Chapter 6. Web services message layer security 119
UsernameTokenConsumer, is provided by the Web services security run time
as a default implementation.
6.2.4 Configuring the Web service requestor for security token
To configure the Web service requestor for security token:
1. Configure the security token.
Open the SecurityCallerEJB ejb-jar.xml deployment descriptor. Select the WS
Extension tab. In the Port Qualified Name Bindings section, select the
SecurityInfo port. (This is necessary in order to activate the Add button in the
next step.) Expand the Security Request Generator Binding Configuration
section. Expand the Security Token section and click Add.
Figure 6-5 Request generator Security Token Dialog
Configure the Security Token Dialog (Figure 6-5):
a. Enter a name such as BasicAuthToken.
b. Select a token type from the drop-down list. The available choices are:
Username: username token with a user name and password
X509 certificate token: binary security token of X.509 certificate
X509 certificates in a PKIPath: binary security token of an ordered list
of X.509 certificates packaged in a PKIPath
A list of X509 certificates and CRLs in a PKCS#7: binary security token
of a list of X.509 certificates and (optionally) CRLs packaged in a
PKCS#7 wrapper
LTPAToken: binary security token of a Lightweight Third Party
Authentication (LTPA) token
Custom token: Custom-defined token
For basic authentication, select Username as the token type. When you
select a token type, the local name is filled in automatically. For user name
120 Security in WebSphere Application Server Version 6.1 and J2EE 1.4 on z/OS
and four types of X509 certificates, the URI is not necessary (leave it empty).
If you select a custom token, you have to enter the URI and the local name of
the custom token manually.
Click OK.
2. Configure the token generator.
a. Open the SecurityCallerEJB deployment descriptor. Select the WS
Binding tab. Expand the Security Request Generator Binding
Configuration section.
b. To specify a token generator for a list of X.509 certificates and CRLs in a
PKCS#7, expand Certificate store list and click add (for basic
authentication, you do not specify this).
c. Enter any name. Add a CRL path pointing to the CRL file. These specified
CRLs are packaged in a PKCS#7 wrapper. Click OK, and a collection
certificate store is created.
Chapter 6. Web services message layer security 121
d. Expand the Token Generator section and click Add.
Configure the Token Generator dialog () Figure 6-6:
a. Enter Token generator name such as BasicAuthTokenGen.
Figure 6-6 Request generator Token Generator dialog
b. Select a token generator class or input your custom token generator class
name manually. You have to select a corresponding token generator class

Get Security in WebSphere Application Server V6.1 and J2EE 1.4 on z/OS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.