Add and receive the custom authentication token during WebSphere Application Server logins.
This task is typically accomplished by adding a custom login
module to the various application and system login configurations.
However, to deserialize the information you must plug in a custom
login module. After the object is instantiated in the login module,
you can add the object to the Subject during the commit method.If
you only want to add information to the Subject to get propagated,
see Propagating a custom Java serializable object for security attribute propagation. If
you want to ensure that the information is propagated, do your own
custom serialization, or specify the uniqueness for Subject caching
purposes, consider writing your own authentication token implementation.
The
code sample in Example: A custom authentication token login module, shows how to determine if the login is an
initial login or a propagation login. The difference between these
login types is whether the WSTokenHolderCallback callback contains
propagation data. If the callback does not contain propagation data,
initialize a new custom authentication token implementation and set
it into the Subject. If the callback contains propagation data, look
for your specific custom authentication token TokenHolder instance,
convert the byte array back into your custom AuthenticationToken object,
and set it back into the Subject. The code sample shows both instances.
You
can make your authentication token read-only in the commit phase of
the login module. If you do not make the token read-only, attributes
can be added within your applications.