This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Websphere and the fly likes Basic authentication using custom Login Module in WAS 6.1 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Basic authentication using custom Login Module in WAS 6.1" Watch "Basic authentication using custom Login Module in WAS 6.1" New topic
Author

Basic authentication using custom Login Module in WAS 6.1

addy Bhushan
Greenhorn

Joined: Apr 24, 2006
Posts: 1
Hi
I need to enable "Basic" authentication for a url pattern in my webapplication on websphere 6.1. I have created a cusom Application Login and added a custom "Login Module", that does authentication using a custom native store, to it. Now i need to know how do I specify that my application should use this application login.

I have enabled global and application security and my admin console asks me for a username/password now.
Michael Ku
Ranch Hand

Joined: Apr 20, 2002
Posts: 510
To enable the authentication you will need a login-config element in your web-xml file. In your case, it will look like this


once this element is present, the user must be authenticated in order to access any resource that is constrained by a <security-constraint> defined in the Web Application. Once authenticated, the user can be authorized to access other resources with access privileges.

Your <security-constraint> will look like this


This says that for the url pattern that you specify in the <url-pattern> tag and the GET and POST methods in the resource (usually a servlet) that matches the url pattern, authentication will have to happen. I included the
which indicates that the request should use https. If you do not want the url-pattern resources to use https then remove this tag

For a great explanation of these tags read the Head First Servlets and JSP book

Here is a link to some documentation regarding the tags I have references in the above text

http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1019996

The user ID and password that you are being asked for are used to log into the admin console. Use the username and password of the that you used when you installed WebSphere

I know this works because I use it in RAD 6.0. I am curious how you wrote the Login Module and how you configured it. Could you help me with this?
-Fixed XML
[ July 18, 2007: Message edited by: Merrill Higginson ]
Michael Ku
Ranch Hand

Joined: Apr 20, 2002
Posts: 510
the xml tags I entered into the previous reply are being corrupted
Is there a way to enter XML into the reply and have it come across as entered?
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
Michael K,

Thanks for helping out!

The editor JavaRanch uses is supposed to automatically convert < and > to & l t ; and & g t ; Sometimes, for some unknown reason (probably related to the phases of the moon and the price of ginseng in Malaysia) it just doesn't work. I fixed your post by pasting it into JEDIT and using the find replace function to replace the offending characters.

One hint: If you wish to preserve the indentation in your code, surround it with [ c o d e ] and [ / c o d e ] tags.

Oh, and one other thing: The JavaRanch Naming Policy says you need a first and last name, and not just an initial. Please change your user profile when you get a chance.
[ July 18, 2007: Message edited by: Merrill Higginson ]

Merrill
Consultant, Sima Solutions
 
 
subject: Basic authentication using custom Login Module in WAS 6.1
 
Similar Threads
Basic question about JAAS in Java ...
login context propogation from WEB to EJB
JAAS IN websphere .Problem is taht my login module is not getting called from my application login
Tomcat / JNDI / initial Context
JAAS with JBoss