JAAS and Websphere

Hi,

I need to write a custom login module in websphere. The idea is that the login module will be deployed on various servers and therefore the underlying web applications it protects are different.

These are the features of the login module -

1) take the user credentials
2) find out if the application it is protecting (there is only one application running per websphere instance) needs the credentials verified by option 1 (user directory) or by option2. This is application specific information, so I am assuming that it will be mentioned in the web.xml file
3) and authenticate against the right option

Can I get some direction as how to proceed. I was looking through some JAAS documentation. Are there any good links for JAAS

In point 2, I mentioned that I might have to read from the web.xml file regarding the authentication method to be used. Could you please let me know if this is the right way to proceed and if so how do i read from the web.xml file.

Regards.

I can tell you nearly for certain that you do NOT need to write a JAAS login module for WebSphere. WebSphere does not support custom JAAS login modules for the purposes you state. Instead, what you are doing sounds more like a Custom User Registry. Read in the WebSphere Infocenter about those, and go to www.redbooks.ibm.com and download and read the WebSphere 5.0 Security Handbook redbook. That should straighten you out as to WebSphere's capabilities for security.

Kyle

Kyle,

Each application on the server (only one app per server) has a different mode of authentication � either by Siteminder (need to write a custom agent for it) or by a user directory (another piece of code for authentication). So, this custom login module needs to figure out the entitlement method for the particular application it is protecting and direct it accordingly.

Since I need to collect user credentials and also figure out from the web.xml ? file the authentication type for that particular application and then direct it towards the particular piece of code which does the authentication, I felt I need to use JAAS. Do you still feel that it is not the right way to be doing it. WebSphere documentation does talk about configuring a custom JAAS login module.

Thanks.

You don't need JAAS for this. Simply start by coding a TAI for siteminder -- if the TAI does not find the token from Siteminder, then WAS will fall back on its standard authentication framework (which will correctly interpret things from the web.xml without your intervention) and you can then code a Custom User Registry to use as the user registry to access the other user data for your application.

Really, this is the way to do it. Read the redbook and you'll be convinced.

Kyle

You can configure custom login in websphere5.0. Once you wrote the login module, configure this in properties/wsjaas.conf file in websphere. Here in this file you can also specify the LDAP address.

here is the important url's
http://www.pramati.com/docstore/1270002/index.htm

http://www.mooreds.com/jaas.html

You can define context parameters in web.xml
which can be easily read in jsp/servlets