Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

How to implement User Registry differently for each EAR installed in the same WAS

 
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am using WAS 5.0 and write a custom user registry for my own EAR file. But the problem is, with one installation of WAS, all other EAR applications installed will have to share this user registry implementation if they are to use standard J2EE security.
This cause a lot of trouble for me because my user registry implementation have to take into account the security for Admin console and any other EAR file using standard J2EE security.
Does any of you know how to configure WAS so that user registry for different node or server can be different too.
Many thanks
 
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi.

Yep, that can be done.
Not through normal websphere administration though.

We have a user registry implementation that's used to protect the admin console. This registry is then capable of loading other registrys and delegating the checkPassword/getUniqueUserIds/... methods to the other registry.

For our registry to know which other class to load, we indicate this through JVM custom properties. This limits the use to one other loaded registry per JVM (= appserver), but that is ok in our case.

My suggestion is that you either standardise you registry so that all applications use the same (maybe you have som company policy?).
Another solution would be the one I described above, since you've written a registy before it shouldn't take you too long to do it. It took me about a day or so to enable our class to load other registrys.

hope this helps
/Peter
 
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The Redbook documentation says that the JAAS PAM settings must be left such that the existing module is required .

Which automatically means that the user registry that is used for authenticating administrators of the admin server and the user registry for my applications have to be the same .

Your concept of using a single module which in turn delegates the authentication is a good work around , but do we know for a fact that that is the only route ??

thanks
kpt
 
WHAT is your favorite color? Blue, no yellow, ahhhhhhh! Tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic