The token processing and pluggable token architecture in the Web
Service Security runtime for IBM WebSphere Application Server Version 6.1
Feature Pack has been redesign to reuse the same security token interface
and JAAS Login Module from the Web Services Security APIs (WSS API). The same
implementation of token creation and validation can be used in both the WSS
API and the WSS SPI in the Web Service Security runtime.
In IBM WebSphere Application Server Version 6.1 Feature Pack for
Web Services, the new design removes the need for the following interfaces
from WebSphere Application Server Version 6.1:
- Token Generator (com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent)
- Token Consumer (com.ibm.wsspi.wssecurity.token.TokenConsumerComponent)
- Key Locator (com.ibm.wsspi.wssecurity.keyinfo.KeyLocator)
However, if your applications continue to use JAX-RPC and deployment
descriptors for configuration instead of using the Feature Pack for Web Services,
these Version 6.1 interfaces are still valid.
Note that the key name
(KeyName) element is not supported in the Feature Pack for Web Services because
there is no KeyName policy assertion defined in the current OASIS Web Services
Security draft specification. For similar reasons, a SAML token is not supported
in the Feature Pack for Web Services out of the box.
JAAS callback handler and the JAAS login module
Using
the new design in the Feature Pack for Web Services, the Java Authentication
and Authorization Service (JAAS) callback handler (CallbackHandler) and the
JAAS login module (LoginModule) implementations are responsible for creating
the security token on the generator side and validating (authenticating) the
security token on the consumer side.
For example, on the generator
side, the Username token is created by the JAAS LoginModule and using the
JAAS CallbackHandler to pass the authentication data. The JAAS LoginModule
creates the Username SecurityToken object and passes it to the Web services
security runtime.
Then, on the consumer side, the Username Token XML
format is passed to the JAAS LoginModule for validation or authentication.
The token consumer class name for the response consumer must be similar to
the token generator class name for the request generator. For example, if
your application requires a Username token consumer, you can specify the com.ibm.wsspi.wssecurity.token.UsernameTokenGenerator
class name for the token generator and the com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer
class name for the token consumer.
The JAAS CallbackHandler is used
to pass authentication data from the Web services security runtime to the
LoginModule. If successful, after the token is authenticated, a Username SecurityToken
object is created and passed it to the Web Service Security runtime.
The
SPI implementation provides a com.ibm.wsspi.wssecurity.SoapSecurityException
exception if an error condition occurs. This class is the same implementation
as the class used in WebSphere Application Server Version 6.1.
Generator side
The token generator class must implement
the com.ibm.websphere.wssecurity.wssapi.token.Generatable interface. The token
generator class name for the request generator must be similar to the token
consumer class name for the request consumer. For example, if your application
requires a security token generator, you can specify the com.ibm.websphere.wssecurity.wssapi.token.SecurityTokenImpl
class name.
The JAAS Login Module implementation handles the following
arguments from the default token generator to the JAAS LoginModule:
Default
token generator > LoginModule
- Message context: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT
- Configuration of the token generator: TokenGeneratorConfig.CONFIG_KEY
- The type of key information: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE
The
types of key information include: EMB, KEYID, STRREF, THUMBPRINT, or X509ISSUER.
- The type of key: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
The
types of key include a SigningKey or an EncryptingKey.
- The parent OMElement of the token to be generated: com.ibm.ws.wssecurity.common.Constants.PROCESSING_ELEMENT
- The encoding style of the key identifier, if it is used: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING
The JAAS Login Module implementation handles the following arguments
from the JAAS login module to the default token generator:
- The security token, or a list of security tokens, that is constructed
in the login module: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
- The flag that indicates whether or not the security token, or a list of
security tokens, that is constructed in the login module is inserted to the
message: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_ELEM_INSERT_TO_MESSAGE
Generator - Service Provider Interfaces
This information
describes the default implementations of the service provider interfaces (SPI)
for Web services security used with the Feature Pack for Web Services on the
generator side:
- com.ibm.wsspi.wssecurity.SoapSecurityException
- This exception class is used by an implementation of com.ibm.wsspi.wssecurity.SoapSecurity
to communicate the exception and errors to the Web services security runtime.
This class is the same implementation that is used for WebSphere Application
Server Version 6.1.
- com.ibm.wsspi.wssecurity.core.messageContext
- This interface is used to define the MessageContext instance on the generator
side. The default implementation is com.ibm.ws.wssecurity.impl.core.messageContext,
which enables you to define the MessageContext instance for Web Services Security.
- com.ibm.wsspi.wssecurity.keyinfo.keytype
- This interface is used to define the type of SigningKey or EncryptingKey
to be used for the signature or encryption, respectively, on the generator
side. The default implementation is com.ibm.ws.wssecurity.impl.keyinfo.keytype,
which enables you to define the signing or encryption key.
