ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssecbassv.htm

104 lines
5.9 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure basic authentication for the Web services server</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecbassv"></a>Configure basic authentication for the Web services server</h6>
<p>This task is used to configure BasicAuth authentication at the server. BasicAuth refers to the user ID and password of a valid user in the registry of the target server. After a request is received that contains basic authentication information, the server needs to log in to form a credential. The credential is used for authorization. If the user ID and password supplied is invalid, an exception is thrown and the request ends without invoking the resource. For more information on BasicAuth authentication, see <a href="wssecbasic.htm">Basic authentication for Web services</a>.</p>
<p>Perform the following steps to configure the server for BasicAuth authentication:</p>
<ol>
<li><p>Open the webservices.xml deployment descriptor for your Web services application in the Web Services Editor of the WebSphere Development Studio Client for iSeries. For more information, see <a href="astk.htm">Configure your Web services application</a>.</p></li>
<li><p>Click the <strong>Security Extensions</strong> tab.</p></li>
<li><p>Expand the <strong>Request Receiver Service Configuration Details --&gt; Login Config</strong> settings. Select <strong>BasicAuth</strong> to authenticate the client using a user ID and password. The client must specify a valid user ID and password in the server user registry.</p>
<p><strong>Note:</strong> You can select multiple login configurations, which means that different types of security information might be received at the server. The order in which the login configurations are added decides the order in which they are processed when a request is received. This can cause problems if you have multiple login configurations added that have security tokens in common. For example, ID assertion contains a BasicAuth token. For ID assertion to work properly, list ID assertion ahead of BasicAuth in the processing list so the BasicAuth processing does not override the IDAssertion processing.</p></li>
</ol>
<p>Next, use the Web Services Editor to specify how the BasicAuth authentication information is validated:</p>
<ol>
<li><p>Click the <strong>Binding Configurations</strong> tab.</p></li>
<li><p>Expand the <strong>Request Receiver Binding Configuration Details --&gt; Login Mapping</strong>
settings.</p></li>
<li><p>Click <strong>Edit</strong> to view the login mapping information or click <strong>Add</strong> to add new login mapping information. The login mapping dialog appears.</p></li>
<li><p>Select or enter the following information:</p>
<table border="1" cellpadding="3" cellspacing="0">
<tr valign="top">
<th>Name</th>
<th>Purpose</th>
</tr>
<tr valign="top">
<td><strong>Authentication method</strong></td>
<td>The authentication method specifies the type of authentication that occurs. Select <strong>BasicAuth</strong> to use basic authentication.</td>
</tr>
<tr valign="top">
<td><strong>Configuration name</strong></td>
<td>This specifies the Java Authentication and Authorization Service (JAAS) login configuration name. For the BasicAuth authentication method, enter <tt>WSLogin</tt> for the JAAS login configuration name.</td>
</tr>
<tr valign="top">
<td><strong>Use token value type</strong></td>
<td>This option determines if you want to specify a custom token type. For the default authentication method selections, you do not need to specify this option.</td>
</tr>
<tr valign="top">
<td><strong>Token value type URI</strong> and <strong>Token value type URI local name</strong></td>
<td>When you select <strong>BasicAuth</strong>, you cannot edit the token value type URI and local name values. These values are specified for custom authentication types. For BasicAuth authentication, you do not need to enter any information for these fields.</td>
</tr>
<tr valign="top">
<td><strong>Callback handler factory class name</strong></td>
<td>This class name creates a JAAS CallbackHandler implementation that supports the following callbacks:
<ul>
<li>javax.security.auth.callback.NameCallback</li>
<li>javax.security.auth.callback.PasswordCallback</li>
<li>com.ibm.wsspi.wssecurity.auth.callback.
BinaryTokenCallback</li>
<li>com.ibm.wsspi.wssecurity.auth.callback.
XMLTokenReceiverCallback</li>
<li>com.ibm.wsspi.wssecurity.auth.callback.
PropertyCallback</li>
</ul>
<p>For any of the default authentication methods (BasicAuth, ID assertion, and Signature), use the callback handler factory default implementation. Enter the following class name for any of the default Authentication methods including BasicAuth: <tt>com.ibm.wsspi.wssecurity.auth.callback.
WSCallbackHandlerFactoryImpl</tt>. This implementation creates the correct callback handler for the default implementations.</p></td>
</tr>
<tr valign="top">
<td><strong>Callback handler factory property name</strong> and <strong>Callback handler factory property value</strong></td>
<td>This property is used to specify callback handler properties for custom callback handler factory implementations. You do not need to specify any properties for the default callback handler factory implementation. For BasicAuth, you do not need to enter any property values.</td>
</tr>
<tr valign="top">
<td><strong>Login mapping property name</strong> and <strong>Login mapping property value</strong></td>
<td>This property is used to specify properties for a custom login mapping to use. For the default implementations including BasicAuth, you do not need to enter any property values.</td>
</tr>
</table><p></p></li>
<li><p>Save the file.</p></li>
</ol>
</body>
</html>