|
Home > Archive > WebSphere Portal Server > March 2004 > Using SSO to access Lotus domino databases ....
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Using SSO to access Lotus domino databases ....
|
|
| Lee Francis Wilhelmsen 2004-03-24, 5:19 pm |
| Hi
I'm pretty new to WebSphere Portal, Portlets and WebSphere Application
Server, but I need to access domino databases from a portlet. Looking at the
java API for accessing Lotus Domino you use a NotesFactory.createSession
with a given LtpaToken string object. This token comes from WebSphere
Application Server so I guess this means that I need to get hold of a valid
LtpaToken string object that corresponds to the portlet users credentials.
From the few examples that I have been able to find regarding use of
LtpaToken they all seem to assume that the user first sets his
username/password in the portlet's user data in edit mode. This is then
saved to the Credential Vault using some id (?) and then is recalled when a
backed connection is needed (not sure I understood it all clearly). However,
I thought the point of SSO was that the portal server used the user's given
username/password (maybe authenticating using a known LDAP directory server
running on domino) to also access the backend system? Am I missing the
point?
Just how do you get a LtpaToken string object from portal server's the
user's credentials (when the user has already signed into the portal)?
Would appreciate it if anyone could point me in the direction of more valid
information or a simple example.
Regards
Lee Francis
--
In theory, there is no difference between theory and practice. But, in
practice, there is.
-- Jan L.A. van de Snepscheut
| |
|
| Actually, if you have SSO configured correctly for WAS and Domino and your
WP installed properly on WAS, the LtpaToken is right in the Cookie array.
Something like this should let you retrieve the LtpaToken after the user has
logged in:
String ltpaToken = null;
Cookie[] cookies = portletRequest.getCookies();
for (i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("LtpaToken")) {
ltpaToken = cookies[i].getValue();
break;
}
}
Once you have the LtpaToken, you can access your Notes databases on Domino
server using NotesFactory.createSession(), or you can use LtpaToken in
HttpURLConnection to retrieve data through HTTP.
This should give you some more ideas:
http://www-306.ibm.com/software/gen.../wpsadvdev.html
LTH.
"Lee Francis Wilhelmsen" <leefw@start.no.nospam> wrote in message
news:c3sno8$61tm$1@news.boulder.ibm.com...
> Hi
>
> I'm pretty new to WebSphere Portal, Portlets and WebSphere Application
> Server, but I need to access domino databases from a portlet. Looking at
the
> Java API for accessing Lotus Domino you use a NotesFactory.createSession
> with a given LtpaToken string object. This token comes from WebSphere
> Application Server so I guess this means that I need to get hold of a
valid
> LtpaToken string object that corresponds to the portlet users credentials.
>
> From the few examples that I have been able to find regarding use of
> LtpaToken they all seem to assume that the user first sets his
> username/password in the portlet's user data in edit mode. This is then
> saved to the Credential Vault using some id (?) and then is recalled when
a
> backed connection is needed (not sure I understood it all clearly).
However,
> I thought the point of SSO was that the portal server used the user's
given
> username/password (maybe authenticating using a known LDAP directory
server
> running on domino) to also access the backend system? Am I missing the
> point?
>
> Just how do you get a LtpaToken string object from portal server's the
> user's credentials (when the user has already signed into the portal)?
>
> Would appreciate it if anyone could point me in the direction of more
valid
> information or a simple example.
>
> Regards
> Lee Francis
>
> --
> In theory, there is no difference between theory and practice. But, in
> practice, there is.
> -- Jan L.A. van de Snepscheut
>
>
| |
| Lee Francis Wilhelmsen 2004-03-25, 4:39 am |
| Thankyou for your response!
I have tried to execute code like this before, but only from within my local
portal test environment. My local portal test environment server isn't
configured to use SSO so I never got the LptaToken cookie so I guess this
means that I can only test this in a production environment or at least an
environment with SSO configured.
Is there a simple way to configure the test environment to use SSO with
domino or does this complicate things too much?
Is this the preferred way to access the domino backend from websphere or is
this a hack?
Just what is the com.ibm.wps.sso.LTPATokenCredential class used for?
Hope someone can answer...
regards
Lee Francis
"LTH" <web_dom@yahoo.com> wrote in message
news:c3sv3f$2qu0$1@news.boulder.ibm.com...
> Actually, if you have SSO configured correctly for WAS and Domino and your
> WP installed properly on WAS, the LtpaToken is right in the Cookie array.
