WebSphere Application Server - Custom JAAS Login Module and bypassing WS Login Modules

This is Interesting: Free IT Magazines  
Home > Archive > WebSphere Application Server > April 2006 > Custom JAAS Login Module and bypassing WS Login Modules





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Custom JAAS Login Module and bypassing WS Login Modules

2006-04-27, 8:08 am

I have created a custom login module, for a web application, and added it to WEB_INBOUND. I configured it to be called first and set the Authentication strategy to SUFFICIENT. I can see in the logs that my login module is being called and that the Princ
ipals are set but then I get

source=com.ibm.ws.security.web.FormLoginExtensionProcessor org=IBM prod=WebSphere component=Application Server thread=[WebContainer : 2]
SECJ0118E: Authentication error during authentication for user test

Will configuring the login module as mentioned above bypass the WS login modules?

Because I want to by pass the WS login modules do I have to use any WS classes in my login module? I am just implementing LoginModule and Principal becuase I want to use it in other app servers like Tomcat and WebLogic etc.

Thanks
Paul Ilechko

2006-04-27, 8:08 am

tilitzky@hotmail.com wrote:
> I have created a custom login module, for a web application, and
> added it to WEB_INBOUND. I configured it to be called first and set
> the Authentication strategy to SUFFICIENT. I can see in the logs
> that my login module is being called and that the Principals are set
> but then I get
>
> source=com.ibm.ws.security.web.FormLoginExtensionProcessor org=IBM
> prod=WebSphere component=Application Server thread=[WebContainer : 2]
> SECJ0118E: Authentication error during authentication for user test
>
> Will configuring the login module as mentioned above bypass the WS
> login modules?

Yes

> Because I want to by pass the WS login modules do I have to use any
> WS classes in my login module? I am just implementing LoginModule
> and Principal becuase I want to use it in other app servers like
> Tomcat and WebLogic etc.

Bypassing the WAS login modules is a really bad idea. If you do, then
you will not be authenticated to WAS, and SSO won't work so you'll have
to re-authenticate every time you come to the server.

Read this paper to understand how WAS security works:

http://www-128.ibm.com/developerwor...8_benantar.html
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com