Develop programmatic logins with the JAAS Service

 

Before you begin

Java Authentication and Authorization Service (JAAS) represents the strategic API for authentication, replacing the CORBA programmatic login APIs

WebSphere Application Server provides some extension to JAAS:

 

Procedure

  1. Use the sas.client.props file and look for the following properties:

    com.ibm.CORBA.securityServerHost=myhost.mydomain
    com.ibm.CORBA.securityServerPort=mybootstrap port
    

    If you specify these properties, you are guaranteed that security looks here for the SecurityServer. The host and port specified can represent any valid WebSphere host and bootstrap port. The SecurityServer resides on all server processes and therefore it is not important which host or port you choose. If specified, the security infrastructure within the client process look up the SecurityServer based on the information in the sas.client.props file.

  2. Place the following code in your client application to get a new InitialContext():

    ...
       import java.util.Hashtable;
       import javax.naming.Context;
       import javax.naming.InitialContext;
       ...
       
    // Perform an InitialContext and default lookup prior to logging
    // in so that target realm and bootstrap host/port can be 
    // determined for SecurityServer lookup.
       
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory");
    env.put(Context.PROVIDER_URL, "corbaloc:iiop:myhost.mycompany.com:2809");
    Context initialContext = new InitialContext(env);
    Object obj = initialContext.lookup("");
    
    programmatic login code goes here.
    
    
    Complete this step prior to executing any programmatic login. It is in this code that you specify a URL provider for your naming context, but it must point to a valid WAS within the cell that you are authenticating to. This allows thread specific programmatic logins going to different cells to have a single system-wide SecurityServer location.

  3. Use the new default InitialContext() method relying on the naming precedence rules. These rules are defined in the article, Example: Getting the default initial context.

 

See also:

:
Example: Programmatic logins
Programmatic login
Using PolicyTool to edit policy files
Configuring the was.policy file
Security: Resources for learning

 



 

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.