WAS v8.5 > Reference > Administrator examples

Example: Using the WSLogin configuration to create a basic authentication subject

This example shows how to use the WSLogin application login configuration from within a J2EE application to log in and get a Subject containing the user ID and the password of the target realm.

javax.security.auth.Subject subject = null;

try
{
  // Create a login context using the WSLogin login configuration and specify a  
  // user ID, target realm, and password. Note: If the target_realm_name is the 
  // same as the current realm, an authenticated Subject is created. However, if 
  // the target_realm_name is different from the current realm, a basic 
  // authentication Subject is created not validated. This unvalidated 
  // Subject is created so that we can send a request to the different target   // realm with valid security credentials for that realm.
  javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
   new WSCallbackHandlerImpl("userid", "target_realm_name", "password"));

  // Note: The following code is an alternative that validates the user ID and 
  // password specified against the target realm. The code performs a remote call 
  // to the target server and will return  true if the user ID and password are 
  // valid and false if the user ID and password are not valid. If false is 
  // returned, a WSLoginFailedException exception is created. We can catch 
  // that exception and perform a retry or stop the request from flowing by 
  // allowing that exception to surface out of this login.

  // ALTERNATIVE LOGIN CONTEXT THAT VALIDATES THE USER ID AND PASSWORD TO THE 
  // TARGET REALM

  /****  currently remarked out ****
  java.util.Map appContext = new java.util.HashMap();
              appContext.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, 
                             "com.ibm.websphere.naming.WsnInitialContextFactory");
              appContext.put(javax.naming.Context.PROVIDER_URL, 
                             "corbaloc:iiop:target_host:2809");

  javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
   new WSCallbackHandlerImpl("userid", "target_realm_name", "password", appContext));
  **** currently remarked out  ****/

  // Starts the login 
  ctx.login();

  // Gets the Subject from the context   subject = ctx.getSubject();
 } 
 catch (javax.security.auth.login.LoginException e)
 {
  throw new com.ibm.websphere.security.auth.WSLoginFailedException (e.getMessage(), e);
 }

 if (subject != null)
 {
  // Defines a privileged action that encapsulates your remote request.
java.security.PrivilegedAction myAction = java.security.PrivilegedAction()
  {
   public Object run()
   {
    // Assumes a proxy is already defined. This example method returns a String
    return proxy.remoteRequest();
   }
  }); 

  // Starts this action using the basic authentication Subject needed for 
     // the target realm security requirements.
  String myResult = (String) com.ibm.websphere.security.auth.WSSubject.doAs 
        (subject, myAction); 
 }


Related


Configure outbound identity mapping to a different target realm


+

Search Tips   |   Advanced Search