Extending token support

IBM® WebSphere® sMash's authentication provides a pluggable token handling framework to support custom token implementations.

Implement a token service handler

For each of the following event names, implement a handler:

attachToken: Creates a new token
validateToken: Validates a token
invalidateToken: Handles the logout of a user by invalidating the token

The following example shows the settings for configuring a custom token named customToken in the application or library zero.config file:

/config/handlers += [{
	"events" : ["attachToken", "invalidateToken","validateToken"],
	"handler" : "custom.CustomTokenService.class"
}]

The method by which users extend the default token support was rewritten after WebSphere sMash 1.0 was released. Although applications developed between the 1.0 and 1.1. release will continue to work as previously documented, these application should migrate security configuration to the current release. Refer to the Security migration section of the Developer's Guide for more details.