Specifies the name of the callback handler implementation class
that is used to plug in a security token framework.
The specified callback handler class must implement the javax.security.auth.callback.CallbackHandler
class. The implementation of the JAAS javax.security.auth.callback.CallbackHandler
interface must provide a constructor using the following syntax:
MyCallbackHandler(String username, char[] password,
java.util.Map properties)
Where:
- username
- Specifies the user name that is passed into the configuration.
- password
- Specifies the password that is passed into the configuration.
- properties
- Specifies the other configuration properties that are passed into the
configuration.
The application server provides the following default callback handler
implementations:
- com.ibm.wsspi.wssecurity.auth.callback.GUIPromptCallbackHandler
- This callback handler uses a login prompt to gather user name and password
information. However, if you specify the user name and password on this panel,
a prompt is not displayed and the application server returns the user name
and password to the token generator if it is specified on this panel. Use
this implementation for a Java Platform, Enterprise Edition (Java EE)
application client only.
- com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
- This callback handler does not issue a prompt and returns the user name
and password if it is specified on this panel. You can use this callback handler
when the Web service is acting as a client.
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This callback handler uses a standard-in prompt to gather the user name
and password. However, if the user name and password is specified on this
panel, the application server does not issue a prompt, but returns the user
name and password to the token generator. Use this implementation for a Java Platform,
Enterprise Edition (Java EE) application client only.
- com.ibm.wsspi.wssecurity.auth.callback.StdinPromptCallbackHandler
- This callback handler uses a standard-in prompt to gather the user name
and password. However, if the user name and password is specified on this
panel, the application server does not issue a prompt, but returns the user
name and password to the token generator. Use this implementation for a Java Platform,
Enterprise Edition (Java EE) application client only.
- com.ibm.wsspi.wssecurity.auth.callback.LTPATokenCallbackHandler
- This callback handler is used to obtain the Lightweight Third Party Authentication
(LTPA) security token from the RunAs invocation Subject. This token is inserted
in the Web services security header within the SOAP message as a binary security
token. However, if the user name and password are specified on this panel,
the application server authenticates the user name and password to obtain
the LTPA security token rather than obtaining it from the RunAs Subject. Use
this callback handler only when the Web service is acting as a client on the
application server. It is recommended that you do not use this callback handler
on a Java EE
application client.
- com.ibm.wsspi.wssecurity.auth.callback.X509CallbackHandler
- This callback handler is used to create the X.509 certificate that is
inserted in the Web services security header within the SOAP message as a
binary security token. A keystore and a key definition is required for this
callback handler.
- com.ibm.wsspi.wssecurity.auth.callback.PKCS7CallbackHandler
- This callback handler is used to create X.509 certificates encoded with
the PKCS#7 format. The certificate is inserted in the Web services security
header in the SOAP message as a binary security token. A keystore is required
for this callback handler. You must specify a certificate revocation list
(CRL) in the collection certificate store. The CRL is encoded with the X.509
certificate in the PKCS#7 format.
- com.ibm.wsspi.wssecurity.auth.callback.PkiPathCallbackHandler
- This callback handler is used to create X.509 certificates encoded with
the PkiPath format. The certificate is inserted in the Web services security
header within the SOAP message as a binary security token. A keystore is required
for this callback handler. A CRL is not supported by the callback handler;
therefore, the collection certificate store is not required or used.
The callback handler implementation obtains the required security token
and passes it to the token generator. The token generator inserts the security
token in the Web services security header within the SOAP message. Also, the
token generator is the plug-in point for the pluggable security token framework.
Service providers can provide their own implementation, but the implementation
must use the com.ibm.websphere.wssecurity.wssapi.token.SecurityToken interface.
The Java Authentication
and Authorization Service (JAAS) Login Module implementation is used to create
the security token on the generator side and to validate (authenticate) the
security token on the consumer side, respectively.