使用 GenericSecurityTokenFactory SPI 为 Web Service 安全性创建定制安全性令牌
使用 GenericSecurityTokenFactory SPI 来创建定制安全性令牌以用于 WS-Security 运行时。这些安全性令牌可以用于(但是不限于)WSSAPI、JAAS 登录模块和定制安全性令牌。
关于此任务
GenericSecurityTokenFactory 提供若干 SPI 来创建定制令牌,这些令牌可以随 GenericIssuedTokenGenerateLoginModule 一起发出。
以 GenericSecurityTokenFactory 创建的定制安全性令牌是 WS-Security 运行时可以发布的安全性令牌的完整形式。您无需为使用这些 SPI 创建的令牌编写发送方或接收方(例如 writeExternal 或 readExternal)。只需两条信息:
- 令牌元素,为 Axiom 或 w3c.dom 实施
- 值类型
在以下步骤中,创建的定制令牌是 UsernameToken。我们已选择此令牌作为要创建的定制令牌,因为这是众所周知的格式且具有元素、子元素和属性的良好混合。要确定用来构建您自己的定制令牌所需的方法,请查看 UsernameToken 的 XML,然后将该 XML 与下列其中一个步骤中包含的方法内完成的操作匹配。
过程
- 从字符串创建定制令牌
import javax.xml.namespace.QName; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; //Create a UsernameToken SecurityToken from a String final String untString="<sec:UsernameToken utl:ID=\"_unt999\" xmlns:sec=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"xmlns:utl=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">"+ "<sec:Username>myUsername</sec:Username>"+ "<sec:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">myPassword</sec:Password>"+ "</sec:UsernameToken>"; GenericSecurityTokenFactory gst = GenericSecurityTokenFactory.getInstance(); QName valueType = new QName("", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"); SecurityToken unt = gst.getToken(untString,valueType); //Create a custom SecurityToken from a String final String customString="<acme:MyToken xmlns:acme=\"http://www.acme.com\""+ "xmlns:utl=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" utl:Id=\"cust_3\">"+ "<acme:Email>joe.smith@acme.com</acme:Email>"+ "</acme:MyToken>"; QName custValueType = new QName("http://www.acme.com","MyToken"); SecurityToken custSt = gst.getToken(customString, custValueType);
- 从 w3c.dom 元素创建定制令牌。
import javax.xml.soap.SOAPElement; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import javax.xml.namespace.QName; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); SOAPElement untElement = getDomUntElement("myUsername", "myPassword", gstFactory.createUniqueId()); QName valueType = new QName("", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"); SecurityToken unt = gstFactory.getToken(untElement, valueType);
- 从 Axiom 元素创建定制令牌。
import org.apache.axiom.om.OMElement; import com.ibm.websphere.wssecurity.wssapi.token.GenericSecurityTokenFactory; import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken; import javax.xml.namespace.QName; ... GenericSecurityTokenFactory gstFactory = GenericSecurityTokenFactory.getInstance(); OMElement untElement = getAxiomUntElement("myUsername", "myPassword", gstFactory.createUniqueId()); QName valueType = new QName("", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken"); SecurityToken unt = gstFactory.getToken(untElement, valueType);
- 创建 w3c.dom 定制令牌元素。
import javax.xml.soap.SOAPFactory; import javax.xml.soap.SOAPElement; SOAPElement getDomUntElement(String username, String password, String uniqueId) { SOAPFactory factory = SOAPFactory.newInstance(); //Create the UsernameToken element SOAPElement untElement = factory.createElement("UsernameToken", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); untElement.addAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "utl"), uniqueId); //Create the Username element SOAPElement unameElement = factory.createElement("Username", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); unameElement.addTextNode(username); //Add the Username element to the UsernameToken untElement.addChildElement(unameElement); if (password != null) { //Create the Password element SOAPElement passElement = factory.createElement("Password", "sec", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); passElement.addAttribute(new QName("Type"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"); passElement.addTextNode(password); //Add the Password element to the UsernameToken untElement.addChildElement(passElement); } return untElement; }
- 创建 Axiom 定制令牌元素。
import org.apache.axiom.om.OMAbstractFactory; import org.apache.axiom.om.OMFactory; import org.apache.axiom.om.OMElement; import org.apache.axiom.om.OMNamespace; OMElement getAxiomUntElement(String username, String password, String uniqueId) { OMFactory factory = OMAbstractFactory.getOMFactory(); //Create the UsernameToken element OMElement untElement = factory.createOMElement("UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); OMNamespace idNs = factory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "utl"); untElement.addAttribute("Id", uniqueId, idNs); //Create the Username element OMElement unameElement = factory.createOMElement("Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); unameElement.setText(username); //Add the Username element to the UsernameToken untElement.addChild(unameElement); if (password != null) { //Create the Password element OMElement passElement = factory.createOMElement("Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "sec"); passElement.addAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText", null); passElement.setText(password); //Add the Password element to the UsernameToken untElement.addChild(passElement); } return untElement; }


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twbs_createcustomtokens
文件名:twbs_createcustomtokens.html