- com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
- This interface is used to define the algorithm to be used for the signing
or encryption operation on the generator side. There is no default implementation
to define for SignatureGenerator or EncryptionGenerator..
- com.ibm.wsspi.wssecurity.keyinfo.type
- This interface is used to define the type of key information to be used
on the generator side. There is no default implementation to define the EncryptionGenerator.
The default implementation is com.ibm.ws.wssecurity.impl.keyinfo.type, which
enables you to define the type of key information for CommonContentGenerator.
The following types of keys can be defined: EMB, KEYID, STRREF, THUMBPRINT,
X509ISSUER.encryption key.
- com.ibm.wsspi.wssecurity.keyinfo.Encoding
- This interface is used to define the encoding type of key identifier if
the CommonContentGenerator invokes the CommonTokenGenerator with the KEYID
or THUMBPRINT type of key information on the generator side. The default implementation
is com.ibm.ws.wssecurity.impl.keyinfo.Encoding, which enables you to define
the encoding type of key information for CommonContentGenerator.
- com.ibm.wsspi.wssecurity.keyinfo.idType
- This interface is used to define the calculation method of key identifier
if the CommonContentGenerator invokes the CommonTokenGenerator with the KEYID
type of key information on the generator side. The default implementation
is com.ibm.ws.wssecurity.impl.token.loginInfo, which enables you to define
the calculation method of key identifier for CommonContentGenerator.
- com.ibm.wsspi.wssecurity.token.loginInfo
- This interface is used to define the security token that the JAAS Login
Module creates on the generator side. The default implementation is com.ibm.ws.wssecurity.impl.token.loginInfo,
which enables you to define the security token for CommonContentGenerator.
- com.ibm.wsspi.wssecurity.config.tokenGenerator.configKey
- This interface is used to define the configuration of the token generator
that the JAAS Login Module creates on the generator side. The default implementation
is com.ibm.ws.wssecurity.impl.config.tokenGenerator.configKey, which enables
you to define the configuration of the token generator token for CommonTokenGenerator.
- com.ibm.wsspi.wssecurity.core.processingElement
- This interface is used to define the configuration of the token generator
that the JAAS Login Module creates on the generator side. There is no default
implementation to define for CommonTokenGenerator.
Generator - property names and values
Custom properties
are name-value pairs of data that are passed to and from the JAAS Login Module
during configuration on the generator side.
The Property name column
displays the name of the custom property. The name must match the name of
a configuration property or setting that the JAAS Login Module understands
and expects. The Property value column displays the configuration setting
that is passed to the JAAS Login Module during configuration.
Table 1. WSSGenerator
> JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT
com.ibm.wsspi.wssecurity.core.messageContext
|
The MessageContext instance. |
Table 2. SignatureGenerator > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
com.ibm.wsspi.wssecurity.keyinfo.keytype
|
The type of key: SigningKey. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ALGORITHM
com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
|
The algorithm used for signing operation. |
Table 3. EncryptionGenerator > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
com.ibm.wsspi.wssecurity.keyinfo.keytype
|
The type of key: EncryptingKey. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ALGORITHM
com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
|
The algorithm used for encryption operation. |
Table 4. CommonContentGenerator > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE
com.ibm.wsspi.wssecurity.keyinfo.type
|
The type of key information: EMB, KEYID, STRREF,
THUMBPRINT, X509ISSUER. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING
com.ibm.wsspi.wssecurity.keyinfo.Encoding
|
The encoding type of key identifier if the CommonContentGenerator
invokes the CommonTokenGenerator with the KEYID or THUMBPRINT type of key
information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE
com.ibm.wsspi.wssecurity.keyinfo.idType
|
The calculation method of key identifier if the
CommonContentGenerator invokes the CommonTokenGenerator with the KEYID type
of key information. |
Table 5. CommonContentGenerator < JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
com.ibm.wsspi.wssecurity.token.loginInfo
|
The security token that the JAAS Login Module creates. |
Table 6. CommonTokenGenerator > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig.CONFIG_KEY
com.ibm.wsspi.wssecurity.config.tokenGenerator.configKey
|
The configuration of the token generator. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_PROCESSING_ELEMENT
com.ibm.wsspi.wssecurity.core.processingElement
|
The parent element of the security token. |
Table 7. CommonTokenGenerator < JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
|
A list of security tokens or one security token
that the JAAS Login Module creates. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_ELEM_INSERT_TO_MESSAGE
|
True if the security tokens received from the JAAS
Login Module are inserted into the message. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_REFERENCED_TOKEN
|
The security token referenced by other tokens in
the list. The token is inserted first in the <wsse:Security> header. |
Consumer side
The JAAS Login Module implementation
handles the following arguments from the default token consumer to the JAAS
LoginModule:
Default token consumer > JAAS LoginModule
- Message context: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT
- Configuration of the token consumer: TokenConsumerConfig.CONFIG_KEY
- The type of key information: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE
The
types of key information include: EMB, KEYID, STRREF, THUMBPRINT, or X509ISSUER.
