Integration of JAAS Login Module for use with Form Based Authentication in Websphere 6.0

Posted on 2006-05-12
Last Modified: 2013-12-10
I am trying to figure out how to integrate a custom JAAS Login Module into Websphere for use with Form Based Authentication.  I am new to Websphere but have extensive experience with other Application Servers and the J2EE platform in general.  So this problem has me pretty frustrated.  

Maybe my expectations are off, but I am anticipating that I should be able to register my custom login module in such a way that when a user enters their credentials at the login page the authentication is handled by my login module instead of the default websphere user registry.  Note that in my web.xml file I am using FORM based authentication.

Before I describe my situation in detail I'll ask the questions that I think will get me a working solution.
How do you register a JAAS login module so that it will be called during the processing of the j_security_check servlet?

Background thusfar:
o  Global Security is Enabled
o  A JAAS Application Login Configuration called myrealm has been created and associated with my login module class (called TestJaasModule)
o  In the JAAS System Login Configuration I have inserted TestJaasModule into WEB_INBOUND and RMI_INBOUND in the first ordered spots.
o  I've gotten FORM based authentication to work against the default user registry (unfortunately this is not the security store that the production app will be using).

When I attempt to log into the application using credentials from the default user registry, it works.  However, if I use credentials from the security store serviced by my login module, then NO JOY!

Thanks kindly for your attention.

Here is web.xml




            Coarse access to use the report central application
         <role-name>All Authenticated Users</role-name>


      <role-name>All Authenticated Users</role-name>


Question by:bequeada
    1 Comment
    LVL 1

    Accepted Solution

    With WebSphere you have three options that you can use as your authenication mechanism, which are Local Operating System, LDAP, and Custom Registry.  When you choose Local Operating System as your repository you must use SWAM as the type of authenication, if you use either LDAP or Custom Registry then you will need to utilize LTPA.  If you are not using LDAP you should look into the requirements for utiltization of the custom registry which is a java class that must be implemented according to the IBM Guidelines. Authenication Users is the topic which can be found at

    This will put you well on your way.

    Once you have properly established the communication for security you will need to add the roles that you have defined to whichever registry that you are working with.  This can be done many ways depending on which means you are using for your security mechanism.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    jBoss vs. other App Servers 11 373
    activemq cluster 1 232
    how to find the dependencies of an EAR or WAR 4 63
    oneTwo java challenge 31 278
    Verbose logging is used to diagnose garbage collector problems. By default, -verbose:gc output is written to either native_stderr.log or native_stdout.log.   It is also possible to redirect the logs to a user-specified file. This article will de…
    Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now