In WebSphere Application Server Version 6, the security handlers are responsible for propagating security tokens. These security tokens are embedded in the Simple Object Access Protocol (SOAP) security header and passed to downstream servers. The security tokens are encapsulated in the implementation classes for the com.ibm.wsspi.wssecurity.auth.token.Token interface. You can retrieve the security token data from either a server application or a client application.
With a client application, the application serves as the request generator and the response consumer and runs as the Java 2 Platform,
Enterprise Edition (J2EE) client application. The consumer component for Web services security stores the security tokens that it receives in one of the properties of the MessageContext object for the current Web services call.
You can retrieve a set of token objects through the javax.xml.rpc.Stub interface of that Web Services call. You must know which security tokens to retrieve and their token IDs in case multiple security tokens are included in the SOAP
security header. Complete the following steps to retrieve the security token data from a client application:
java.util.Hashtable t; javax.xml.rpc.Service serv = ...; MyWSPortType pt = (MyWSPortType)serv.getPort(MyWSPortType.class); t = (Hashtable)((javax.xml.rpc.Stub)pt)._getProperty( com.ibm.wsspi.wssecurity.Constants.WSSECURITY_TOKEN_PROPERGATION);
com.ibm.wsspi.wssecurity.auth.token.UsernameToken unt; if (t != null) { unt = (com.ibm.wsspi.wssecuty.auth.token.UsernameToken)t.get("..."); }
ResultAfter completing these steps, you have retrieved the security tokens from the JAAS Subject in a client application
Related concepts
Security token
Related tasks
Configuring Java 2 security
Configuring Java 2 security policy files