Now, the short answer is that you (as a programmer) don't do anything with LTPA -- LTPA is the mechanism that WebSphere uses to validate a user's credentials AFTER they have been authenticated. Authentication in WebSphere happens in a number of ways -- most commonly through one of the mechanisms declared in the web.xml deployment descriptor (form based login, or HTTP basic authentication, for instance).
However, if you need (for some reason) to be able to log from somewhere OTHER than a web application, such as a Java Swing application, then you would use the JAAS LoginModule API in WebSphere to do so.
I have been searching for what should be a simple answer.
We are about to have an environment with WebSEAL, IBM HTTP Server and WebSphere Application Server.
This will be configured where WebSEAL will:
* determine if a URI requires authentication
* provide the user/password page
* authenticate the user
* create an LTPA token
* pass the token to WAS
* pass protected page back to WebSEAL
This is described in 13.3.3 of the "Websphere Application Server v6.1 Security Handbook" Redbook.
My question is:
Once Websphere has a session with credentials (userID), how does an application access the userID?
What a stench! Central nervous system shutting down. Save yourself tiny ad!