Securing Web services for version 5.x applications using a pluggable token
To use pluggable tokens to secure your Web services, configure both the client request sender and the server request receiver. You can configure your pluggable tokens by using either the WAS administrative console or the Application Server Toolkit.
Overview
There is an important distinction between V5.x and V6.0.x and later applications. The information in this article supports V5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V6.0.x and later applications. WebSphere Application Server provides several different methods to secure your Web services. A pluggable token is one of these methods. You might secure your Web services by using any of the following methods:
- XML digital signature
- XML encryption
- Basicauth authentication
- Identity assertion authentication
- Signature authentication
- Pluggable token
Complete the following steps to secure your Web services using a pluggable token:
Procedure
- Generate a security token using the Java Authentication and Authorization Service (JAAS) CallbackHandler interface. The Web services security runtime uses the JAAS CallbackHandler interface as a plug-in to generate security tokens on the client side or when Web services is acting as a client.
- Configure your pluggable token. For more information, see the following tasks:
Configure pluggable tokens using an assembly tool
Configure pluggable tokens using the console
Pluggable token support
Configure the client for LTPA token authentication: specifying LTPA token authentication
Configure the client for LTPA token authentication: collecting the authentication method information
Configure the server to handle LTPA token authentication information
Configure the server to validate LTPA token authentication information
Related concepts
LTPA
Related tasks
Securing Web services for V5.x applications based on WS-Security