Hi, I will try to explain to my best.
The reason why I have to keep a DB for app access checks is that we don't use the Groups/Roles functionality of LDAP, no idea why but I had to adhere to the standards.
I didn't know there was this netscape API, I will check it out just in case. Same goes for JAAS. Honestly I have little experience on enterprise environments, I was hired on a "don't worry you'll get it on the go" basis.
Oh, I am not trying to mess with 'j_security_check' calls. What I meant is it has to be named 'j_security_check' for Websphere to see it and know it has to intercept it for LDAP authentication. I wonder if actually Websphere uses JAAS in the backstage, since I saw a few login context exceptions once, when a firewall was messing up the communication with LDAP.
Now, to explain what I did:
Previously this application was not using LDAP, it authenticated users based on a custom DB user/pass, roles were kept in the database too.
My job is to get it to authenticate users with LDAP, user records and role information are still kept in the app DB since we don't use the Groups/Roles functionality of LDAP.
This app is Struts based so I first tried to use a Struts action mapped to 'j_security_check', this failed since the form action must be named exactly 'j_security_check' and that won't do with actions.
So next try was a filter triggered by 'j_security_check' URL, this would do almost the same as the action class the app used previously, check the app DB to see if the userName was registered for the app, if so, grab it and populate session variables with general access and role information which every page in the application verifies when called.
So, when the user was not on the app database, I would simply redirect to the noAccess.jsp page and not even call the LDAP check, if the user was in the app DB but failed the LDAP authentication then Websphere would redirect him to the noAccess.jsp page.
The problem was, if he was in the app DB and also ok LDAP I would have to redirect him to home.jsp, but after calling doFilter to trigger the LDAP check I couldn't issue a redirect anymore.
So what I did was simply change the welcome page for the application to home.jsp, this way upon a successful LDAP authentication (only called if the user was in the app DB) the user would be redirected there.
It was so simple I wanted to
for spending hours trying to fix it in code.
Hope this makes things clear.