Before you begin
Java Authentication and Authorization Service (JAAS) is a new feature in WebSphere Application Server Version 5. Java Authentication and Authorization Service represents the strategic application programming interfaces (API) for authentication and it replaces the CORBA programmatic login APIs. WebSphere Application Server provides some extension to JAAS:A Subject authenticated with the previously mentioned JAAS login configurations contains a com.ibm.websphere.security.auth.WSPrincipal principal and a com.ibm.websphere.security.cred.WSCredential credential. If the authenticated Subject is passed in com.ibm.websphere.security.auth.WSSubject.doAs() or the other doAs() methods, the product security run time can perform authorization checks on J2EE resources based on the Subject com.ibm.websphere.security.cred.WSCredential .
You can define other JAAS login configurations to perform programmatic login which creates a custom Subject in either the client or server process. Certain credentials and principals are required in the Subject for the product security runtime to use it for sending authentication information over a protocol from the client or handling authorization on the server. The required credentials are generated from provided login modules.
The login module needed for a pure Java client login is as follows:
Note: The classes added to the Subject must be Java serializable and de-serializable for this to occur properly.
The login modules needed for a server login are as follows:
Steps for this task
com.ibm.CORBA.securityServerHost=myhost.mydomain com.ibm.CORBA.securityServerPort=mybootstrap portIf you specify these properties, you are guaranteed that security looks here for the SecurityServer. The host and port specified can represent any valid WebSphere host and bootstrap port. The SecurityServer resides on all server processes and therefore it is not important which host or port you choose. If specified, the security infrastructure within the client process look up the SecurityServer based on the information in the sas.client.props file.
... import java.util.Hashtable; import javax.naming.Context; import javax.naming.InitialContext; ... // Perform an InitialContext and default lookup prior to logging // in so that target realm and bootstrap host/port can be // determined for SecurityServer lookup. Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, " com.ibm.websphere.naming.WsnInitialContextFactory"); env.put(Context.PROVIDER_URL, "corbaloc:iiop:myhost.mycompany.com:2809"); Context initialContext = new InitialContext(env); Object obj = initialContext.lookup(""); // programmatic login code goes here.Complete this step prior to executing any programmatic login. It is in this code that you specify a URL provider for your naming context, but it must point to a valid WebSphere Application Server within the cell that you are authenticating to. This allows thread specific programmatic logins going to different cells to have a single system-wide SecurityServer location.
Example
Example: Programmatic logins