You can use the GenericSecurityTokenFactory SPIs to create
security tokens for use by the WS-Security runtime. These security
tokens can be used for, but are not be limited to, WSSAPIs, JAAS login
modules, and custom security tokens.
About this task
Through various method signatures, you can use the GenericSecurityTokenFactory
SPI to:
Generate a dynamic UsernameToken using a stacked JAAS login module
Create custom security tokens for Web services security
Generate and consume custom tokens with the Generic Issue Login
Modules.
Generate and consume dynamic X.509 tokens
using a stacked JAAS login module
Generate a dynamic LTPA token using a stacked
JAAS login module
Generate a dynamic Kerberos token using
a stacked JAAS login module
Replace the authentication method of the
UsernameToken consumer using a stacked JAAS login module
Generating a dynamic UsernameToken using a stacked JAAS login module
You can use the GenericSecurityTokenFactory APIs to create
fully-populated or simple UsernameToken security tokens for use by
the WS-Security runtime. These security tokens can be used for,
but are not be limited to, WSSAPIs, and JAAS login modules, or UNTGenerateLoginModule.
Generating and Consuming custom tokens with the Generic Issue Login Modules
The Generic Issued token generator and consumer, GenericIssuedTokenGenerateLoginModule,
and GenericIssuedTokenConsumeLoginModule, can be used in conjunction
with the GenericSecurityTokenFactory and GenericSecurityToken SPIs
to implement an end-to-end solution for a custom token. Generating
and consuming custom tokens with the Generic Issue Login Modules can
be done with either policy and bindings, or WSSAPIs.
Generating a dynamic LTPA token using a stacked JAAS login module
You can dynamically pass a username and password to the
LTPA token generator, LTPAGenerateLoginModule, when using WSS SPIs.
However, if you must use policy sets and bindings, you cannot do
this in a standard configuration because both the callback handler,
and the username and password in the callback handler are fixed values.
You can use policy sets and bindings to create dynamic Kerberos tokens
if a custom JAAS login module is used.
Generating and consuming SAML tokens using stacked JAAS login modules
You can use the GenericSecurityTokenFactory APIs to pass
a SAML token that you have created to the SAMLGenerateLoginModule
or GenericIssuedTokenGenerateLoginModule modules. You can also use
these APIs to obtain SAML tokens that are consumed by SAMLConsumeLoginModule
or GenericIssuedTokenConsumeLoginModule modules.
Generating a dynamic Kerberos token using a stacked JAAS login module
You can dynamically pass a username and password to the
Kerberos token generator, KRBGenerateLoginModule, when using WSSAPIs.
However, if you must use policy sets and bindings, you cannot dynamically
pass a username and password to the Kerberos token generator in a
standard configuration because both the callback handler and the username
and password in the callback handler are fixed values. Dynamic Kerberos
tokens can be created using policy sets and bindings if a custom JAAS
login module is used.
Replacing the authentication method of the UsernameToken consumer using a stacked JAAS login module
By default, the Web services security UsernameToken consumer,
UNTConsumeLoginModule, always validates the username and password
that are contained within the token against the WebSphere registry.
You can use the SPIs that GenericSecurityTokenFactory provides to
bypass this authentication method.
Configuring a UsernameToken caller configuration with no registry interaction
To authenticate a UsernameToken with a caller configuration
without accessing the WebSphere® registry,
you can replace the authentication method of the UsernameToken consumer
and configure the caller to use an alternative JAAS login configuration.
Last updated: April 18, 2014 05:01 AM CDT http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-iseries&topic=twbs_createwssectokens File name: twbs_createwssectokens.html