Generating a dynamic UsernameToken using a stacked JAAS login module
You can use the GenericSecurityTokenFactory APIs to create fully-populated or simple UsernameToken security tokens for use by the WS-Security runtime. These security tokens can be used for, but are not be limited to, WSSAPIs, and JAAS login modules, or UNTGenerateLoginModule.
About this task
The GenericSecurityTokenFactory provides several APIs that you can use to create UsernameTokens that can be emitted with the GenericIssuedTokenGenerateLoginModule.
- Full UsernameToken
- A full UsernameToken contains XML and can be emitted with the GenericSecurityTokenFactory login module.
- Simple UsernameToken
- A simple UsernameToken contains only a user name and password; it does not contain XML. Simple UsernameTokens are used to set a dynamic username and password that the UNTGenerateLoginModule, LTPAGenerateLoginModule, and KRBGenerateLoginModule can use.
When a full UsernameToken is created using a GenericSecurityTokenFactory API, the token is the complete form of a security token that can be emitted by the WS-Security run time. Determine the type of token you want to create, and then issue commands, similar to the ones specified in one of the following steps, to create your token. After the token is created, the user name and password in the token cannot be modified.
When a simple UsernameToken is created using a GenericSecurityTokenFactory API, the token contains only the user name and optionally the password. Because a simple UsernameToken does not contain XML, it cannot be emitted with the GenericIssuedTokenGenerateLoginModule.