• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

design strategy for WebSphere security

 
Ranch Hand
Posts: 264
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am new to this topis. Please bare with me if I throw some dumb questions.
Our production environment is WebSphere 4.0 and will be migrated to 5.1.
We have Microsoft Active Directory as our LDAP server.
As I understand it, I can integrate that LDAP server into our WebSphere and use LPTA/LDAP for user authentication/authrization. I think this approach will not need programaktic effort and is configurable.
But, our application need more information (and some application specific ones) beyond what we can get from Active Directory.
One way I am thinking of is to implicitly access the Active Directory (LDAP) server in the program, doing the authentication/authorization programatically, will get/set other user credentials in our own database.
Does this sound like a fine approach or are there any better ways to do this?
Please advice.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We had a similiar situation in our project where corporate LDAP was not sufficient enough so we ended up creating a Custom User Registry (WebSphere supports custom registries as we all know !).
Programmatic security results in lotsa directory access related code in your application which is never a good idea!
Make your custom registry have lotsa application specific attributes for fine grained authorization in an application.
 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Custom Registry is a safe option.
Configure the LDAP setting, switch on security on the global level.
Once that is done,
In your application build in the ant, add the following line for the application.xml
<security-role id="SecurityRole_1">
<description>SomeThing of your choice</description>
<role-name>WhoIsAllowed</role-name>
</security-role>
Then through the security console map the application role into
the ldap principle name and domain.
This is a way to implement the security without programmetic way.
Thanks
 
It's a tiny ad only because the water is so cold.
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic