File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes JAAS and Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Websphere
Bookmark "JAAS and Websphere" Watch "JAAS and Websphere" New topic
Author

JAAS and Websphere

Ann Kanu
Ranch Hand

Joined: Feb 01, 2004
Posts: 30
Hi,

I need to write a custom login module in websphere. The idea is that the login module will be deployed on various servers and therefore the underlying web applications it protects are different.

These are the features of the login module -

1) take the user credentials
2) find out if the application it is protecting (there is only one application running per websphere instance) needs the credentials verified by option 1 (user directory) or by option2. This is application specific information, so I am assuming that it will be mentioned in the web.xml file
3) and authenticate against the right option

Can I get some direction as how to proceed. I was looking through some JAAS documentation. Are there any good links for JAAS

In point 2, I mentioned that I might have to read from the web.xml file regarding the authentication method to be used. Could you please let me know if this is the right way to proceed and if so how do i read from the web.xml file.

Regards.
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3879
I can tell you nearly for certain that you do NOT need to write a JAAS login module for WebSphere. WebSphere does not support custom JAAS login modules for the purposes you state. Instead, what you are doing sounds more like a Custom User Registry. Read in the WebSphere Infocenter about those, and go to www.redbooks.ibm.com and download and read the WebSphere 5.0 Security Handbook redbook. That should straighten you out as to WebSphere's capabilities for security.

Kyle


Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
Ann Kanu
Ranch Hand

Joined: Feb 01, 2004
Posts: 30
Kyle,

Each application on the server (only one app per server) has a different mode of authentication � either by Siteminder (need to write a custom agent for it) or by a user directory (another piece of code for authentication). So, this custom login module needs to figure out the entitlement method for the particular application it is protecting and direct it accordingly.

Since I need to collect user credentials and also figure out from the web.xml ? file the authentication type for that particular application and then direct it towards the particular piece of code which does the authentication, I felt I need to use JAAS. Do you still feel that it is not the right way to be doing it. WebSphere documentation does talk about configuring a custom JAAS login module.

Thanks.
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3879
You don't need JAAS for this. Simply start by coding a TAI for siteminder -- if the TAI does not find the token from Siteminder, then WAS will fall back on its standard authentication framework (which will correctly interpret things from the web.xml without your intervention) and you can then code a Custom User Registry to use as the user registry to access the other user data for your application.

Really, this is the way to do it. Read the redbook and you'll be convinced.

Kyle
Ginnakunta Laxmi Narayan
Ranch Hand

Joined: Jun 16, 2004
Posts: 35
You can configure custom login in websphere5.0. Once you wrote the login module, configure this in properties/wsjaas.conf file in websphere. Here in this file you can also specify the LDAP address.

here is the important url's
http://www.pramati.com/docstore/1270002/index.htm

http://www.mooreds.com/jaas.html
Sudhir Meduri
Greenhorn

Joined: May 28, 2003
Posts: 22
You can define context parameters in web.xml
which can be easily read in jsp/servlets


Thanks,<br />Sudhir <br />SCJP1.4
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS and Websphere
 
Similar Threads
Websphere Security
Websphere Security
Some JAAS questions
how to jaas question ?
question on jaas