- The type of key: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
The
types of key include a VerifyingKey or an DecryptingKey.
- The reference URI of the token, for example when the type of key information
is STRREF: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE
- The key identifier of the token, for example when the type of key information
is KEYID: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID
- The target OMElement of the token to be consumed: com.ibm.ws.wssecurity.common.Constants.PROCESSING_ELEMENT
- The encoding style of the key identifier, if it is used: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING
- The value type of the key identifier, if it is used: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE
- The identifier of the <wsse:Embedded> element when the type of key
information is EMB: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_EMB_ID
- The subject distinguished name (DN) of the issuer of the certificate when
the type of key information is X509ISSUER: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERNAME
- The issuer serial number of the certificate when the type of key information
is X509ISSUER: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERSERIAL
The JAAS Login Module implementation handles the following arguments
from the JAAS LoginModule to the default token consumer:
- The security token that is constructed in the login module: com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
Consumer - Service Provider Interfaces
The following
information describes the default implementations of the service provider
interfaces (SPI) for Web services security used with Feature Pack for Web
Services on the consumer side:
- com.ibm.wsspi.wssecurity.core.messageContext
- This interface is used to define the MessageContext instance for Web services
security on the consumer side. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT.
- com.ibm.wsspi.wssecurity.keyinfo.keytype
- This interface is used to define the type of the verifying key to be used
for the signature verification on the consumer side. The default implementation
is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE.
- com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
- This interface is used to define the verifying key algorithm to be used
for the verifying operation on the consumer side. The default implementation
is . com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ALGORITHM.
- com.ibm.wsspi.wssecurity.keyinfo.keytype
- This interface is used to define the type of decryption key information
to be used for CommonContentConsumer on the consumer side. The default implementation
is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE.
- com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
- This interface is used to define the algorithm to be used for the decryption
key on the consumer side. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE.
- com.ibm.wsspi.wssecurity.keyinfo.type
- This interface is used to define the type of key to be used on the consumer
side. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE.
The possible types of key information are EMB, KEYID, STRREF, THUMBPRINT,
and X509ISSUER.
- com.ibm.wsspi.wssecurity.keyinfo.embeddedId
- This interface is used to define the identifier of the <wsse:Embedded>
element. CommonContentConsumer involves the common Token Consumer with the
EMB type of information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_EMBID.
- com.ibm.wsspi.wssecurity.keyinfo.id
- This interface is used to define the key identifier of the token if the
CommonContentConsumer invokes the CommonTokenConsumer with the KEYID type
of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID
- com.ibm.wsspi.wssecurity.keyinfo.thumbprintReference
- This interface is used to define the thumbprint reference of the token
if the CommonContentConsumer invokes the CommonTokenConsumer with the THUMBPRINT
type of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_THUMBPRINT_REFERENCE.
- com.ibm.wsspi.wssecurity.keyinfo.reference
- This interface is used to define the reference URI of the token if the
CommonContentConsumer invokes the CommonTokenConsumer with the STRREF type
of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE.
- com.ibm.wsspi.wssecurity.keyinfo.issuerName
- This interface is used to define the issuer name of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the X509ISSUER type of key information.
The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERNAME.
- com.ibm.wsspi.wssecurity.keyinfo.issuerSerial
- This interface is used to define the issuer serial number of the token
if the CommonContentConsumer invokes the CommonTokenConsumer with the X509ISSUER
type of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERSERIAL.
- com.ibm.wsspi.wssecurity.keyinfo.ValueType
- This interface is used to define the value type of key identifier if the
CommonContentConsumer invokes the CommonTokenConsumer with the KEYID or THUMBPRINT
type of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE.
- com.ibm.wsspi.wssecurity.keyinfo.Encoding
- This interface is used to define the encoding type of key identifier if
the CommonContentConsumer invokes the CommonTokenConsumer with the KEYID or
THUMBPRINT type of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING.
- com.ibm.wsspi.wssecurity.keyinfo.idType
- This interface is used to define the calculation method of key identifier
if the CommonContentConsumer invokes the CommonTokenConsumer with the KEYID
type of key information. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE.
- com.ibm.wsspi.wssecurity.token.loginInfo
- This interface is used to define the security token that the JAAS Login
Module creates. The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO.
- com.ibm.wsspi.wssecurity.config.tokenConsumer.configKey
- This interface is used to define the configuration of the token consumer.
The default implementation is com.ibm.wsspi.wssecurity.core.config.TokenConsumerConfig.CONFIG_KEY.
- com.ibm.wsspi.wssecurity.core.processingElement
- This interface is used to define the target security token element if
the WSSConsumer directly invokes the CommonTokenConsumer or the CommonContentConsumer
invokes the CommonTokenConsumer with the EMB type of key information. The
KeyInfo element if the CommonContentConsumer invokes the CommonTokenConsumer
with the KEYID, STRREF, THUMBPRINT, or X509ISSUER type of key information.
The default implementation is com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_PROCESSING_ELEMENT.
Consumer - property names and values
Custom properties
are name-value pairs of data that are passed to and from the JAAS Login Module
during configuration on the consumer side.
The Property name column
displays the name of the custom property. The name must match the name of
a configuration property or setting that the JAAS Login Module understands
and expects. The Property value column displays the configuration setting
that is passed to the JAAS Login Module during configuration.
Table 8. WSSConsumer
> JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT
|
The MessageContext instance. |
Table 9. SignatureConsumer > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
com.ibm.wsspi.wssecurity.keyinfo.typetype
|
The type of key: VerifyingKey |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ALGORITHM
com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
|
The algorithm used for verifying operation. |
Table 10. EncryptionConsumer > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_TYPE
com.ibm.wsspi.wssecurity.keyinfo.keytype
|
The type of key: DecryptingKey. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ALGORITHM
com.ibm.wsspi.wssecurity.keyinfo.keyAlgorithm
|
The algorithm used for decryption operation. |
Table 11. CommonContentConsumer > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEYINFO_TYPE
com.ibm.wsspi.wssecurity.keyinfo.type
|
The type of key information: EMB, KEYID, STRREF,
THUMBPRINT, X509ISSUER |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_EMBID
com.ibm.wsspi.wssecurity.keyinfo.embeddedId
|
The identifier of the <wsse:Embedded> element
CommonContentConsumer involves the common Token Consumer with the EMB type
of information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ID
com.ibm.wsspi.wssecurity.keyinfo.id
|
The key identifier of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the KEYID type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_THUMBPRINT_REFERENCE
com.ibm.wsspi.wssecurity.keyinfo.thumbprintReference
|
The thumbprint reference of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the THUMBPRINT type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_REFERENCE
com.ibm.wsspi.wssecurity.keyinfo.reference
|
The reference URI of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the STRREF type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERNAME
com.ibm.wsspi.wssecurity.keyinfo.issuerName
|
The issuer name of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the X509ISSUER type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ISSUERSERIAL
com.ibm.wsspi.wssecurity.keyinfo.issuerSerial
|
The issuer serial number of the token if the CommonContentConsumer
invokes the CommonTokenConsumer with the X509ISSUER type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_VALUETYPE
com.ibm.wsspi.wssecurity.keyinfo.ValueType
|
The value type of key identifier if the CommonContentConsumer
invokes the CommonTokenConsumer with the KEYID or THUMBPRINT type of key information. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_ENCODING
com.ibm.wsspi.wssecurity.keyinfo.Encoding
|
The encoding type of key identifier if the CommonContentConsumer
invokes the CommonTokenConsumer with the KEYID or THUMBPRINT type of key information |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_KEY_IDTYPE
com.ibm.wsspi.wssecurity.keyinfo.idType
|
The calculation method of key identifier if the
CommonContentConsumer invokes the CommonTokenConsumer with the KEYID type
of key information. |
Table 12. CommonContentConsumer < JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
com.ibm.wsspi.wssecurity.token.loginInfo
|
The security token that the JAAS Login Module creates. |
Table 13. CommonTokenConsumer > JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
com.ibm.wsspi.wssecurity.token.loginInfo
|
The configuration of the token consumer. |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_PROCESSING_ELEMENT
com.ibm.wsspi.wssecurity.core.processingElement
|
The target security token element if the WSSConsumer
directly invokes the CommonTokenConsumer or the CommonContentConsumer invokes
the CommonTokenConsumer with the EMB type of key information. The KeyInfo
element if the CommonContentConsumer invokes the CommonTokenConsumer with
the KEYID, STRREF, THUMBPRINT, or X509ISSUER type of key information.
|
Table 14. CommonTokenConsumer < JAAS Login Module
Property name |
Property value |
com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_TOKEN_LOGININFO
com.ibm.wsspi.wssecurity.token.loginInfo
|
The security token that the JAAS Login Module creates. |