1. Topics:
  2. Extending token support
  3. |
  4. Leveraging Trust Association Interceptors (TAIs)
  1. Modules:
  2. NONE
  3. |
  4. Using iWidgets with WebSphere sMash

Deprecated security functions

This topic describes the features that have been deprecated in IBM® WebSphere® sMash security.

Overview

The following list of items have been deprecated since WebSphere sMash 1.0:

  • Extending authentication
  • Extending token support

Extending authentication

WebSphere sMash 1.0 defined a way to implement a custom authentication handler using the following steps:
  1. Choose a name for your authentication scheme to be specified in the security rules as authType.
  2. Implement a handler for the event name <authType>Secure.
  3. Register the event name in the configuration file of your library or application as a handler for that event.
For example, if your authType is digest, you would implement a handler with the method onDigestSecure and add the following stanza to the configuration file: 
/config/handlers += [{
   "events" : "digestSecure",
   "handler" : "com.myimpl.DigestSecurityHandler.class"
}]

This method has been deprecated in favor of defining a single event named authenticate that is fired from the secure event handler. While this method will still work for the foreseeable future, it is suggested to migrate to the preferred way of extending authentication via the authenticate event. For further details on the current method for extending security, please refer to the Extending security section of the Developer's Guide

Extending token support

WebSphere sMash 1.0 defined a way to implement a custom token implementation by using the following steps:
<tokenType>Attach
Creates a new token
<tokenType>Validate
Validates a token
<tokenType>Logout
Handles the logout of a user
The details of the <tokenType> token are described in the following section. You can register the handler in your library or in the application's zero.config file as a handler for those events. For example, if your tokenType is customToken, you would implement a handler with the following methods:
onCustomTokenAttach
Creates a new CustomToken token
onCustomTokenValidate
Validates a CustomToken token
onCustomTokenLogout
Handle logout processing
The following example shows the settings for configuring a custom token named CustomToken in the application or library zero.config file: 
/config/security/token/tokenType="customToken"
/config/handlers += [{
        "events" : ["customTokenAttach", "customTokenValidate", 
                       "customTokenLogout"],
        "handler" : "custom.CustomTokenService.class"
}]

This method has been deprecated in favor of defining a common set of events named "attachToken", "invalidateToken", "validateToken" that are fired during the secure event. While this method will still work for the foreseeable future, it is suggested to migrate to the preferred way of extending token support via these common named events versus token specific event names. For further details on the current method for extending security, please refer to the Extending token support section of the Developer's Guide

Version 1.1.0.0.21442