• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

JAAS Login Module: HOw to extract user id and password from web service request.

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have few webservices and we are protecting it using basic authentication using LDAP. All LDAP settign has been done in websphere server using admin console.

When an invalid user tries to access this web service the websphere enabled authentication process checks the userid in LDAP. How erver on gettting error from LDAP it wraps the LDAP error in axis falut ( 401 unauthorised) and sends it to the web service client.

I need to catch the excat LDAP error. So I want to create a JAAS application login module. However to intialize loginContext I am not getting how to extract the user id and password from the web service request. ( I set the username and password in org.apache.axis.client.Call object while invoking the web service. )

Note : Instead of XXXXXXXXX I need to put userid and password extracted from web service request.

javax.security.auth.login.LoginContext lc = null;

lc = new javax.security.auth.login.LoginContext("WSLogin",XXXXXXXXX);

try
{
lc.login();
}
catch (LoginException le)
{}


Also please let me know if someone knows how to call a webservice from the login module.

 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not clear if you want to do this on the client or on the server? Also, how does using JAAS help with all this? For securing web services I'd use the WS-Security standard, which is supported by all major SOAP stacks.
 
priya verma
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to do this on server. Actaully I new to security. I researched on internet and found that for catching the LDAP login exception we can create a login module which gets invoked during websphere enabled LDAP authentication process.
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_jaascustlogmod.html


Am I going on wrong way? Or can we solve this problem using WS-Security ?

 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure if it's possible to intercept WebSphere's handling of the login process, and somehow inject JAAS into it.

If this was my problem, I'd use WS-Security, and then write code that accesses the LDAP repository in the login handler. The outlines of such a handler (minus the LDAP stuff) can be found here.
 
You will always be treated with dignity. Now, strip naked, get on the probulator and hold this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic