Before you begin
Note: Common Object Request Broker Architecture (CORBA) APIs are not supported in the WebSphere Application Server for z/OS environment. If you have an application that you are porting from another WebSphere Application Server product to WebSphere Application Server for z/OS you must be aware that the security APIs from Version 4 are deprecated in Version 5. While the applications are supported in WebSphere Application Server Version 5, if you wish to use these applications on WebSphere Application Server Version 5 for z/OS, you must migrate to Java Authentication and Authorization Service (JAAS).
WebSphere Application Server Version 5 fully supports the Java Authentication and Authorization Service (JAAS) as programmatic login APIs. See Configuring Java Authentication and Authorization Service and Developing with JAAS to log in programmatically, for more details on JAAS support. Customers migrating from CORBA applications on previous versions of WebSphere Application Server to WebSphere Application Server for z/OS Version 5 need to migrate their CORBA applications to use JAAS to log in programmatically.This document outlines the deprecated CORBA programmatic login APIs and the alternatives provided by JAAS. The following are the deprecated CORBA programmatic login APIs and are not supported on WebSphere Application Server for z/OS:
The sampleApp is not included in Version 5.
The sampleApp is not included in Version 5.
This API is not included in Version 5.
The supported APIs provided in WebSphere Application Server for z/OS Version 5 are a combination of standard JAAS APIs and product implementation of standard JAAS interfaces (also some minor extension).
The following
is only a summary, refer to the JAAS documentation, which is included with
the product (${was.install.root}/web/docs/jaas/JaasDocs.zip) and
the product Javadoc (${was.install.root}/web/apidocs/index.html)
for details.
Note: If this API is used on the server side, the server is blocked for input.
Note: If this API is used on the server side, the server is blocked for input.
Note: An application must invoke the WSSubject.doAs() method for J2EE resources to be accessed using the subject generated by an explicit invocation of a WebSphere login module.
Steps for this task
public class TestClient { ... private void performLogin() { // Create a new JAAS LoginContext. javax.security.auth.login.LoginContext lc = null; try { // Use GUI prompt to gather the BasicAuth data. lc = new javax.security.auth.login.LoginContext("WSLogin", new com.ibm.websphere.security.auth.callback.WSGUICallbackHandlerImpl()); // create a LoginContext and specify a CallbackHandler implementation // CallbackHandler implementation determine how authentication data is collected // in this case, the authentication date is collected by GUI login prompt // and pass to the authentication mechanism implemented by the LoginModule. } catch (javax.security.auth.login.LoginException e) { System.err.println("ERROR: failed to instantiate a LoginContext and the exception: " + e.getMessage()); e.printStackTrace(); // may be javax.security.auth.AuthPermission "createLoginContext" is not granted // to the application, or the JAAS Login Configuration is not defined. } if (lc != null) try { lc.login(); // perform login javax.security.auth.Subject s = lc.getSubject(); // get the authenticated subject // Invoke a J2EE resources using the authenticated subject com.ibm.websphere.security.auth.WSSubject.doAs(s, new java.security.PrivilegedAction() { public Object run() { try { bankAccount.deposit(100.00); // where bankAccount is an protected EJB } catch (Exception e) { System.out.println("ERROR: error while accessing EJB resource, exception: " + e.getMessage()); e.printStackTrace(); } return null; } } ); // Retrieve the name of the principal from the Subject // so we can tell the user that login succeeded, // should only be one WSPrincipal. java.util.Set ps = s.getPrincipals(com.ibm.websphere.security.auth.WSPrincipal.class); java.util.Iterator it = ps.iterator(); while (it.hasNext()) { com.ibm.websphere.security.auth.WSPrincipal p = (com.ibm.websphere.security.auth.WSPrincipal) it.next(); System.out.println("Principal: " + p.getName()); } } catch (javax.security.auth.login.LoginException e) { System.err.println("ERROR: login failed with exception: " + e.getMessage()); e.printStackTrace(); // login failed, might want to provide relogin logic } } ... }
Example