Guys, has someone set up an application on WAS 7 to authenticate users from a database?
I've been reading the docs and I'm surprised how hard it is to find out a solution... On JBoss we just need to add some lines to login-config.xml and it's done!
So far, my options seem to be:
- to implement com.ibm.websphere.security.UserRegistry;
- to implement LoginModule (JAAS);
- to leave behind the security provided by the server (!) and implement it programmaticaly (checking info in session...);
The IBM's documentation is not clearly about that...
Have you found a solution for your case? How did you do?
Elton Kuzniewski<br>SCJA 1.0, SCJP 5.0, SCWCD 5.0, SCBCD 5.0, SCJD (B&S - working on project),
<br><a href="http://www.eltonk.com.br/" target="_blank" rel="nofollow">www.eltonk.com.br</a>
Joined: Jul 11, 2008
I did manage to make it work with a database user registry.
Check these links. The first one explains how to configure the custom user registry and the second one is an example of a sample custom user registry java class. From there you should be able to change the functionality to query a database instead of a text file:
Although the docs say "The registry should not depend on any WAS components (such as data sources)", I was able to use a data source inside the method "checkPassword(...)". That's because, by the time this method is called (when a user tries to login on the app), WAS has already been completelly initialized. The drawback of that is having to do a lookup of the data source each time a user tries to login. You should check if this is acceptable in your case.
Good luck and let me know how it goes.
Joined: Dec 06, 2007
I was afraid about that... That is the exactly way that I was able to do a database login...
The big problem using this approach is that all others webapps should use the same authentication method...