Software AG Infrastructure 10.7 | Working with Web Services | Configuring Web Service Security | Configuring Client Authentication
 
Configuring Client Authentication
 
Configuring JAAS
Security Credentials
Implementing Password Callback Handlers
Implementing Policy Validation Callbacks
Authenticating Web Services
Web Services Stack provides a mechanism for authenticating clients in its runtime layer using the JAAS security framework. Security Infrastructure provides you with JAAS-based login modules for client authentication. When you log on using a JAAS login context, a javax.security.auth.Subject is produced by the logon security module. That subject contains Principals and credentials and is available to anyone on the execution chain through the message context.
Web Services Stack collects all available security credentials from the client request and populates them in Security Infrastructure SagCredentials (see Defining the Login Modules). After that, the logon process is performed in the policy validator implementation of Rampart.