Example: Using the WSLogin configuration to create a basic authentication subject

This example shows how to use the WSLogin application login configuration from within a Java2 Platform, Enterprise Edition (J2EE) application to log in and get a Subject that contains the user ID and the password of the target realm.

javax.security.auth.Subject subject = null;
// Create a login context using the WSLogin login configuration and specify a  
// user ID, target realm, and password. 

If the target_realm_name is the // same as the current realm, an authenticated Subject is created. However, if // the target_realm_name is different from the current realm, a basic // authentication Subject is created not validated. This unvalidated // Subject is created so that we can send a request to the different target // realm with valid security credentials for that realm. javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin", new WSCallbackHandlerImpl("userid", "target_realm_name", "password")); //

The following code is an alternative that validates the user ID and // password specified against the target realm. The code performs a remote call // to the target server and will return true if the user ID and password are // valid and false if the user ID and password are not valid. If false is // returned, a WSLoginFailedException exception is created. We can catch // that exception and perform a retry or stop the request from flowing by // allowing that exception to surface out of this login. // ALTERNATIVE LOGIN CONTEXT THAT VALIDATES THE USER ID AND PASSWORD TO THE // TARGET REALM /**** currently remarked out **** java.util.Map appContext = new java.util.HashMap(); appContext.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.ibm.websphere.naming.WsnInitialContextFactory"); appContext.put(javax.naming.Context.PROVIDER_URL, "corbaloc:iiop:target_host:2809"); javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin", new WSCallbackHandlerImpl("userid", "target_realm_name", "password", appContext)); **** currently remarked out ****/ // Starts the login ctx.login(); // Gets the Subject from the context subject = ctx.getSubject(); } catch (javax.security.auth.login.LoginException e) { throw new com.ibm.websphere.security.auth.WSLoginFailedException (e.getMessage(), e); } if (subject != null) { // Defines a privileged action that encapsulates the remote request. java.security.PrivilegedAction myAction = java.security.PrivilegedAction() { public Object run() { // Assumes a proxy is already defined. This example method returns a String return proxy.remoteRequest(); } }); // Starts this action using the basic authentication Subject needed for // the target realm security requirements. String myResult = (String) com.ibm.websphere.security.auth.WSSubject.doAs (subject, myAction); }


Related tasks

Set outbound identity mapping to a different target realm