Secure web services for version 5.x applications using a pluggable token
To use pluggable tokens to secure the web services, configure both the client request sender and the server request receiver. We can configure the pluggable tokens using the WAS administrative console.
Important: There is an important distinction between Version 5.x and Version 6.0.x and later applications. The information supports Version 5.x applications only used with WAS v6.0.x and later. The information does not apply to Version 6.0.x and later applications.
WebSphere Application Server provides several different methods to secure the web services. A pluggable token is one of these methods. You might secure the Web services using any of the following methods:
- XML digital signature
- XML encryption
- Basicauth authentication
- Identity assertion authentication
- Signature authentication
- Pluggable token
Secure the web services using a pluggable token:
- Generate a security token using the JAAS CallbackHandler interface. The Web Services Security runtime uses the JAAS CallbackHandler interface as a plug-in to generate security tokens on the client side or when web services are acting as a client.
- Configure the pluggable token. For more information, see the following tasks:
- Configure pluggable tokens using an assembly tool
- Configure pluggable tokens using the administrative console
Related concepts
Secure web services Pluggable token support LTPA>
Related tasks
Configure pluggable tokens using an assembly tool Configure pluggable tokens using the administrative console Configure the client for LTPA token authentication: specifying LTPA token authentication Configure the client for LTPA token authentication: collecting the authentication method information Configure the server to handle LTPA token authentication information Configure the server to validate LTPA token authentication information