Specify a class name in the Callback handler class name field.
This class name is the name of the callback handler implementation class
that is used to plug-in a security token framework. The specified callback
handler class must implement the javax.security.auth.callback.CallbackHandler
interface and must provide a constructor using the following syntax:MyCallbackHandler(String username, char[] password, java.util.Map properties)
Where:
- username
- Specifies the user name that is passed into the configuration.
- password
- Specifies the password that is passed into the configuration.
- properties
- Specifies the other configuration properties that are passed into the
configuration.
This constructor is required if the callback handler
needs a user name and a password. However, if the callback handler does not
need a user name and a password, such as X509CallbackHandler, use a constructor
with the following syntax:
MyCallbackHandler(java.util.Map properties)
WebSphere
Application Server provides the following default callback handler implementations:
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This callback handler uses a login prompt to gather the user name and
password information. However, if you specify the user name and password on
this panel, a prompt is not displayed and WebSphere Application Server returns
the user name and password to the token generator. Use this implementation
for a Java 2 Platform, Enterprise Edition (J2EE) application client only.
If you use this implementation, you must provide a basic authentication user
ID and password on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This callback handler does not issue a prompt and returns the user name
and password if it is specified on this panel. You can use this callback handler
when the Web service is acting as a client. If you use this implementation,
you must provide a basic authentication user ID and password on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This callback handler uses a standard-in prompt to gather the user name
and password. However, if the user name and password is specified on this
panel, WebSphere Application Server does not issue a prompt, but returns the
user name and password to the token generator. Use this implementation for
a Java 2 Platform, Enterprise Edition (J2EE) application client only. If you
use this implementation, you must provide a basic authentication user ID and
password on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.LTPATokenCallbackHandler
- This callback handler is used to obtain the Lightweight Third Party Authentication
(LTPA) security token from the Run As invocation Subject. This token is inserted
in the Web services security header within the SOAP message as a binary security
token. However, if the user name and password are specified on this panel,
WebSphere Application Server authenticates the user name and password to obtain
the LTPA security token rather than obtaining it from the Run As Subject.
Use this callback handler only when the Web service is acting as a client
on the application server. It is recommended that you do not use this callback
handler on a J2EE application client. If you use this implementation, you
must provide a basic authentication user ID and password on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.X509CallbackHandler
- This callback handler is used to create the X.509 certificate that is
inserted in the Web services security header within the SOAP message as a
binary security token. A keystore and a key definition is required for this
callback handler. If you use this implementation, you must provide a key store
password, path, and type on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.PKCS7CallbackHandler
- This callback handler is used to create X.509 certificates encoded with
the PKCS#7 format. The certificate is inserted in the Web services security
header in the SOAP message as a binary security token. A keystore is required
for this callback handler. You can specify a certificate revocation list (CRL)
in the collection certificate store. The CRL is encoded with the X.509 certificate
in the PKCS#7 format. If you use this implementation, you must provide a key
store password, path, and type on this panel.
- com.ibm.wsspi.wssecurity.auth.callback.PkiPathCallbackHandler
- This callback handler is used to create X.509 certificates encoded with
the PkiPath format. The certificate is inserted in the Web services security
header within the SOAP message as a binary security token. A keystore is required
for this callback handler. A CRL is not supported by the callback handler;
therefore, the collection certificate store is not required or used. If you
use this implementation, you must provide a key store password, path, and
type on this panel.
The callback handler implementation obtains the required
security token and passes it to the token generator. The token generator inserts
the security token in the Web services security header within the SOAP message.
Also, the token generator is a plug-in point for the pluggable security token
framework. Service providers can provide their own implementation, but the
implementation must use the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent
interface.