This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Websphere and the fly likes LTPA and JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "LTPA and JAAS" Watch "LTPA and JAAS" New topic
Author

LTPA and JAAS

Ann Kanu
Ranch Hand

Joined: Feb 01, 2004
Posts: 30
Could someone please explain what the difference between LTPA authentication mechanism and JAAS custom login is?
Kyle Brown
author
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
    
    5
First of all, read the WebSphere 5.0 Security handbook. This explains everything.

Now, the short answer is that you (as a programmer) don't do anything with LTPA -- LTPA is the mechanism that WebSphere uses to validate a user's credentials AFTER they have been authenticated. Authentication in WebSphere happens in a number of ways -- most commonly through one of the mechanisms declared in the web.xml deployment descriptor (form based login, or HTTP basic authentication, for instance).

However, if you need (for some reason) to be able to log from somewhere OTHER than a web application, such as a Java Swing application, then you would use the JAAS LoginModule API in WebSphere to do so.

Kyle


Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
Ann Kanu
Ranch Hand

Joined: Feb 01, 2004
Posts: 30
Thanks Kyle. I will start with the security handbook.
Shaun Ashdowne
Greenhorn

Joined: Jan 20, 2009
Posts: 1
I have been searching for what should be a simple answer.
We are about to have an environment with WebSEAL, IBM HTTP Server and WebSphere Application Server.

This will be configured where WebSEAL will:
* determine if a URI requires authentication
* provide the user/password page
* authenticate the user
* create an LTPA token
* pass the token to WAS
* pass protected page back to WebSEAL

This is described in 13.3.3 of the "Websphere Application Server v6.1 Security Handbook" Redbook.

My question is:
Once Websphere has a session with credentials (userID), how does an application access the userID?

thanks
Shaun
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LTPA and JAAS
 
Similar Threads
user maintenance
Web security architecture
Legal values for the Authenticated method element
WebSphere and J2EE security
creating Authentication Cookie