Meaningless Drivel is fun!*
The moose likes Websphere and the fly likes Database authentication on WAS 7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Database authentication on WAS 7" Watch "Database authentication on WAS 7" New topic

Database authentication on WAS 7

Alexandre Portugal

Joined: Jul 11, 2008
Posts: 11
Guys, has someone set up an application on WAS 7 to authenticate users from a database?

I've been reading the docs and I'm surprised how hard it is to find out a solution... On JBoss we just need to add some lines to login-config.xml and it's done!

So far, my options seem to be:
- to implement;
- to implement LoginModule (JAAS);
- to leave behind the security provided by the server (!) and implement it programmaticaly (checking info in session...);

Any suggestions?
Elton Kuzniewski
Ranch Hand

Joined: Dec 06, 2007
Posts: 44
Hello Alexandre!

I've been trying to figure out that too!

The IBM's documentation is not clearly about that...

Have you found a solution for your case? How did you do?


Elton Kuzniewski<br>SCJA 1.0, SCJP 5.0, SCWCD 5.0, SCBCD 5.0, SCJD (B&S - working on project),
<br><a href="" target="_blank" rel="nofollow"></a>
Alexandre Portugal

Joined: Jul 11, 2008
Posts: 11
Hi Elton,

I did manage to make it work with a database user registry.

Check these links. The first one explains how to configure the custom user registry and the second one is an example of a sample custom user registry java class. From there you should be able to change the functionality to query a database instead of a text file:

Although the docs say "The registry should not depend on any WAS components (such as data sources)", I was able to use a data source inside the method "checkPassword(...)". That's because, by the time this method is called (when a user tries to login on the app), WAS has already been completelly initialized. The drawback of that is having to do a lookup of the data source each time a user tries to login. You should check if this is acceptable in your case.

Good luck and let me know how it goes.


Elton Kuzniewski
Ranch Hand

Joined: Dec 06, 2007
Posts: 44
I was afraid about that... That is the exactly way that I was able to do a database login...

The big problem using this approach is that all others webapps should use the same authentication method...
I agree. Here's the link:
subject: Database authentication on WAS 7
Similar Threads
Transaction History
Can i have separate cache for commited and un-commited transactions
count yourself in javaranch#~
Your lucky number
when 400 mark will reach?