• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Pass parameter from Websphere application server to Java web filter

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Existing project was using NTLM for user authentication via web Filter and JCIFS. For authorization and role management it is still using web filter (RoleFilter).
After successfull authentication DOMAIN\username was transfered via session parameters in RoleFilter. For security reasons NTLM Filter was eliminated and changed
to Server based authenticaiton (SPNEGO). Applicaiton is running on  Webspehere Aplication Server. SPNEGO is already configured and running. Rolefilter is
now missing DOMAIN\username as input parameter. How can I get this parameter from Websphere context? Thanks in advance
 
Saloon Keeper
Posts: 28327
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch, Alexander!

Preferably, security should be handled by the JEE standard security system and not by application code. Or at a minimum, security code in webapps should be handled by a well-vetted security system such as Spring Security. User-designed security systems - including those developed by the local "genius" are almost invariably insecure and often take only minutes for unsophisticated users to crack. Security is too sensitive to be designed by someone whose main job is doing anything else.

Having said that, the preferred way to inject external data into a web application is via the application environment and JNDI. You can then set the value(s) you want to pass in using the webapp administration console and the webapp can retrieve those values from the JNDI java:comp/env directory tree. That process works under all JEE-compliant webapp servers, not just WebSphere and all OS's.
 
Evil is afoot. But this tiny ad is just an ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic