I need to write a custom login module in websphere. The idea is that the login module will be deployed on various servers and therefore the underlying web applications it protects are different.
These are the features of the login module -
1) take the user credentials 2) find out if the application it is protecting (there is only one application running per websphere instance) needs the credentials verified by option 1 (user directory) or by option2. This is application specific information, so I am assuming that it will be mentioned in the web.xml file 3) and authenticate against the right option
Can I get some direction as how to proceed. I was looking through some JAAS documentation. Are there any good links for JAAS
In point 2, I mentioned that I might have to read from the web.xml file regarding the authentication method to be used. Could you please let me know if this is the right way to proceed and if so how do i read from the web.xml file.
I can tell you nearly for certain that you do NOT need to write a JAAS login module for WebSphere. WebSphere does not support custom JAAS login modules for the purposes you state. Instead, what you are doing sounds more like a Custom User Registry. Read in the WebSphere Infocenter about those, and go to www.redbooks.ibm.com and download and read the WebSphere 5.0 Security Handbook redbook. That should straighten you out as to WebSphere's capabilities for security.
Each application on the server (only one app per server) has a different mode of authentication � either by Siteminder (need to write a custom agent for it) or by a user directory (another piece of code for authentication). So, this custom login module needs to figure out the entitlement method for the particular application it is protecting and direct it accordingly.
Since I need to collect user credentials and also figure out from the web.xml ? file the authentication type for that particular application and then direct it towards the particular piece of code which does the authentication, I felt I need to use JAAS. Do you still feel that it is not the right way to be doing it. WebSphere documentation does talk about configuring a custom JAAS login module.
You don't need JAAS for this. Simply start by coding a TAI for siteminder -- if the TAI does not find the token from Siteminder, then WAS will fall back on its standard authentication framework (which will correctly interpret things from the web.xml without your intervention) and you can then code a Custom User Registry to use as the user registry to access the other user data for your application.
Really, this is the way to do it. Read the redbook and you'll be convinced.