bequeada
asked on
Integration of JAAS Login Module for use with Form Based Authentication in Websphere 6.0
I am trying to figure out how to integrate a custom JAAS Login Module into Websphere for use with Form Based Authentication. I am new to Websphere but have extensive experience with other Application Servers and the J2EE platform in general. So this problem has me pretty frustrated.
Maybe my expectations are off, but I am anticipating that I should be able to register my custom login module in such a way that when a user enters their credentials at the login page the authentication is handled by my login module instead of the default websphere user registry. Note that in my web.xml file I am using FORM based authentication.
Before I describe my situation in detail I'll ask the questions that I think will get me a working solution.
How do you register a JAAS login module so that it will be called during the processing of the j_security_check servlet?
Background thusfar:
o Global Security is Enabled
o A JAAS Application Login Configuration called myrealm has been created and associated with my login module class (called TestJaasModule)
o In the JAAS System Login Configuration I have inserted TestJaasModule into WEB_INBOUND and RMI_INBOUND in the first ordered spots.
o I've gotten FORM based authentication to work against the default user registry (unfortunately this is not the security store that the production app will be using).
When I attempt to log into the application using credentials from the default user registry, it works. However, if I use credentials from the security store serviced by my login module, then NO JOY!
Thanks kindly for your attention.
Here is web.xml
<web-app>
<display-name>authtest</di splay-name >
<session-config>
<session-timeout>2</sessio n-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/secure/welc ome.jsp</w elcome-fil e>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>ReportC entral</we b-resource -name>
<description>
Coarse access to use the report central application
</description>
<url-pattern>/secure/*</ur l-pattern>
<http-method>GET</http-met hod>
<http-method>POST</http-me thod>
</web-resource-collection>
<auth-constraint>
<role-name>All Authenticated Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE< /transport -guarantee >
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me thod>
<realm-name>myrealm</realm -name>
<form-login-config>
<form-login-page>/login.js p</form-lo gin-page>
<form-error-page>/errorLog in.jsp</fo rm-error-p age>
</form-login-config>
</login-config>
<security-role>
<role-name>All Authenticated Users</role-name>
</security-role>
</web-app>
Maybe my expectations are off, but I am anticipating that I should be able to register my custom login module in such a way that when a user enters their credentials at the login page the authentication is handled by my login module instead of the default websphere user registry. Note that in my web.xml file I am using FORM based authentication.
Before I describe my situation in detail I'll ask the questions that I think will get me a working solution.
How do you register a JAAS login module so that it will be called during the processing of the j_security_check servlet?
Background thusfar:
o Global Security is Enabled
o A JAAS Application Login Configuration called myrealm has been created and associated with my login module class (called TestJaasModule)
o In the JAAS System Login Configuration I have inserted TestJaasModule into WEB_INBOUND and RMI_INBOUND in the first ordered spots.
o I've gotten FORM based authentication to work against the default user registry (unfortunately this is not the security store that the production app will be using).
When I attempt to log into the application using credentials from the default user registry, it works. However, if I use credentials from the security store serviced by my login module, then NO JOY!
Thanks kindly for your attention.
Here is web.xml
<web-app>
<display-name>authtest</di
<session-config>
<session-timeout>2</sessio
</session-config>
<welcome-file-list>
<welcome-file>/secure/welc
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>ReportC
<description>
Coarse access to use the report central application
</description>
<url-pattern>/secure/*</ur
<http-method>GET</http-met
<http-method>POST</http-me
</web-resource-collection>
<auth-constraint>
<role-name>All Authenticated Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE<
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me
<realm-name>myrealm</realm
<form-login-config>
<form-login-page>/login.js
<form-error-page>/errorLog
</form-login-config>
</login-config>
<security-role>
<role-name>All Authenticated Users</role-name>
</security-role>
</web-app>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.