Why and when to perform this task
This topic explains how you might create your own authentication token implementation, which is set in the login Subject and propagated downstream. With this implementation you can specify an authentication token that can be used by a custom login module or application. Consider writing your own implementation if you want to accomplish one of the following tasks:To implement a custom authentication token, you must complete the following steps:
Steps for this task
To see an implementation of the AuthenticationToken interface, see Example: A com.ibm.wsspi.security.token.AuthenticationToken implementation.
If you only want to add information to the Subject to get propagated, see Propagating a custom Java serializable object. If you want to ensure that the information is propagated, do your own custom serialization, or specify the uniqueness for Subject caching purposes, consider writing your own authentication token implementation.
The code sample in Example: A custom authentication token login module, shows how to determine if the login is an initial login or a propagation login. The difference between these login types is whether the WSTokenHolderCallback callback contains propagation data. If the callback does not contain propagation data, initialize a new custom authentication token implementation and set it into the Subject. If the callback contains propagation data, look for your specific custom authentication token TokenHolder instance, convert the byte array back into your custom AuthenticationToken object, and set it back into the Subject. The code sample shows both instances.
You can make your authentication token read-only in the commit phase of the login module. If you do not make the token read-only, attributes can be added within your applications.
Because this login module relies on information in the shared state that is added by the com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule login module, add this login module after the com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule login module. For information on how to add your custom login module to the existing login configurations, see Custom login module development for a system login configuration.
Result
After completing these steps, you have implemented a custom authentication token.Related concepts
Security attribute propagation
Related tasks
Propagating security attributes among application servers
Propagating a custom Java serializable object
Implementing tokens for security attribute propagation
Related reference
Custom login module development for a system login configuration