Configuring JAX-RS 2.0 client to validate LTPA token authentication information

About this task

Lightweight Third-Party Authentication (LTPA) is a type of authentication mechanism in WebSphere® Application Server security that defines a particular token format. The purpose of the LTPA token authentication is to flow the LTPA token from the first web service, which authenticated the originating client, to the downstream web service. You can configure the client to validate LTPA token authentication.

Procedure

  1. Configure the LTPA properties in the WebSphere® Application Server traditional administrative console.
    To view the administrative console page, complete the following steps:
    1. Click Security-> Global security.
    2. Under the Authentication area, click LTPA.

    For more information about the LTPA properties, see LTPA.

  2. To enable LTPA when you develop your client application, add a client property in your client application code.

    Set the client property key to com.ibm.ws.jaxrs.client.ltpa.handler and its value to true. See the following code snippet as reference:

    ClientBuilder cb = ClientBuilder.newBuilder();
    Client c = cb.build();
    c.property("com.ibm.ws.jaxrs.client.ltpa.handler", "true");
  3. Define the role-name parameter values in the web.xml file in your application WAR file as follows:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="HelloworldServlet" version="3.0"
            xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    
            <display-name>JAX-RS HelloWorld Sample</display-name>
            <description>Server-side application to test Hello world client.</description>
            <login-config>
                    <auth-method>FORM</auth-method>
                    <realm-name>defaultWIMFileBasedRealm</realm-name>
                    <form-login-config> 
                            <form-login-page>/login.html</form-login-page>
                            <form-error-page>/loginError.jsp</form-error-page>
                    </form-login-config>
            </login-config>
            <security-constraint>
                    <display-name>FormLogin</display-name>
                    <web-resource-collection>
                            <web-resource-name>FormLogin</web-resource-name>
                            <url-pattern>/ClientTestServlet</url-pattern>
                            <http-method>GET</http-method>
                            <http-method>POST</http-method>
                    </web-resource-collection>
                    <auth-constraint>
                            <role-name>myTestRole</role-name>
                    </auth-constraint>
                    <user-data-constraint>  
                       <transport-guarantee>NONE</transport-guarantee>  
                    </user-data-constraint>  
            </security-constraint>
            <security-role id="SecurityRole_1"> 
             <description>All Authenticated Users Role.</description>
             <role-name>myTestRole</role-name>
           </security-role>
    </web-app>
  4. Deploy your client application to WebSphere Application Server traditional by using the administrative console.
  5. Map user or group to role in the administrative console. To map user or group to role, proceed with the following steps:
    1. Go to Applications—>Application types—>WebSphere enterprise applications.
    2. In the enterprise applications area, select the application or applicatioins that you deploy to WebSphere Application Server traditional.
    3. Select the Security role to user/group mapping option under the Detail Properties field.
    4. Select the role name that you define in your web.xml file.
    5. Click the Map Users button on the Security role to user/group mapping page and configure the Map Users properties according to your need.
    6. Click OK to save the configuration.
  6. Start the application in the WebSphere Application Server traditional administrative console. To start your application, go to Applications->Application types->WebSphere enterprise applications->Start.

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: March 5, 2017 17:29
File name: twbs_jaxrs_impl_securejaxrs2.0_ltpa.html