Why and when to perform this task
In WebSphere Application Server Version 6.0.x, the security handlers are responsible for propagating security tokens. These security tokens are embedded in the Simple Object Access Protocol (SOAP) security header and passed to downstream servers. The security tokens are encapsulated in the implementation classes for the com.ibm.wsspi.wssecurity.auth.token.Token interface. You can retrieve the security token data from either a server application or a client application.
With a server application, the application acts as the request consumer and the response generator, is deployed, and runs in the Java 2 Platform, Enterprise Edition (J2EE) container. The consumer component for Web services security stores the security tokens that it receives in the Java Authentication and Authorization Service (JAAS) Subject of the current thread. You can retrieve the security tokens from the JAAS Subject that is maintained as a local thread in the container. Complete the following steps to retrieve the security token data from a server application:
Steps for this task
javax.security.auth.Subject subj; try { subj = com.ibm.websphere.security.auth.WSSubject.getCallerSubject(); } catch (com.ibm.websphere.security.WSSecurityException e) { … }
Set s = (Set) AccessController.doPrivileged( new PrivilegedAction() { public Object run() { return subj.getPrivateCredentials(); } });
com.ibm.wsspi.wssecurity.auth.token.UsernameToken unt; Iterator it = s.iterator(); while (it.hasNext()) { Object obj = it.next(); if (obj != null && obj instanceOf com.ibm.wsspi.wssecurity.auth.token.UsernameToken) { unt =(com.ibm.wsspi.wssecurity.auth.token.UsernameToken) obj; if (unt.getId().equals(“…”)) break; else continue; } }
Result
After completing these steps, you have retrieved the security tokens from the JAAS Subject in a server applicationRelated concepts
Security token
Related tasks
Configuring Java 2 security
Configuring Java 2 security policy files
Securing Web services for version 6.0.x applications based on WS-Security