• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

JAAS in Websphere

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Currently we are using Weblogic application server. In the client side we have a JAAS Login module (Custom) which calls Authenticate.authenticate() (Weblogic custom class) which initiates a JAAS login at the server. I need to add my on additional information to the principal and return it form server, after successfull login. After login the subject, with my principal, is avialable at the client side and it is passed on every EJB invocation, which enables me to call getCallerPrincipal() on context to retrieve my Custom Principal and do programmatic authorization. It works fine with weblogic.
In JBoss, which is our development server for the time being, i wrote a custom security interceptor which initiates jaas login at server and used SecurityAssociation class(JBoss) to propagate client subject with every ejb invocation. that too works fine. Now i'm porting my application to Websphere. Infact application requires no porting but security module does.

i want to implement same logic for security here. client initiates a jaas login. the login module should be able to start jass login at server and return my subject, which will be associated with my ejb invocation context. (ThreadContextImpl.set_thread_subject() is also fine for me.)

is there any way, by which i can implement this in websphere?

pls help.
--------------------

thanks in advance.
Jee
 
Ranch Hand
Posts: 1312
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WebSphere Information Center

http://publib.boulder.ibm.com/infocenter/wsphelp/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/welc_security.html
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi I found a redBook, and it has an example.

IBM WebSphere V5.0 Security WebSphere Handbook Series

The observation its...you must enter to Admin console to the example, you will find WSLogin in Security section...jaas configuration, follow the example from the red book. This will maybe help you.
 
Sheriff
Posts: 7023
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Java JEE,

Welcome to JavaRanch!

We ain't got many rules 'round these parts, but we do got one. Please change your display name to comply with The JavaRanch Naming Policy.

Thanks Pardner! Hope to see you 'round the Ranch!
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sorry. my mistake. changed the name as per the policy.

anyways thanks for the answers. also i got more info from Websphere infocenter. here it goes:

//code
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(mySubject)

//make remote method calls


this will enable getCallerPrincipal() to return custome principal at the EJB side.

thanks
Justin
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
the above code doesnt work even if i set security manager and appropirate privilages in policy files.

how can i change RunAs subject at the client side?

please help....


thanks
justin
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i'm still not able to find a way to propagate custom principal to the server from a swing client when using webspere application server.

does anyone know how to implement this

thanks
justin
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
env.put(Context.PROVIDER_URL, "iiop://localhost:2809");
Context initialContext = new InitialContext(env);
java.lang.Object obj = initialContext.lookup("");
LoginContext lc1 = null;
lc1 = new LoginContext("MyLogin1",
new WSCallbackHandlerImpl("user1", "MyLogin1","pass1") );
lc1.login();
Subject as1= lc1.getSubject();


this code only looks for login modules at the client side. what i need is server login modules to be invoke from there. is there anything that i can write in client side login module which invokes server login module (for example: Authenticate.authenticate() in weblogic or security interceptor in jboss)
or is it some different mechanism in websphere?
What is the target realm name that we specify in Callbackhanler? does it have significance? because this is what is there inside the constructors of WSCallbackhandlerImpl
public WSCallbackHandlerImpl(String s, String s1)
{
if(tc.isEntryEnabled())
Tr.entry(tc, "WSCallbackHandlerImpl(userName = \"" + s + "\", password = \"********\")");
userName = s;
password = s1;
if(tc.isEntryEnabled())
Tr.exit(tc, "WSCallbackHandlerImpl(userName, password)");
}

public WSCallbackHandlerImpl(String s, String s1, String s2)
{
this(s, s2);
}
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
by the way, forgot to mention one thing.

when the server security is enabled, the lookup() call at client side authnticates the subject created at the client using login module using servers authentication mechanism, which is not JAAS but based on OS or ldap or custome registry.

my probelm is that my registry is database based and it is not the group user based registry that websphere supports for its security management. i would like use my own registry and apis and custom principal (ofcourse, derviced from WSPrincipal) needs to be propagated.

thanks
Justin
 
Justin joseph
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i'm at wits end now.... please help.

when i use a registry websphere is using LptaLoginModule to login the user (by invoking my registry class). this class creates its own principal, is suppose. so whatever i try to propagate from client is ot taking effect. the default one created at the server side is being used. i get the name of the user correctly from the pricipal but other information which i have in my custom principal is not propagated.

is there any way to propagate my own principal to the server side.

thanks
Justin
 
The longest recorded flight time of a chicken is 13 seconds. But that was done without this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic