Win a copy of React Cookbook: Recipes for Mastering the React Framework this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

LTPA and JAAS

 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could someone please explain what the difference between LTPA authentication mechanism and JAAS custom login is?
 
author
Posts: 3892
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First of all, read the WebSphere 5.0 Security handbook. This explains everything.

Now, the short answer is that you (as a programmer) don't do anything with LTPA -- LTPA is the mechanism that WebSphere uses to validate a user's credentials AFTER they have been authenticated. Authentication in WebSphere happens in a number of ways -- most commonly through one of the mechanisms declared in the web.xml deployment descriptor (form based login, or HTTP basic authentication, for instance).

However, if you need (for some reason) to be able to log from somewhere OTHER than a web application, such as a Java Swing application, then you would use the JAAS LoginModule API in WebSphere to do so.

Kyle
 
Ann Kanu
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Kyle. I will start with the security handbook.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have been searching for what should be a simple answer.
We are about to have an environment with WebSEAL, IBM HTTP Server and WebSphere Application Server.

This will be configured where WebSEAL will:
* determine if a URI requires authentication
* provide the user/password page
* authenticate the user
* create an LTPA token
* pass the token to WAS
* pass protected page back to WebSEAL

This is described in 13.3.3 of the "Websphere Application Server v6.1 Security Handbook" Redbook.

My question is:
Once Websphere has a session with credentials (userID), how does an application access the userID?

thanks
Shaun
 
What a stench! Central nervous system shutting down. Save yourself tiny ad!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic