Default implementations of the Web services security service provider programming interfaces

This information describes the default implementations of the service provider interfaces (SPI) for Web services security within WebSphere Application Server Version 6 and later.

The default implementations of the service provider interfaces for WebSphere Application Server Version 5.x are not described in this document. Instead, see Securing Web services for Version 5.x applications based on WS-Security for the Version 5.x implementations that are deprecated in Version 6.0.x and later.
com.ibm.wsspi.wssecurity.token.X509TokenGenerator
This class implements the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent interface. It is responsible for creating the X.509 token object from the X.509 certificate, which is returned by the com.ibm.wsspi.wssecurity.auth.callback.{X509,PKCS7,PkiPath}CallbackHandler interface. Encode the token using the base 64 format and insert its XML representation into the Simple Object Access Protocol (SOAP) message, if necessary.
com.ibm.wsspi.wssecurity.auth.callback.X509CallbackHandler
This class implements the javax.security.auth.callback.CallbackHandler interface and it retrieves the X.509 certificate from the keystore file.
com.ibm.wsspi.wssecurity.token.UsernameTokenGenerator
This class implements the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent interface. It is responsible for creating the username token object from user name and password that is returned by a javax.security.auth.callback.CallbackHandler implementation such as the following callback handlers:

com.ibm.wsspi.wssecurity.auth.callback.{GUIPrompt,NonPrompt,StdinPrompt}CallbackHandler

It also inserts the XML representation of the token into the SOAP message, if necessary.

