ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssecbasic.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Basic authentication for Web services</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h6><a name="wssecbasic"></a>Basic authentication for Web services</h6>

<p>When you use the BasicAuth authentication method, the security token that is generated is a &lt;wsse:UsernameToken&gt; element with &lt;wsse:Username&gt; and &lt;wsse:Password&gt;elements. WebSphere Application Server - Express supports text passwords but not password digest because passwords are not stored and cannot be retrieved from the server.</p>

<p>On the request sender side, a callback handler is invoked to generate the security token. On the request receiver side, a Java Authentication and Authorization Service (JAAS) login module is used to validate the security token. These two operations, token generation and token validation, are described in the following topics.</p>

<p><strong>BasicAuth token generation</strong></p>

<p>The request sender generates a BasicAuth security token using a callback handler. The security token returned by the callback handler is inserted in the SOAP message. The callback handler that is used is specified in the &lt;LoginBinding&gt; element of the bindings file, ibm-webservicesclient-bnd.xmi. The following callback handler implementations are provided with WebSphere Application Server - Express and can be used with the BasicAuth authentication method:</p>

<ul>
<li>com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler</li>
<li>com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler</li>
<li>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler</li>
</ul>

<p>You can add your own callback handlers that implement javax.security.auth.callback.CallbackHandler.</p>

<p><strong>BasicAuth token validation</strong></p>

<p>The request receiver retrieves the BasicAuth security token from the SOAP message and validates it using a JAAS login module. The &lt;wsse:Username&gt; and &lt;wsse:Password&gt; elements in the security token are used to perform the validation. If the validation is successful, the login module returns a
JAAS Subject. This Subject then is set as the identity of the thread of execution. If the validation fails, the request is rejected with a SOAP fault exception.</p>

<p>The JAAS login configuration is specified in the &lt;LoginMapping&gt; element of the bindings file. There are default bindings specified in the ws-security.xml file. However, you can override these bindings using the application-specific ibm-webservices-bnd.xmi file.</p>

<p>The configuration information consists of a CallbackHandlerFactory and a ConfigName. The CallbackHandlerFactory specifies the name of a class that is used for creating the JAAS CallbackHandler object. WebSphere Application Server - Express provides the com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl CallbackHandlerFactory implementation. The ConfigName specifies a JAAS configuration name entry. WebSphere Application Server - Express searches the security.xml file for a matching configuration name entry. If a match is not found, it searches the wsjaas.conf file for a match. WebSphere Application Server - Express provides the WSLogin default configuration entry, which is suitable for the BasicAuth authentication method.</p>

</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`

			`<title>Basic authentication for Web services</title>`
			`</head>`

			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`

			`<h6><a name="wssecbasic"></a>Basic authentication for Web services</h6>`

			`<p>When you use the BasicAuth authentication method, the security token that is generated is a <wsse:UsernameToken> element with <wsse:Username> and <wsse:Password>elements. WebSphere Application Server - Express supports text passwords but not password digest because passwords are not stored and cannot be retrieved from the server.</p>`

			`<p>On the request sender side, a callback handler is invoked to generate the security token. On the request receiver side, a Java Authentication and Authorization Service (JAAS) login module is used to validate the security token. These two operations, token generation and token validation, are described in the following topics.</p>`

			`<p><strong>BasicAuth token generation</strong></p>`

			`<p>The request sender generates a BasicAuth security token using a callback handler. The security token returned by the callback handler is inserted in the SOAP message. The callback handler that is used is specified in the <LoginBinding> element of the bindings file, ibm-webservicesclient-bnd.xmi. The following callback handler implementations are provided with WebSphere Application Server - Express and can be used with the BasicAuth authentication method:</p>`

			`<ul>`
			`<li>com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler</li>`
			`<li>com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler</li>`
			`<li>com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler</li>`
			`</ul>`

			`<p>You can add your own callback handlers that implement javax.security.auth.callback.CallbackHandler.</p>`

			`<p><strong>BasicAuth token validation</strong></p>`

			`<p>The request receiver retrieves the BasicAuth security token from the SOAP message and validates it using a JAAS login module. The <wsse:Username> and <wsse:Password> elements in the security token are used to perform the validation. If the validation is successful, the login module returns a`
			`JAAS Subject. This Subject then is set as the identity of the thread of execution. If the validation fails, the request is rejected with a SOAP fault exception.</p>`

			`<p>The JAAS login configuration is specified in the <LoginMapping> element of the bindings file. There are default bindings specified in the ws-security.xml file. However, you can override these bindings using the application-specific ibm-webservices-bnd.xmi file.</p>`

			<p>The configuration information consists of a CallbackHandlerFactory and a ConfigName. The CallbackHandlerFactory specifies the name of a class that is used for creating the JAAS CallbackHandler object. WebSphere Application Server - Express provides the com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl CallbackHandlerFactory implementation. The ConfigName specifies a JAAS configuration name entry. WebSphere Application Server - Express searches the security.xml file for a matching configuration name entry. If a match is not found, it searches the wsjaas.conf file for a match. WebSphere Application Server - Express provides the WSLogin default configuration entry, which is suitable for the BasicAuth authentication method.</p>

			`</body>`
			`</html>`