File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Websphere and the fly likes JAAS in Websphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "JAAS in Websphere" Watch "JAAS in Websphere" New topic
Author

JAAS in Websphere

Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
Currently we are using Weblogic application server. In the client side we have a JAAS Login module (Custom) which calls Authenticate.authenticate() (Weblogic custom class) which initiates a JAAS login at the server. I need to add my on additional information to the principal and return it form server, after successfull login. After login the subject, with my principal, is avialable at the client side and it is passed on every EJB invocation, which enables me to call getCallerPrincipal() on context to retrieve my Custom Principal and do programmatic authorization. It works fine with weblogic.
In JBoss, which is our development server for the time being, i wrote a custom security interceptor which initiates jaas login at server and used SecurityAssociation class(JBoss) to propagate client subject with every ejb invocation. that too works fine. Now i'm porting my application to Websphere. Infact application requires no porting but security module does.

i want to implement same logic for security here. client initiates a jaas login. the login module should be able to start jass login at server and return my subject, which will be associated with my ejb invocation context. (ThreadContextImpl.set_thread_subject() is also fine for me.)

is there any way, by which i can implement this in websphere?

pls help.
--------------------

thanks in advance.
Jee


thanks
somkiat puisungnoen
Ranch Hand

Joined: Jul 04, 2003
Posts: 1312
WebSphere Information Center

http://publib.boulder.ibm.com/infocenter/wsphelp/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/welc_security.html


SCJA,SCJP,SCWCD,SCBCD,SCEA I
Java Developer, Thailand
Rolando Ochoa
Greenhorn

Joined: Aug 09, 2004
Posts: 16
Hi I found a redBook, and it has an example.

IBM WebSphere V5.0 Security WebSphere Handbook Series

The observation its...you must enter to Admin console to the example, you will find WSLogin in Security section...jaas configuration, follow the example from the red book. This will maybe help you.


Rolando Ochoa
Dirk Schreckmann
Sheriff

Joined: Dec 10, 2001
Posts: 7023
Java JEE,

Welcome to JavaRanch!

We ain't got many rules 'round these parts, but we do got one. Please change your display name to comply with The JavaRanch Naming Policy.

Thanks Pardner! Hope to see you 'round the Ranch!


[How To Ask Good Questions] [JavaRanch FAQ Wiki] [JavaRanch Radio]
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
sorry. my mistake. changed the name as per the policy.

anyways thanks for the answers. also i got more info from Websphere infocenter. here it goes:

//code
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(mySubject)

//make remote method calls


this will enable getCallerPrincipal() to return custome principal at the EJB side.

thanks
Justin
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
the above code doesnt work even if i set security manager and appropirate privilages in policy files.

how can i change RunAs subject at the client side?

please help....


thanks
justin
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
i'm still not able to find a way to propagate custom principal to the server from a swing client when using webspere application server.

does anyone know how to implement this

thanks
justin
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
env.put(Context.PROVIDER_URL, "iiop://localhost:2809");
Context initialContext = new InitialContext(env);
java.lang.Object obj = initialContext.lookup("");
LoginContext lc1 = null;
lc1 = new LoginContext("MyLogin1",
new WSCallbackHandlerImpl("user1", "MyLogin1","pass1") );
lc1.login();
Subject as1= lc1.getSubject();


this code only looks for login modules at the client side. what i need is server login modules to be invoke from there. is there anything that i can write in client side login module which invokes server login module (for example: Authenticate.authenticate() in weblogic or security interceptor in jboss)
or is it some different mechanism in websphere?
What is the target realm name that we specify in Callbackhanler? does it have significance? because this is what is there inside the constructors of WSCallbackhandlerImpl
public WSCallbackHandlerImpl(String s, String s1)
{
if(tc.isEntryEnabled())
Tr.entry(tc, "WSCallbackHandlerImpl(userName = \"" + s + "\", password = \"********\")");
userName = s;
password = s1;
if(tc.isEntryEnabled())
Tr.exit(tc, "WSCallbackHandlerImpl(userName, password)");
}

public WSCallbackHandlerImpl(String s, String s1, String s2)
{
this(s, s2);
}
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
by the way, forgot to mention one thing.

when the server security is enabled, the lookup() call at client side authnticates the subject created at the client using login module using servers authentication mechanism, which is not JAAS but based on OS or ldap or custome registry.

my probelm is that my registry is database based and it is not the group user based registry that websphere supports for its security management. i would like use my own registry and apis and custom principal (ofcourse, derviced from WSPrincipal) needs to be propagated.

thanks
Justin
Justin joseph
Greenhorn

Joined: Aug 03, 2004
Posts: 27
i'm at wits end now.... please help.

when i use a registry websphere is using LptaLoginModule to login the user (by invoking my registry class). this class creates its own principal, is suppose. so whatever i try to propagate from client is ot taking effect. the default one created at the server side is being used. i get the name of the user correctly from the pricipal but other information which i have in my custom principal is not propagated.

is there any way to propagate my own principal to the server side.

thanks
Justin
 
wood burning stoves
 
subject: JAAS in Websphere