Software AG Infrasructure 10.7 | Working with Web Services | Configuring Web Service Security | Configuring Client Authentication | Implementing Policy Validation Callbacks
 
Implementing Policy Validation Callbacks
The wsstack-jaas.jar module offers ready-to-use policy validator implementations that you can configure and use to log on. Below are examples implementations. To use one of the callbacks, specify policyValidatorCbClass in the Rampart policy assertion.
*com.softwareag.wsstack.jaas.callback.SimpleSINPolicyValidatorCallback. Attempts to log on with all available credentials (message-level credentials are with higher priority over transport-level credentials) against the JAAS logon context. Specify the login context name as a parameter under the key sin.jaas.login.context. The resulting JAAS login subject is available as a property of the message context under the key sin.jaas.subject.
*com.softwareag.wsstack.jaas.callback.ServletRequestLoginPolicyValidatorCallback. Attempts to log on using the servlet request resource populated in the SIN credentials list. Specify the login context name as a parameter under the key sin.jaas.login.context. The resulting JAAS logon subject is available as a property of the message context under the key sin.jaas.subject.
*com.softwareag.wsstack.jaas.callback.MultiLoginPolicyValidatorCallback. Attempts to log on first with transport-level credentials and then again with message-level credentials. Specify the login context name as a parameter under the key sin.jaas.login.context. The name of the transport login context is available as a parameter under the key sin.jaas.transport.login.context (default WSS_Transport_IS ) and for message-level credentials logging on under sin.jaas.msg.login.context (default WSS_Message_IS). The resulting subjects are respectively populated as properties of the message context under the keys sin.jaas.transport.subject and sin.jaas.msg.subject.
These policy validator callbacks extend the standard callback that is provided by Rampart. This means that all basic functionality for validating security policy conformation is still present.