com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator
This class implements the com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface. This class retrieves the keys from the keystore files for digital signature and encryption.
com.ibm.wsspi.wssecurity.token.X509TokenConsumer
This class implements the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent interface. This class processes the X.509 token from the binary security token. This class decodes the Base64 encryption within the X.509 token and then invokes the system.wssecurity.X509BST Java Authentication and Authorization Service (JAAS) Login Configuration with the com.ibm.wsspi.wssecurity.auth.module.X509LoginModule login module to validate the X.509 token. An object of the com.ibm.wsspi.wssecurity.auth.token.X509Token is created for the validated X.509 token and stored in JAAS Subject.
com.ibm.wsspi.wssecurity.token.IDAssertionUsernameTokenConsumer
This class implements the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent interface. This class processes the username token for identity assertion (IDAssertion), which does not have a password element. This interface invokes the system.wssecurity.IDAssertionUsernameToken JAAS login configuration with the com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule login module to validate the IDAssertion user name token. An object of the com.ibm.wsspi.wssecurity.auth.token.UsernameToken class is created for the validated username token and stored in the JAAS Subject.
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule
This class implements the javax.security.auth.spi.LoginModule interface and checks whether the username value is not empty. The login module assumes that the UsernameToken is valid if the username value is not empty.
com.ibm.wsspi.wssecurity.token.LTPATokenGenerator
This class implements the com.ibm.wsspi.wssecurity.token.TokenGeneratorComponent interface. This class is responsible for Base 64 encoding the LTPA token object obtained from the com.ibm.wsspi.wssecurity.auth.callback.LTPATokenCallbackHandler callback handler. The object is inserted into the Web services security header within the SOAP message, if necessary.
com.ibm.wsspi.wssecurity.token.LTPATokenConsumer
This class implements the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent interface. This class processes the LTPA token from the binary security token, and decodes the Base64 encoding within the LTPA token. An object of the com.ibm.wsspi.wssecurity.auth.token.LTPAToken class is created for the validated LTPA token and stored in the JAAS Subject.
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule
This class implements the javax.security.auth.spi.LoginModule interface and validates the X.509 Certificate based on the trust anchor and the collection certification store configuration.
com.ibm.wsspi.wssecurity.token.UsernameTokenConsumer
This class implements the com.ibm.wsspi.wssecurity.token.TokenConsumerComponent interface. This class processes the username token, extracts the user name and password, and then invokes the system.wssecurity.UsernameToken JAAS login configuration using the com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule login module to validate the user name and password. An object of the com.ibm.wsspi.wssecurity.auth.token.UsernameToken class is created for the validated username token and stored in the JAAS Subject.
com.ibm.wsspi.wssecurity.keyinfo.X509TokenKeyLocator
This class implements the com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface. This class is used to retrieve a public key from a X.509 certificate. The X.509 certificate is stored in the X.509 token (com.ibm.wsspi.wssecurity.auth.token.X509Token) in the JAAS Subject. The X.509 token is created by the X.509 Token Consumer (com.ibm.wsspi.wssecurity.tokenX509TokenConsumer).
com.ibm.wsspi.wssecurity.keyinfo.SignerCertKeyLocator
This class implements the com.ibm.wsspi.wssecurity.keyinfo.KeyLocator interface. This class is used to retrieve a public key from the X.509 certificate of the request signer and encrypt the response. You can use this key locator in the response generator binding configuration only.
Important: This implementation assumes that only one signer certificate is used in the request.
com.ibm.wsspi.wssecurity.auth.token.UsernameToken
This implementation extends the com.ibm.wsspi.wssecurity.auth.token.WSSToken abstract class to represent the username token.
com.ibm.wsspi.wssecurity.auth.token.X509Token
This implementation extends the com.ibm.wsspi.wssecurity.auth.token.WSSToken abstract class to represent the X.509 binary security token (X.509 certificate).
com.ibm.wsspi.wssecurity.auth.token.LTPAToken
This implementation extends the com.ibm.wsspi.wssecurity.auth.token.WSSToken abstract class as a wrapper to the LTPA token that is extracted from the binary security token.
com.ibm.wsspi.wssecurity.auth.callback.PKCS7CallbackHandler
This class implements the javax.security.auth.callback.CallbackHandler interface and is responsible for creating a certificate and binary data with or without a certificate revocation list (CRL) using the PKCS#7 encoding. The certificate and the binary data is passed back to the com.ibm.wsspi.wssecurity.token.X509TokenGenerator implementation through the com.ibm.wsspi.wssecurity.auth.callback.X509BSCallback callback handler.
com.ibm.wsspi.wssecurity.auth.callback.PkiPathCallbackHandler
This class implements the javax.security.auth.callback.CallbackHandler interface and it is responsible for creating a certificate and binary data without a CRL using the PkiPath encoding. The certificate and binary data is passed back to the com.ibm.wsspi.wssecurity.token.X509TokenGenerator implementation through the com.ibm.wsspi.wssecurity.auth.callback.X509BSCallback callback handler.
com.ibm.wsspi.wssecurity.auth.callback.X509CallbackHandler
This class implements the javax.security.auth.callback.CallbackHandler interface and it is responsible for creating a certificate from the keystore file. The X.509 token certificate is passed back to the com.ibm.wsspi.wssecurity.token.X509TokenGenerator implementation through the com.ibm.wsspi.wssecurity.auth.callback.X509BSCallback callback handler.
com.ibm.wsspi.wssecurity.auth.callback.LTPATokenCallbackHandler
This implementation generates a Lightweight Third Party Authentication (LTPA) token in the Web services security header as a binary security token. If basic authentication data is defined in the application binding file, it is used to perform a login, to extract the LTPA token from the WebSphere Application Server credentials, and to insert the token in the Web services security header. Otherwise, it extracts the LTPA security token from the invocation credentials (run as identity) and inserts the token in the Web services security header.
com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
This implementation reads the basic authentication data from the application binding file. You might use this implementation on the server side to generate a username token.
com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
This implementation presents you with a login prompt to gather the basic authentication data. Use this implementation on the client side only.
com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
This implementation collects the basic authentication data using a standard in (stdin) prompt. Use this implementation on the client side only.
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator
This interface is used to evaluate the level of trust for identity assertion. The default implementation is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl, which enables you to define a list of trusted identities.
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl
This default implementation enables you to define a list of trusted identities for identity assertion.
com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorException
This exception class is used by an implementation of the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator to communicate the exception and errors to the Web services security run time.



Related concepts
High-level architecture for Web services security
Related tasks
Securing Web services for Version 5.x applications based on WS-Security
Securing Web services applications using JAX-RPC at the message level
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 9:31:45 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=cwbs_defaultv6impl
File name: cwbs_defaultv6impl.html