Currently we are using Weblogic application server. In the client side we have a JAAS Login module (Custom) which calls Authenticate.authenticate() (Weblogic custom class) which initiates a JAAS login at the server. I need to add my on additional information to the principal and return it form server, after successfull login. After login the subject, with my principal, is avialable at the client side and it is passed on every EJB invocation, which enables me to call getCallerPrincipal() on context to retrieve my Custom Principal and do programmatic authorization. It works fine with weblogic. In JBoss, which is our development server for the time being, i wrote a custom security interceptor which initiates jaas login at server and used SecurityAssociation class(JBoss) to propagate client subject with every ejb invocation. that too works fine. Now i'm porting my application to Websphere. Infact application requires no porting but security module does.
i want to implement same logic for security here. client initiates a jaas login. the login module should be able to start jass login at server and return my subject, which will be associated with my ejb invocation context. (ThreadContextImpl.set_thread_subject() is also fine for me.)
is there any way, by which i can implement this in websphere?
And then the flying monkeys attacked. My only defense was this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop