I am new to this topis. Please bare with me if I throw some dumb questions. Our production environment is WebSphere 4.0 and will be migrated to 5.1. We have Microsoft Active Directory as our LDAP server. As I understand it, I can integrate that LDAP server into our WebSphere and use LPTA/LDAP for user authentication/authrization. I think this approach will not need programaktic effort and is configurable. But, our application need more information (and some application specific ones) beyond what we can get from Active Directory. One way I am thinking of is to implicitly access the Active Directory (LDAP) server in the program, doing the authentication/authorization programatically, will get/set other user credentials in our own database. Does this sound like a fine approach or are there any better ways to do this? Please advice.
SCJP, SCJD, SCWCD, SCBCD, SCEA, IBM Certified Enterprise Developer, WebSphere Studio V5.0
We had a similiar situation in our project where corporate LDAP was not sufficient enough so we ended up creating a Custom User Registry (WebSphere supports custom registries as we all know !). Programmatic security results in lotsa directory access related code in your application which is never a good idea! Make your custom registry have lotsa application specific attributes for fine grained authorization in an application.
Custom Registry is a safe option. Configure the LDAP setting, switch on security on the global level. Once that is done, In your application build in the ant, add the following line for the application.xml <security-role id="SecurityRole_1"> <description>SomeThing of your choice</description> <role-name>WhoIsAllowed</role-name> </security-role> Then through the security console map the application role into the ldap principle name and domain. This is a way to implement the security without programmetic way. Thanks