Example: Programmatic logins using BasicAuth


This example illustrates how application programs can perform a programmatic login using BasicAuth.

Add Programmatic logins with Kerberos token:

LoginContext lc = null;
            
 try {
       lc = new LoginContext("WSKRB5Login",         
                  new WSCallbackHandlerImpl("userName", "password"));
 } catch (LoginException le) {
        System.out.println("Cannot create LoginContext. " + le.getMessage());
        
// Insert the error processing code 
 } catch(SecurityException se) {
        System.out.println("Cannot create LoginContext." + se.getMessage());
        
// Insert the error processing code
  }

  try {
         lc.login(); 
  } catch(LoginException le) {
         System.out.println("Fails to create Subject. " + le.getMessage());
          
// Insert the error processing code

As shown in the example, the new login context is initialized with the WSKRB5Login login configuration and the WSCallbackHandlerImpl callback handler. Use the WSCallbackHandlerImpl instance on a server-side application where you do not want to be prompted. A WSCallbackHandlerImpl instance is initialized by the specified user ID, password, and realm information. The present Krb5LoginModuleWrapperClient class implementation specified by the WSKRB5Login login configuration can only retrieve authentication information from the specified callback handler. We can construct a login context with a Subject object, but the Subject is disregarded by the present Krb5LoginModuleWrapperClient implementation.

For a pure Java application client, WAS provides two other callback handler implementations: WSStdinCallbackHandlerImpl and WSGUICallbackHandlerImpl, which prompt for user ID, password, and realm information on the command line and pop-up panel, respectively. We can choose either of these product callback handler implementations, depending on the particular application environment. We can develop a new callback handler if neither of these implementations fit the particular application requirement.

There are additional callbacks that can be used with WSKRB5Login, WSAuthMechOidCallbackImpl and WSCcacheCallBackHandlerImpl. WSAuthMechOidCallbackImpl enabls you to specify the authentication mechanism OID, the Kerberos authentication mechanism OID value is "1.2.840.113554.1.2.2". The WSCcacheCallBackHandlerImpl enables you to specify the user name, Kerberos realm name, the Kerberos credential cache full path and whether you want to use the default location of the Kerberos credential cache. If we choose to use the default location of the Kerberos credential cache, then the Kerberos credential cache is ignored. If using Kerberos for authentication, then we have to update sas.client.props.

We also can develop your own login module if the default WSLoginModuleImpl implementation fails to meet all the requirements. This product provides utility functions that the custom login module can use, which are described in the next section.

In cases where no java.naming.provider.url property is set as a system property or in the jndi.properties file, a default InitialContext context does not function if WAS ND server is not at the localhost:2809 location. In this situation, construct a new InitialContext context programmatically ahead of the JAAS login. JAAS needs to know where the security server resides to verify that the entered user ID or password is correct, prior to performing a commit method. By constructing a new InitialContext context in the way specified below, the security code has the information that is needed to find the security server location and the target realm.

The first line starting with env.put was split into two lines for illustration purposes only.

import java.util.Hashtable;
   import javax.naming.Context;
   import javax.naming.InitialContext;
   ...
   

// Perform an InitialContext and default lookup prior to logging in so that target realm

// and bootstrap host/port can be determined for SecurityServer lookup.
   
   Hashtable env = new Hashtable();
   env.put(Context.INITIAL_CONTEXT_FACTORY, 
           "com.ibm.websphere.naming.WsnInitialContextFactory");
   env.put(Context.PROVIDER_URL, "corbaloc:iiop:myhost.mycompany.com:2809");
   Context initialContext = new InitialContext(env);
   Object obj = initialContext.lookup("");
   
    LoginContext lc = null;
    try {
       lc = new LoginContext("WSLogin",         
                  new WSCallbackHandlerImpl("userName", "realm", "password"));
    } catch (LoginException le) {
        System.out.println("Cannot create LoginContext. " + le.getMessage());
        
// insert error processing code 
    } catch(SecurityException se) {
        System.out.printlin("Cannot create LoginContext." + se.getMessage();
        
// Insert error processing 
    }

    try {
         lc.login(); 
    } catch(LoginException le) {
         System.out.printlin("Fails to create Subject. " + le.getMessage());
          
// Insert error processing code
    }





 

Related tasks


Develop programmatic logins with the Java Authentication and Authorization Service