Guys, I would like to secure my web application so that only authenticated user can access my pages. Which authentication method should I used? Form based or Basic? My WAS4.0 will be using MS Active Directory as its LDAP Server. When user login in to their PC using the login name that exist in Active Directory, then they would allow to access my web pages without prompt them to key in password. If they are login to their pc with the Login Name not in Active Directory, there should prompt out message box and ask user to key in user name and password in order to access the page. Anyone knows how to do that?
cbpoo. First CHANGE YOUR NAME. Your name is in violation of the Javaranch Naming Policy. You've been asked to do this before, and many of us feel that if you're not willing to live with the rules of the Javaranch that we don't feel the need to answer your questions. Second, this is covered quite well in the InfoCenter (look up section 5 on security) and in the WAS 4.0 Security Handbook redbook. I would suggest you start looking in both the InfoCenter and in the redbooks site before you post very open-ended questions like this. Remember that Javaranch is run by volunteers and that you should do your part in making an effort to find an answer to a question before asking someone to help you. Finally, both links above assume you are using WAS AE (You did not specify which version you were using). If you are using WAS AEs, then the InfoCenter can be found here.
Sorry, I didn't realize that my name violate the rules. Already update my profile. Actually I did try to do it. I also had read the Infocenter for security chapter(section 5) and WebSphere handbook and websphere security hand book. But it doesn't work. According to the infocenter, to secure web resource, security can be apply as Global or to different application. I configured the Global security by setting Security Center in my WAS AE 4.0 to connect to Active Directory. After restart WAS AE 4.0, the next time it prompt for the password before I allow to bring up the WAS AE Administrative Console. I successfully go into WAS AE Admin Console. But when I tried to access the web page in the WAS AE that I had installed. It seem like no authentication take place. I still can access the page even if my login not in Active Directory. Need help...
subject: How to secure web resources by using MS Active Directory as LDAP Server?