|
| I am trying to configure JAAS authentication to get a client application
(using the Websphere thin client configuration) to access protected EJBs
on the server.
I have implemented a CallbackHandler that presents the user with a
dialog to gather the user name and password, and configured the client
to use this CallbackHandler with one of the default websphere jaas login
configurations:
lc = new LoginContext("WSLogin", new CallbackHandlerImpl());
( same result for lc = new LoginContext("ClientContainer", new
CallbackHandlerImpl()); )
when calling
lc.login();
authentication fails because the login module does not pick up the
configured authentication realm - the call to
WSLoginHelperImpl.getDefaultRealmName()
returns <default> instead of picking up the configured LDAP server, so
the exception message is
Cannot create LoginContext. Failed to authenticate <default>/Administrator
I have used the thin client configuration settings analogous to those
that come with the ITSOBank sample, described in redbook IBM WebSphere
5.0 Security (except for not using SSL in my case). The client startup
script is
@setlocal
@set WAS_HOME=C:\WebSphere5\AppServer
@set JAVA_HOME=%WAS_HOME%\java
@set CLASSPATH=%CLASSPATH%;%WAS_HOME%\lib\wss
ec.jar
@set CLASSPATH=%CLASSPATH%;%WAS_HOME%\lib\nam
ingclient.jar
@set CLASSPATH=%CLASSPATH%;%WAS_HOME%\lib\lmp
roxy.jar
@set CLASSPATH=%CLASSPATH%;%WAS_HOME%\lib\sas
.jar
@set CLASSPATH=%CLASSPATH%;%WAS_HOME%\lib\ecu
tils.jar
@set CLASSPATH=%CLASSPATH%;.\properties\
@set CLASSPATH=%CLASSPATH%;dmsClient.jar
@set CLASSPATH=%CLASSPATH%;jfw.jar
@set CLASSPATH=%CLASSPATH%;jcfield401K.jar
@set CLASSPATH=%CLASSPATH%;securityEJB.jar
@set CLASSPATH=%CLASSPATH%;organisationEJB.jar
@set CLASSPATH=%CLASSPATH%;sqlEJB.jar
@set CORBA_CONFIG=-Dcom.ibm.CORBA.ConfigURL=file:properties/sas.client.props
@set
LOGIN_CONFIG=-Djava.security.auth.login.config=file:properties/wsjaas_client.conf
@set
ORB_RAS_MGR=-Dcom.ibm.CORBA.RasManager=com.ibm.websphere.ras.WsOrbRasManager
"%JAVA_HOME%\bin\java" -cp %CLASSPATH% %CORBA_CONFIG% %LOGIN_CONFIG%
%ORB_RAS_MGR% -Dinitialiser.class=nzpost.dms.config.DMSInitialiser
-Ddms.home=C:/WebSphere5 -Ddms.host=localhost -Ddms.port=2809
nzpost.dms.presentation.client.DMSApplication %*
@endlocal
The sas.client.props file contains:
com.ibm.CORBA.securityEnabled=true
com.ibm.CSI.protocol=both
com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
com.ibm.CORBA.authenticationRetryCount=3
com.ibm.CORBA.validateBasicAuth=true
com.ibm.CORBA.securityServerHost=localhost
com.ibm.CORBA.securityServerPort=2809
com.ibm.CORBA.loginTimeout=300
com.ibm.CORBA.loginSource=prompt
# RMI/IIOP user identity
com.ibm.CORBA.loginUserid=
com.ibm.CORBA.loginPassword=
com.ibm.CORBA.principalName=
the wsjaas_client.config is the default that comes with the WebSphere
client:
ClientContainer {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required
delegate=com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy
required delegate=com.ibm.ws.security.common.auth.module.WSLoginModuleImpl;
};
I can't find anything in the WebSphere documentation that would indicate
what I am missing in my configuration - I can't determine why the
client is not picking up the realm name from the server. If someone
could help that would be much appreciated.
|
|