Issue Login Modules