Securing Web services for version 5.x applications using a pluggable token

To use pluggable tokens to secure your Web services, you must configure both the client request sender and the server request receiver. You can configure your pluggable tokens by using either the WebSphere Application Server administrative console or the Application Server Toolkit.

About this task

Important: There is an important distinction between Version 5.x and Version 6.0.x and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.
WebSphere Application Server provides several different methods to secure your Web services. A pluggable token is one of these methods. You might secure your Web services by using any of the following methods:
  • XML digital signature
  • XML encryption
  • Basicauth authentication
  • Identity assertion authentication
  • Signature authentication
  • Pluggable token
Complete the following steps to secure your Web services using a pluggable token:

Procedure

  1. Generate a security token using the Java Authentication and Authorization Service (JAAS) CallbackHandler interface. The Web services security runtime uses the JAAS CallbackHandler interface as a plug-in to generate security tokens on the client side or when Web services is acting as a client.
  2. Develop a JAAS login module to authenticate the security token of an incoming request.
  3. Configure your pluggable token. For more information, see the following tasks:



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 4:28:44 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-mp&topic=twbs_secplugtoken
File name: twbs_secplugtoken.html