Why and when to perform this task
This topic explains how you might create your own propagation token implementation, which is set on the running thread and propagated downstream. The default propagation token usually is sufficient for propagating attributes that are not user-specific. Consider writing your own implementation if you want to accomplish one of the following tasks:To implement a custom propagation token, you must complete the following steps:
Steps for this task
After you implement this interface, you can place its classes in the install_dir/classes directory. Alternatively, you can place the class in any private directory. However, make sure that the WebSphere Application Server class loader can locate the class and is granted the appropriate permissions. You can add the Java archive (JAR) file or directory that contains this class into the server.policy file so that it has the required permissions by the server code.
To see an implementation of the propagation token, see Example: com.ibm.wsspi.security.token.PropagationToken implementation.
The code sample in Example: Custom propagation token login module shows how to determine if the login is an initial login or a propagation login. The difference between these login types is whether the WSTokenHolderCallback callback contains propagation data. If the callback does not contain propagation data, initialize a new custom propagation token implementation and set it on the thread. If the callback contains propagation data, look for your specific custom propagation token TokenHolder instance, convert the byte array back into your customer PropagationToken object, and set it back on the thread. The code sample shows both instances.
You can add attributes any time your custom propagation token is added to the thread. If you add attributes between requests and the getUniqueId method changes, the Common Secure Interoperability Version 2 (CSIv2) client session is invalidated so that it can send the new information downstream. Adding attributes between requests can affect performance. In many cases, you want the downstream requests to receive the new propagation token information.
To add the custom propagation token to the thread, call the WSSecurityPropagationHelper.addPropagationToken token. This call requires the WebSphereRuntimePerMission "setPropagationToken" Java 2 Security permission.
For information on how to add your custom login module to the existing login configurations, see Custom login module development for a system login configuration
Result
After completing these steps, you have implemented a custom PropagationToken.Related concepts
Security attribute propagation
Related reference
Custom login module development for a system login configuration