• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to implement User Registry differently for each EAR installed in the same WAS

 
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am using WAS 5.0 and write a custom user registry for my own EAR file. But the problem is, with one installation of WAS, all other EAR applications installed will have to share this user registry implementation if they are to use standard J2EE security.
This cause a lot of trouble for me because my user registry implementation have to take into account the security for Admin console and any other EAR file using standard J2EE security.
Does any of you know how to configure WAS so that user registry for different node or server can be different too.
Many thanks
 
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi.

Yep, that can be done.
Not through normal websphere administration though.

We have a user registry implementation that's used to protect the admin console. This registry is then capable of loading other registrys and delegating the checkPassword/getUniqueUserIds/... methods to the other registry.

For our registry to know which other class to load, we indicate this through JVM custom properties. This limits the use to one other loaded registry per JVM (= appserver), but that is ok in our case.

My suggestion is that you either standardise you registry so that all applications use the same (maybe you have som company policy?).
Another solution would be the one I described above, since you've written a registy before it shouldn't take you too long to do it. It took me about a day or so to enable our class to load other registrys.

hope this helps
/Peter
 
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Redbook documentation says that the JAAS PAM settings must be left such that the existing module is required .

Which automatically means that the user registry that is used for authenticating administrators of the admin server and the user registry for my applications have to be the same .

Your concept of using a single module which in turn delegates the authentication is a good work around , but do we know for a fact that that is the only route ??

thanks
kpt
 
Let nothing stop you! Not even this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic