Develop programmatic logins with the JAAS

 

+

Search Tips   |   Advanced Search

 

JAAS replaces the CORBA programmatic login APIs.

WAS provides some extension to JAAS...

Set com.ibm.CORBA.validateBasicAuth=false whenever connecting to a z/OS server. This function does not currently work from a distributed client to a z/OS server because the SecurityServer is located using the UNAUTHENTICATED principal, which is not accepted on a z/OS system.

 

Procedure

  1. Use the sas.client.props file and look for the following properties:

    com.ibm.CORBA.securityServerHost=myhost.mydomain com.ibm.CORBA.securityServerPort=mybootstrap port
    
    If you specify these properties, you are guaranteed that security looks here for the SecurityServer. The host and port specified can represent any valid WebSphere host and bootstrap port. The SecurityServer resides on all server processes and therefore it is not important which host or port you choose. If specified, the security infrastructure within the client process look up the SecurityServer based on the information in the sas.client.props file.

  2. Place the following code in your client application to get a new InitialContext():

    ...
       import java.util.Hashtable;
        import javax.naming.Context;
        import javax.naming.InitialContext;
        ...
       
    // Perform an InitialContext and default lookup prior to logging 
    // in so that target realm and bootstrap host/port can be 
    // determined for SecurityServer lookup.
       
             Hashtable env = new Hashtable();
    
             env.put(Context.INITIAL_CONTEXT_FACTORY,       "
                  com.ibm.websphere.naming.WsnInitialContextFactory");
    
             env.put(Context.PROVIDER_URL,       
                  "corbaloc:iiop:myhost.mycompany.com:2809");
    
             Context initialContext = new InitialContext(env);
    
             Object obj = initialContext.lookup("");
    
          // programmatic login code goes here.
    
    

    Complete this step prior to running any programmatic login.

    It is in this code specified a URL provider for your naming context, but it must point to a valid WAS within the cell to which you are authenticating. Pointing to one cell allows thread specific programmatic logins going to different cells to have a single system-wide SecurityServer location.

  3. Use the new default InitialContext() method relying on the naming precedence rules. These rules are defined in the article, Example: Getting the default initial context.

 

Example

See the Example: Programmatic logins article.



Example: Programmatic logins

 

Related concepts

Programmatic login

 

Related tasks

Configure programmatic logins for JAAS
Developing applications that use CosNaming (CORBA Naming interface)
Customizing application login with JAAS

 

Related Reference

Example: Getting an initial context by setting the provider URL property
Security: Resources for learning