Downstream propagation scenario

Server1 and Server2 are in the same DRS Replication Domain. Server5 is a downstream server to which an RMI call is made from server1.

    • User authenticates to server1. Subject is created during the login process at the front-end server (server1) in this case, either by a propagation login or a user registry login.

    • Server1 and server5 have downstream propagation enabled.

    • The user makes an RMI request to an EJB running on application3 on server5.

    • WebSphere Application Server propagates the tokens from Subject including custom tokens from server1 to the downstream WebSphere Application Server, server5. Thus, the security information is available for server5 for enterprise bean invocations.

    • If tokens are available, a propagation login is performed otherwise an initial login is performed. The subject is generated at the downstream server (server5) and is added to the CSIV2 session.

    Figure 9-4 Downstream propagation scenario

    The downstream server trusts the upstream server, both Remote Method Invocation (RMI) outbound and inbound propagation have to be enabled.