Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security


Web Services Security service provider programming interfaces

Several Service Provider Interfaces (SPIs) are provided to extend the capability of the Web Services Security runtime.

There is an important distinction between v5.x and v6 and later applications. The information in this article supports v5.x applications only that are used with WAS Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.

The following list contains the SPIs that are available for WAS:


Procedure


What to do next

The JAAS LoginModule API is used for token validation on the request receiver side of the message. We can implement a custom LoginModule API to perform validation of the custom token on the request receiver of the message. After the token is verified and validated, the token is set as the caller and then run as the identity in the WAS runtime. The identity is used for authorization checks by the containers before a Java EE resource is invoked. The following list presents the default AuthMethod configurations provided by WAS:

BasicAuth

Validates a user name token.

Signature

Maps the distinguished name (DN) of a verified certificate to a JAAS subject.

IDAssertion

Maps a trusted identity to a JAAS subject.

LTPA

Validates an LTPA token that is received in the message and creates a JAAS subject.

Lightweight Third Party Authentication
Web Services Security model in WAS
Login mappings
Secure web services for v5.x applications using XML digital signature


Related


Web Services Security support

+

Search Tips   |   Advanced Search