Example: Using the WSLogin configuration to create a basic authentication subject

Example: Using the WSLogin configuration to create a basic authentication subject

This example shows how to use the WSLogin application login configuration from within a J2EE application to login and get a Subject that contains the user ID and the password of the target realm

javax.security.auth.Subject subject = null;

try
{
// Create a login context using the WSLogin login configuration and specify a
// user ID, target realm, and password.
Note: If the target_realm_name is the
// same as the current realm, an authenticated Subject is created. However, if
// the target_realm_name is different from the current realm, a basic
// authentication Subject is created that is not validated. This unvalidated
// Subject is created so that one can send a request to the different target
// realm with valid security credentials for that realm.
javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
new WSCallbackHandlerImpl("userid", "target_realm_name", "password"));

//
Note: The following is an alternative that validates the user ID and
// password specified against the target realm. It will perform a remote call
// to the target server and will return true if the user ID and password are
// valid and false if the user ID and password are invalid. If false is
// returned, a WSLoginFailedException is thrown. We can catch that exception and
// perform a retry or stop the request from flowing by allowing that exception to
// surface out of this login.

// ALTERNATIVE LOGIN CONTEXT THAT VALIDATES THE USER ID AND PASSWORD TO THE
// TARGET REALM

/**** currently remarked out ****
java.util.Map appContext = new java.util.HashMap();
appContext.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");
appContext.put(javax.naming.Context.PROVIDER_URL,
"corbaloc:iiop:target_host:2809");

javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
new WSCallbackHandlerImpl("userid", "target_realm_name", "password", appContext));
**** currently remarked out ****/

// Starts the login
ctx.login();

// Gets the Subject from the context
subject = ctx.getSubject();
}
catch (javax.security.auth.login.LoginException e)
{
throw new com.ibm.websphere.security.auth.WSLoginFailedException (e.getMessage(), e);
}

if (subject != null)
{
// Defines a privileged action that encapsulates your remote request.
java.security.PrivilegedAction myAction = java.security.PrivilegedAction()
{
public Object run()
{
// Assumes a proxy is already defined. This example method returns a String
return proxy.remoteRequest();
}
});

// Executes this action using the basic authentication Subject needed for
// the target realm security requirements.
String myResult = (String) com.ibm.websphere.security.auth.WSSubject.doAs
(subject, myAction);
}