wood burning stoves 2.0*
The moose likes Websphere and the fly likes Websphere Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "Websphere Security" Watch "Websphere Security" New topic
Author

Websphere Security

Priya Dasu
Greenhorn

Joined: Nov 19, 2003
Posts: 6
Consider this scenario. User logs into site A which authenticates the user. From site A there is a link to Site B clicking on which site A passes the credentials to B. Site B is a struts application running on websphere 5.0. It needs to get the entitlements for the user from an XML file. If my scope starts only from Site B, and i need to take care only of the authorization how do i do so?Also Single Sign On needs to be incorporated between both the applications.
1. Do i use JAAS? If i use JAAS, can i use it only for authorization without using it for authentication. As far as i know, i don't think this is possible. If i am right is there an alternative in JAAS?
2. Is there a way by which i can use WAS Security?
Which is the best way to go about implementing this?
Thanks,
Priya
Benny Thomas
Ranch Hand

Joined: Sep 13, 2003
Posts: 44
Hi Priya,
Cant you use LTPA.
You can implement single sign on in WAS 5 using LTPA.
Benny


IBM Certified System Administrator - Websphere Application Server 5
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Websphere Security
 
Similar Threads
Why JAAS ?
Websphere Security
A Question for JBoss at Work Authors
JAAS and instance based authorisation
Authorization Using Application server