Developing programmatic logins with the Java Authentication and Authorization Service

Before you begin

Java Authentication and Authorization Service (JAAS) is a new feature in WebSphere Application Server Version 5. Java Authentication and Authorization Service represents the strategic application programming interfaces (API) for authentication and it replaces the CORBA programmatic login APIs. WebSphere Application Server provides some extension to JAAS:

Steps for this task

  1. Use the sas.client.props file and look for the following properties:
    com.ibm.CORBA.securityServerHost=myhost.mydomain
    com.ibm.CORBA.securityServerPort=mybootstrap port
    If you specify these properties, you are guaranteed that security looks here for the SecurityServer. The host and port specified can represent any valid WebSphere host and bootstrap port. The SecurityServer resides on all server processes and therefore it is not important which host or port you choose. If specified, the security infrastructure within the client process look up the SecurityServer based on the information in the sas.client.props file.
  2. Place the following code in your client application to get a new InitialContext():
    ...
       import java.util.Hashtable;
      	import javax.naming.Context;
      	import javax.naming.InitialContext;
      	...
       
    // Perform an InitialContext and default lookup prior to logging 
    // in so that target realm and bootstrap host/port can be 
    // determined for SecurityServer lookup.
       
       			Hashtable env = new Hashtable();
       			env.put(Context.INITIAL_CONTEXT_FACTORY, 			"
                  com.ibm.websphere.naming.WsnInitialContextFactory");
       			env.put(Context.PROVIDER_URL, 			
                  "corbaloc:iiop:myhost.mycompany.com:2809");
       			Context initialContext = new InitialContext(env);
       			Object obj = initialContext.lookup("");
    
    			// programmatic login code goes here.
    
    Complete this step prior to executing any programmatic login. It is in this code that you specify a URL provider for your naming context, but it must point to a valid WebSphere Application Server within the cell that you are authenticating to. This allows thread specific programmatic logins going to different cells to have a single system-wide SecurityServer location.
  3. Use the new default InitialContext() method relying on the naming precedence rules.
    These rules are defined in the article, .

Example

Example: Programmatic logins

Related concepts
Programmatic login
Related reference
Example: Programmatic logins
Security: Resources for learning



Searchable topic ID:   tsecpacs
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_pacs.html

Library | Support | Terms of Use | Feedback