WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuration entry settings for Java Authentication and Authorization Service

Use this page to specify a list of Java Authentication and Authorization Service (JAAS) login configurations for the application code to use, including J2EE components such as enterprise beans, JavaServer Pages (JSP) files, servlets, resource adapters, and message data blocks (MDBs).

To view this administrative console page, complete the following steps:
  1. Click Security > Global security.
  2. Under Authentication, click JAAS configuration > Application logins.

Read the JAAS specifications before you begin defining additional login modules for authenticating to the WebSphere Application Server security run time. You can define additional login configurations for your applications. However, if the WebSphere Application Server LoginModule com.ibm.ws.security.common.auth.module.WSLoginModuleImpl module is not used or the LoginModule module does not produce a credential that is recognized by WebSphere Application Server, the WebSphere Application Server security run time cannot use the authenticated subject from these login configurations for an authorization check for resource access.

You must invoke Java client programs that use Java Authentication and Authorization Service (JAAS) for authentication with a JAAS configuration file that is specified. The WebSphere Application Server supplies the wsjaas_client.conf default JAAS configuration file under the install_root/properties directory. This configuration file is set in the /install_root/bin/launchClient.bat file as:
set JAAS_LOGIN_CONFIG=-Djava.security.auth.login.config=%WAS_HOME%\properties\wsjaas_client.conf

If the launchClient.bat file is not used to invoke Java client programs, make sure that the appropriate JAAS configuration file is passed to the Java virtual machine with the -Djava.security.auth.login.config flag.

Configuration tab

ClientContainer

Specifies the login configuration used by the client container application, which uses the CallbackHandler API that is defined in the client container deployment descriptor.

The ClientContainer configuration is the default login configuration for the WebSphere Application Server. Do not remove this default, as other applications that use it fail.

Default: ClientContainer
DefaultPrincipalMapping

Specifies the login configuration that is used by Java 2 Connectors to map users to principals that are defined in the J2C authentication data entries.

The ClientContainer configuration is the default login configuration for WebSphere Application Server. Do not remove this default, as other applications that use it fail.

Default: ClientContainer
WSLogin

Indicates whether all of the applications can use the WSLogin configuration to perform authentication for the WebSphere Application Server security run time.

This login configuration does not honor the CallbackHandler handler that is defined in the client container deployment descriptor. To use this functionality, use the ClientContainer login configuration.

The WSLogin configuration is the default login configuration for the WebSphere Application Server. Do not remove this default because other administrative applications that use it fail. This login configuration authenticates users for the WebSphere Application Server security run time. Use credentials from the authenticated subject that are returned from this login configuration as an authorization check for access to WebSphere Application Server resources.

Default: ClientContainer



Related concepts
Java Authentication and Authorization Service

Reference topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/usec_jaas.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)