Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Integration of JAAS Login Module for use with Form Based Authentication in Websphere 6.0

Posted on 2006-05-12
3
Medium Priority
?
8,010 Views
Last Modified: 2013-12-10
I am trying to figure out how to integrate a custom JAAS Login Module into Websphere for use with Form Based Authentication.  I am new to Websphere but have extensive experience with other Application Servers and the J2EE platform in general.  So this problem has me pretty frustrated.  

Maybe my expectations are off, but I am anticipating that I should be able to register my custom login module in such a way that when a user enters their credentials at the login page the authentication is handled by my login module instead of the default websphere user registry.  Note that in my web.xml file I am using FORM based authentication.

Before I describe my situation in detail I'll ask the questions that I think will get me a working solution.
How do you register a JAAS login module so that it will be called during the processing of the j_security_check servlet?

Background thusfar:
o  Global Security is Enabled
o  A JAAS Application Login Configuration called myrealm has been created and associated with my login module class (called TestJaasModule)
o  In the JAAS System Login Configuration I have inserted TestJaasModule into WEB_INBOUND and RMI_INBOUND in the first ordered spots.
o  I've gotten FORM based authentication to work against the default user registry (unfortunately this is not the security store that the production app will be using).

When I attempt to log into the application using credentials from the default user registry, it works.  However, if I use credentials from the security store serviced by my login module, then NO JOY!

Thanks kindly for your attention.

Here is web.xml

<web-app>
   <display-name>authtest</display-name>


   <session-config>
      <session-timeout>2</session-timeout>
   </session-config>


   <welcome-file-list>
      <welcome-file>/secure/welcome.jsp</welcome-file>
   </welcome-file-list>

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>ReportCentral</web-resource-name>
         <description>
            Coarse access to use the report central application
         </description>
         <url-pattern>/secure/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
         <role-name>All Authenticated Users</role-name>
      </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
   </security-constraint>


   <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>myrealm</realm-name>
      <form-login-config>
         <form-login-page>/login.jsp</form-login-page>
         <form-error-page>/errorLogin.jsp</form-error-page>
      </form-login-config>
   </login-config>

   <security-role>
      <role-name>All Authenticated Users</role-name>
   </security-role>

</web-app>



0
Comment
Question by:bequeada
1 Comment
 
LVL 1

Accepted Solution

by:
tonyvess earned 2000 total points
ID: 16721938
With WebSphere you have three options that you can use as your authenication mechanism, which are Local Operating System, LDAP, and Custom Registry.  When you choose Local Operating System as your repository you must use SWAM as the type of authenication, if you use either LDAP or Custom Registry then you will need to utilize LTPA.  If you are not using LDAP you should look into the requirements for utiltization of the custom registry which is a java class that must be implemented according to the IBM Guidelines. Authenication Users is the topic which can be found at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_authusers.html

This will put you well on your way.

Once you have properly established the communication for security you will need to add the roles that you have defined to whichever registry that you are working with.  This can be done many ways depending on which means you are using for your security mechanism.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question