Configuring JAX-RS 2.0 client to validate LTPA token authentication information
About this task
Lightweight Third-Party Authentication (LTPA) is a type of authentication mechanism in WebSphere® Application Server security that defines a particular token format. The purpose of the LTPA token authentication is to flow the LTPA token from the first web service, which authenticated the originating client, to the downstream web service. You can configure the client to validate LTPA token authentication.
Procedure
- Configure the LTPA properties in the WebSphere® Application Server traditional
administrative console. To view the administrative console page, complete the following steps:
- Click Security-> Global security.
- Under the Authentication area, click LTPA.
For more information about the LTPA properties, see LTPA.
- To enable LTPA when you develop your client application, add a client property in your client
application code.
Set the client property key to com.ibm.ws.jaxrs.client.ltpa.handler and its value to true. See the following code snippet as reference:
ClientBuilder cb = ClientBuilder.newBuilder(); Client c = cb.build(); c.property("com.ibm.ws.jaxrs.client.ltpa.handler", "true");
- Define the role-name parameter values in the web.xml
file in your application WAR file as follows:
<?xml version="1.0" encoding="UTF-8"?> <web-app id="HelloworldServlet" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>JAX-RS HelloWorld Sample</display-name> <description>Server-side application to test Hello world client.</description> <login-config> <auth-method>FORM</auth-method> <realm-name>defaultWIMFileBasedRealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config> <security-constraint> <display-name>FormLogin</display-name> <web-resource-collection> <web-resource-name>FormLogin</web-resource-name> <url-pattern>/ClientTestServlet</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>myTestRole</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-role id="SecurityRole_1"> <description>All Authenticated Users Role.</description> <role-name>myTestRole</role-name> </security-role> </web-app>
- Deploy your client application to WebSphere Application Server traditional by using the administrative console.
- Map user or group to role in the administrative console. To map user or group to role, proceed with the following steps:
- Go to Applications—>Application types—>WebSphere enterprise applications.
- In the enterprise applications area, select the application or applicatioins that you deploy to WebSphere Application Server traditional.
- Select the Security role to user/group mapping option under the Detail Properties field.
- Select the role name that you define in your web.xml file.
- Click the Map Users button on the Security role to user/group mapping page and configure the Map Users properties according to your need.
- Click OK to save the configuration.
- Start the application in the WebSphere Application Server traditional administrative console. To start your application, go to Applications->Application types->WebSphere enterprise applications->Start.


File name: twbs_jaxrs_impl_securejaxrs2.0_ltpa.html