Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

How to implement User Registry differently for each EAR installed in the same WAS

Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using WAS 5.0 and write a custom user registry for my own EAR file. But the problem is, with one installation of WAS, all other EAR applications installed will have to share this user registry implementation if they are to use standard J2EE security.
This cause a lot of trouble for me because my user registry implementation have to take into account the security for Admin console and any other EAR file using standard J2EE security.
Does any of you know how to configure WAS so that user registry for different node or server can be different too.
Many thanks
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Yep, that can be done.
Not through normal websphere administration though.

We have a user registry implementation that's used to protect the admin console. This registry is then capable of loading other registrys and delegating the checkPassword/getUniqueUserIds/... methods to the other registry.

For our registry to know which other class to load, we indicate this through JVM custom properties. This limits the use to one other loaded registry per JVM (= appserver), but that is ok in our case.

My suggestion is that you either standardise you registry so that all applications use the same (maybe you have som company policy?).
Another solution would be the one I described above, since you've written a registy before it shouldn't take you too long to do it. It took me about a day or so to enable our class to load other registrys.

hope this helps
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Redbook documentation says that the JAAS PAM settings must be left such that the existing module is required .

Which automatically means that the user registry that is used for authenticating administrators of the admin server and the user registry for my applications have to be the same .

Your concept of using a single module which in turn delegates the authentication is a good work around , but do we know for a fact that that is the only route ??

There's a city wid manhunt for this tiny ad:
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic