This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes Security and the fly likes webspehere security setting Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "webspehere security setting" Watch "webspehere security setting" New topic

webspehere security setting

JigaR Parekh
Ranch Hand

Joined: May 23, 2005
Posts: 112
Hi i am currently using jboss 3.2.3 and i have setup security by DatabaseServerLoginModule which will search in db for principal,password and role. I have done this setup by following configuration in login-config.xml of jboss.

<application-policy name = "vmc-security">
<login-module code = "" flag="required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/ssc</module-option>
<module-option name = "principalsQuery">select Password from Principals where PrincipalID=?</module-option>
<module-option name = "rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=ssc</module-option>

i have also made every servlet secure from web.xml

Now i want to migrate to websphere 5.1 so how can i achive with websphere???
Paul Sturrock

Joined: Apr 14, 2004
Posts: 10336

The only way someone could answer that is by repeating what is in the Info Center documentation for WAS 5.1. WebSphere is quite a complex and involved application, so there is no quick way to do what you ask. Your best route is to read through the security sections in the docs.
[ May 23, 2005: Message edited by: Paul Sturrock ]

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
jack poul

Joined: May 24, 2005
Posts: 1
In websphere folder there should be a file called security.xml

In this file there is certain configuration available

<applicationLoginConfig xmi:id="JAASConfiguration_1">
<entries xmi:id="JAASConfigurationEntry_4" alias="XXXXLogin">
<loginModules xmi:id="JAASLoginModule_1" moduleClassName="" authenticationStrategy="REQUIRED">
<options xmi:id="Property_4" name="delegate" value="xxx.yyy.SomeDbUserPasswordLoginModule"/>
<options xmi:id="Property_5" name="loginValidatorClass" value="xxxx.yyyy.AuthenticationValidatorClass"/>
<options xmi:id="Property_6" name="debug" value="true"/>

This is associated with the application.
JigaR Parekh
Ranch Hand

Joined: May 23, 2005
Posts: 112
thx for reply,

you mean to say that i have to implement two classes

Where i can get information how to implement these classes ?
I agree. Here's the link:
subject: webspehere security setting
It's not a secret anymore!