To authenticate a UsernameToken with a caller part without accessing the WebSphere Application Server registry, you can replace the authentication method of the UsernameToken consumer and configure the caller to use an alternative Java Authentication and Authorization Service (JAAS) login configuration.
This information applies only to Java API for XML-based RPC (JAX-RPC) web services.
By default, the default JAAS login module that is used with the web Services Security UsernameToken consumer, UsernameLoginModule, always validates the user name and password that are contained within the token against the WebSphere registry. You can configure a custom property to circumvent this registry check. When a caller part is added to the WS-Security constraints for a service provider, the user name and password that are contained in the UsernameToken are also validated against the WebSphere registry. This validation occurs in the com.ibm.ws.security.server.lm.ltpaLoginModule module that is part of the system.DEFAULT Java Authentication and Authorization Service (JAAS)configuration stack, as shown in the following example.
com.ibm.ws.security.server.lm.ltpaLoginModule
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule
The WebSphere Application Server WS-Security run time does not support the use of a JAAS configuration for the caller part that does not include these two login modules. However, you can add your own custom login modules to this JAAS configuration stack.
Refer to "Configuring the caller in consumer security constraints" topic in the IBM Rational Application Developer information center.