ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wssecovtokuser.htm

56 lines
2.5 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>User name tokens</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h6><a name="wssecovtokuser"></a>User name tokens</h6>
<p>You can use the UsernameToken to propagate a user name and, optionally, password information. Also, you can use this token type to carry basic authentication information. Both a user name and password are used to authenticate the message. A UsernameToken containing the user name is used in identity assertion, which establishes the identity of the user based on the trust relationship.</p>
<p>The following example shows the the syntax of the UsernameToken element:</p>
<pre>&lt;UsernameToken Id=&quot;...&quot;&gt;
&lt;Username&gt;...&lt;/Username&gt;
&lt;Password Type=&quot;...&quot;&gt;...&lt;/Password&gt;
&lt;/UsernameToken&gt;</pre>
<p>The Web services security specification defines the following password types:</p>
<ul>
<li><p><strong>wsse:PasswordText</strong>
<br>(Default) This type is the actual password for the user name. WebSphere Application Server - Express supports this type.</p></li>
<li><p><strong>wsse:PasswordDigest</strong>
<br>This type is the digest of the password for the user name. The value is a base64-encoded SHA1 hash value of the UTF8-encoded password. WebSphere Application Server - Express does not support password digest because most user registry security policies do not expose the password to the application software.</p></li>
</ul>
<p>The following example illustrates the use of the &lt;UsernameToken&gt; element:</p>
<pre>&lt;S:Envelope xmlns:S=&quot;http://www.w3.org/2001/12/soap-envelope&quot;
xmlns:wsse=&quot;http://schemas.xmlsoap.org/ws/2002/04/secext&quot;&gt;
&lt;S:Header&gt;
...
&lt;wsse:Security&gt;
&lt;wsse:UsernameToken&gt;
&lt;wsse:Username&gt;Joe&lt;/wsse:Username&gt;
&lt;wsse:Password&gt;ILoveJava&lt;/wsse:Password&gt;
&lt;/wsse:UsernameToken&gt;
&lt;/wsse:Security&gt;
...
&lt;/S:Header&gt;
...
&lt;/S:Envelope&gt;</pre>
<p>The password is transmitted in unencrypted text. Therefore, it is recommended that you use a secure transmission channel between the sender and receiver. For example, you might consider using Secure Sockets Layer (SSL).</p>
</body>
</html>