• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

design strategy for WebSphere security

 
Ranch Hand
Posts: 264
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am new to this topis. Please bare with me if I throw some dumb questions.
Our production environment is WebSphere 4.0 and will be migrated to 5.1.
We have Microsoft Active Directory as our LDAP server.
As I understand it, I can integrate that LDAP server into our WebSphere and use LPTA/LDAP for user authentication/authrization. I think this approach will not need programaktic effort and is configurable.
But, our application need more information (and some application specific ones) beyond what we can get from Active Directory.
One way I am thinking of is to implicitly access the Active Directory (LDAP) server in the program, doing the authentication/authorization programatically, will get/set other user credentials in our own database.
Does this sound like a fine approach or are there any better ways to do this?
Please advice.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We had a similiar situation in our project where corporate LDAP was not sufficient enough so we ended up creating a Custom User Registry (WebSphere supports custom registries as we all know !).
Programmatic security results in lotsa directory access related code in your application which is never a good idea!
Make your custom registry have lotsa application specific attributes for fine grained authorization in an application.
 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Custom Registry is a safe option.
Configure the LDAP setting, switch on security on the global level.
Once that is done,
In your application build in the ant, add the following line for the application.xml
<security-role id="SecurityRole_1">
<description>SomeThing of your choice</description>
<role-name>WhoIsAllowed</role-name>
</security-role>
Then through the security console map the application role into
the ldap principle name and domain.
This is a way to implement the security without programmetic way.
Thanks
 
You get good luck from rubbing the belly of a tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic