Configuring JAX-RS 2.0 client to validate LTPA token authentication information

About this task

Lightweight Third-Party Authentication (LTPA) is a type of authentication mechanism in WebSphere® Application Server security that defines a particular token format. The purpose of the LTPA token authentication is to flow the LTPA token from the first web service, which authenticated the originating client, to the downstream web service. You can configure the client to validate LTPA token authentication.

Procedure

  1. Configure the LTPA properties in the WebSphere® Application Server 傳統版 administrative console.
    To view the administrative console page, complete the following steps:
    1. Click Security-> Global security.
    2. Under the Authentication area, click LTPA.

    For more information about the LTPA properties, see LTPA.

  2. To enable LTPA when you develop your client application, add a client property in your client application code.

    Set the client property key to com.ibm.ws.jaxrs.client.ltpa.handler and its value to true. See the following code snippet as reference:

    ClientBuilder cb = ClientBuilder.newBuilder();
    Client c = cb.build();
    c.property("com.ibm.ws.jaxrs.client.ltpa.handler", "true");
  3. Define the role-name parameter values in the web.xml file in your application WAR file as follows:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="HelloworldServlet" version="3.0"
            xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    
            <display-name>JAX-RS HelloWorld Sample</display-name>
            <description>Server-side application to test Hello world client.</description>
            <login-config>
                    <auth-method>FORM</auth-method>
                    <realm-name>defaultWIMFileBasedRealm</realm-name>
                    <form-login-config> 
                            <form-login-page>/login.html</form-login-page>
                            <form-error-page>/loginError.jsp</form-error-page>
                    </form-login-config>
            </login-config>
            <security-constraint>
                    <display-name>FormLogin</display-name>
                    <web-resource-collection>
                            <web-resource-name>FormLogin</web-resource-name>
                            <url-pattern>/ClientTestServlet</url-pattern>
                            <http-method>GET</http-method>
                            <http-method>POST</http-method>
                    </web-resource-collection>
                    <auth-constraint>
                            <role-name>myTestRole</role-name>
                    </auth-constraint>
                    <user-data-constraint>  
                       <transport-guarantee>NONE</transport-guarantee>  
                    </user-data-constraint>  
            </security-constraint>
            <security-role id="SecurityRole_1"> 
             <description>All Authenticated Users Role.</description>
             <role-name>myTestRole</role-name>
           </security-role>
    </web-app>
  4. Deploy your client application to WebSphere Application Server 傳統版 by using the administrative console.
  5. Map user or group to role in the administrative console. To map user or group to role, proceed with the following steps:
    1. Go to Applications—>Application types—>WebSphere enterprise applications.
    2. In the enterprise applications area, select the application or applicatioins that you deploy to WebSphere Application Server 傳統版.
    3. Select the Security role to user/group mapping option under the Detail Properties field.
    4. Select the role name that you define in your web.xml file.
    5. Click the Map Users button on the Security role to user/group mapping page and configure the Map Users properties according to your need.
    6. Click OK to save the configuration.
  6. Start the application in the WebSphere Application Server 傳統版 administrative console. To start your application, go to Applications->Application types->WebSphere enterprise applications->Start.

指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:18
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twbs_jaxrs_impl_securejaxrs2
檔名:twbs_jaxrs_impl_securejaxrs2.0_ltpa.html