Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LTPA and JAAS

 
Ann Kanu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could someone please explain what the difference between LTPA authentication mechanism and JAAS custom login is?
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all, read the WebSphere 5.0 Security handbook. This explains everything.

Now, the short answer is that you (as a programmer) don't do anything with LTPA -- LTPA is the mechanism that WebSphere uses to validate a user's credentials AFTER they have been authenticated. Authentication in WebSphere happens in a number of ways -- most commonly through one of the mechanisms declared in the web.xml deployment descriptor (form based login, or HTTP basic authentication, for instance).

However, if you need (for some reason) to be able to log from somewhere OTHER than a web application, such as a Java Swing application, then you would use the JAAS LoginModule API in WebSphere to do so.

Kyle
 
Ann Kanu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Kyle. I will start with the security handbook.
 
Shaun Ashdowne
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have been searching for what should be a simple answer.
We are about to have an environment with WebSEAL, IBM HTTP Server and WebSphere Application Server.

This will be configured where WebSEAL will:
* determine if a URI requires authentication
* provide the user/password page
* authenticate the user
* create an LTPA token
* pass the token to WAS
* pass protected page back to WebSEAL

This is described in 13.3.3 of the "Websphere Application Server v6.1 Security Handbook" Redbook.

My question is:
Once Websphere has a session with credentials (userID), how does an application access the userID?

thanks
Shaun
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic