I am currently trying to convert our Tomcat Apps to be used in Websphere Application Server 7, and they will not challenge the user for authentication. I believe that it doesn't know where to look for authentication and so doesn't attempt to authenticate.
In tomcat we have the context.xml (names have been removed for security):
Which declares the tables and rows needed for authentication.
I need something similar to embed in the webapp, preferably with minimal or no configuration on the websphere side that pulls its authentication from the database in the same fashion as it currently works.
The webapps in question are Struts 1 or 2, and have sitemesh running (which is also causing seperate problems...). All were originally configured for Tomcat.
Before receiving this assignment I had no previous knowledge of Websphere, so anything you could tell me or show me about how to get this going would be appreciated.
I'd really appreciate help on this as it's a real blocking point in our conversion.
I've attempted to create a standalone custom registry, by implementing the interface they've suggested (com.ibm.websphere.security.UserRegistry). I've put it in my install_root/lib/ext folder as suggested but it comes up with a ClassNotFoundException when I try to apply the new settings. It says to put the class name on the class path but I have no idea if that's what I did when I put the jar in the ext folder or if there's something else I should do.
Even so, the language isn't clear on if it's customizing the authentication used by the server, or the applications on the server (which is what I want).
Can anyone tell me if I'm on the right track, and if so what I might be doing wrong?
Thanks. I'll continue working on finding the solution to that.
What I'm confused by for the moment is why my application refuses to challenge the user for authentication. I could see it challenging then failing because it can't find my database, or whatever, but you would think that having a login-config element in my web.xml would have it respect that...
As a temporary solution I set up Global Security to allow me to log in using my local computer's login information (bad.... but fine w/e). I have enabled global and application security. I have also created a role which matches the one in my web.xml file, and a security domain that also matches. Our code checks to ensure that the user is logged in using getUserPrincipal() and that's where our application barks as it returns null indicating no login.
It's important to note that if I remove the context.xml file from the tomcat version it behaves exactly the same way as the websphere version is right now.
Here is the pertinent set up in my web.xml file.
Bring me the box labeled "thinking cap" ... and then read this tiny ad:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth