This task is typically accomplished by adding a custom login
module to the various application and system login configurations.
However, in order to deserialize the information, you must plug in
a custom login module, which is discussed in
Propagating a custom Java serializable object for security attribute propagation. After the object
is instantiated in the login module, you can add the object to the
Subject during the commit() method.
If you want to add information
to the Subject to get propagated, see Propagating a custom Java serializable object for security attribute propagation. If you want
to ensure that the information is propagated, want to do you own custom
serialization, or want to specify the uniqueness for Subject caching
purposes, then consider writing your own AuthorizationToken implementation.
The
code sample in Example: custom AuthorizationToken login module shows how to determine if the login is an
initial login or a propagation login. The difference between these
login types is whether the WSTokenHolderCallback contains propagation
data. If the callback does not contain propagation data, initialize
a new custom AuthorizationToken implementation and set it into the
Subject. If the callback contains propagation data, look for your
specific custom AuthorizationToken TokenHolder instance, convert the
byte[] back into your custom AuthorizationToken object, and set it
back into the Subject. The code sample shows both instances.
You
can make your AuthorizationToken read-only in the commit phase of
the login module. If you do not make the token read-only, then attributes
can be added within your applications.