Login configuration for JAAS

 

+

Search Tips   |   Advanced Search

 

JAAS is WebSphere strategic API for authentication and it will replace the CORBA programmatic login APIs.

A system administrator determines the authentication technologies, or LoginModules, to be used for each application and configures them in a login configuration. The source of the configuration information (for example, a file or a database) is up to the current javax.security.auth.login.Configuration implementation. The WAS implementation permits the login configuration to be defined in both the WebSphere configuration API security document and in a JAAS configuration file where the former takes precedence.

JAAS login configurations are defined in the WebSphere configuration API security document for applications to use. To access the configurations, click...

Security | Global security | Authentication | JAAS configuration | Application logins

The WSLogin defines a login configuration and LoginModule implementation that may be used by applications in general. The ClientContainer defines a login configuration and LoginModule implementation that is similar to that of WSLogin but enforces the requirements of the WAS Client Container. The third entry, DefaultPrincipalMapping, defines a special LoginModule that is typically used by Java 2 Connector to map an authenticated WebSphere user identity to a set of user authentication data (user ID and password) for the specified back end enterprise information system (EIS).

New JAAS login configuration may be added and modified using Security Center. The changes are saved in the cell level security document and are available to all managed application servers. An application server restart is required for the changes to take effect at run time and for the client container login configuration to be made available.

WAS also reads JAAS Configuration information from the wsjaas.conf file under the properties sub directory of the root directory under which WAS is installed. Changes made to the wsjaas.conf file is used only by the local application server and will take effect after restarting the application server. Note that JAAS configuration in the WebSphere configuration API security document takes precedence over that defined in the wsjaas.conf file. In other words, a configuration entry in wsjaas.conf will be overridden by an entry of the same alias name in the WebSphere configuration API security document.

Note: The JAAS login configuration entries in the Security Center are propagated to the server run time when they are created, not when the configuration is saved. However, the deleted JAAS login configuration entries are not removed from the server run time. To remove the entries, save the new configuration, then stop and restart the server. WAS provides some extensions to JAAS:

Note: Do not remove or delete the pre-defined JAAS Login Configurations (ClientContainer, WSLogin and DefaultPrincipalMapping). Deleting or removing them could cause other enterprise applications to fail.

 

Example

The samples gallery provides a JAAS login sample that demonstrates how to use JAAS with WAS. The sample uses a server-side login with JAAS to authenticate a user with the security run time for WAS. The sample demonstrates the following technology:

The form login sample is component of the technology samples. For more information on how to access the form login sample, see Accessing the Samples (Samples Gallery).


 



 

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.