>
> Something like this should let you retrieve the LtpaToken after the user
has
> logged in:
>
> String ltpaToken = null;
> Cookie[] cookies = portletRequest.getCookies();
> for (i = 0; i < cookies.length; i++) {
> if (cookies[i].getName().equals("LtpaToken")) {
> ltpaToken = cookies[i].getValue();
> break;
> }
> }
>
> Once you have the LtpaToken, you can access your Notes databases on Domino
> server using NotesFactory.createSession(), or you can use LtpaToken in
> HttpURLConnection to retrieve data through HTTP.
>
> This should give you some more ideas:
>
>
http://www-306.ibm.com/software/gen.../wpsadvdev.html
>
> LTH.
>
>
> "Lee Francis Wilhelmsen" <leefw@start.no.nospam> wrote in message
> news:c3sno8$61tm$1@news.boulder.ibm.com...
> the
> valid
credentials.[color=darkred]
when[color=darkred]
> a
> However,
> given
> server
> valid
>
>
| |
|
|
"Lee Francis Wilhelmsen" <leefw@start.no.n-o-s-p-a-m> wrote in message
news:c3u6fn$ame4$1@news.boulder.ibm.com...
> Thankyou for your response!
>
> I have tried to execute code like this before, but only from within my
local
> portal test environment. My local portal test environment server isn't
> configured to use SSO so I never got the LptaToken cookie so I guess this
> means that I can only test this in a production environment or at least an
> environment with SSO configured.
If you excute those codes locally on your machine without SSO configured,
then it won't work. If you still want to run those codes on your local
machine, you have to install Domino server. Your workstation or laptop must
have enough RAM to handle all this!
> Is there a simple way to configure the test environment to use SSO with
> domino or does this complicate things too much?
I haven't tried to configure the Test Environment to use SSO so I don't know
if it's possible at all. However, you can configure your local machine to
access Domino server remotely. Before going too far into configuring your
system, you need to decide how your production environment is going to be.
There are two different configurations:
1) WAS, WP and Domino+Domino LDAP on the same server (1 server, all
workload is on one server).
If you choose this option, you will not be able to test your
codes using Test Environment unless you have Domino server installed.
We have this configuration and it works fine!
2) WAS and WP are on one server, and Domino+Domino LDAP on another
server
(2 servers, less workload for each server, but more traffic over
the network).
If you choose this option, you might be able to configure your
Test Environment to access Domino server remotely.
Look for this "Domino and WebSphere Together" Redbook (2nd Edition) on
IBM.com, it's a bit old but it has plenty of information on how WebSphere
works with Domino.
>
> Is this the preferred way to access the domino backend from websphere or
is
> this a hack?
Yeah, these are the ways to access Domino dbs.
Good luck!
LTH.
>
> Just what is the com.ibm.wps.sso.LTPATokenCredential class used for?
>
> Hope someone can answer...
>
> regards
> Lee Francis
>
> "LTH" <web_dom@yahoo.com> wrote in message
> news:c3sv3f$2qu0$1@news.boulder.ibm.com...
your[color=darkred]
array.[color=darkred]
> has
Domino[color=darkred]
>
http://www-306.ibm.com/software/gen.../wpsadvdev.html
at[color=darkred]
NotesFactory.createSession[color=darkred]
> credentials.
then[color=darkred]
> when
>
>
| |
| vijayprabhu 2004-03-26, 11:05 am |
| HI Lee,
u can get it from the Cookie object using normal servlet/jsp code..
i dont remember the exaact code for that. but try to iterate the cookies and can easily get the LTPA Toke from it.
Rgds,
Vijay
| |
| Michael Yashin 2004-03-29, 4:38 am |
| Hi,
There is a correct way to retrieve LTPA token from Portal.
-----------------------------------
/*
(c) Copyright IBM Corp. 2003 All rights reserved.
This sample program is owned by International Business Machines
Corporation or
one of its subsidiaries ("IBM") and is copyrighted and licensed, not
sold.
You may copy, modify, and distribute this sample program in any form
without
payment to IBM, for any purpose including developing, using, marketing
or
distributing programs that include or are derivative works of the
sample program.
The sample program is provided to you on an "AS IS" basis, without
warranty of
any kind. IBM HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Some jurisdictions do not allow for the exclusion or
limitation of
implied warranties, so the above limitations or exclusions may not
apply to you.
IBM shall not be liable for any damages you suffer as a result of
using, modifying
or distributing the sample program or its derivatives.
Each copy of any portion of this sample program or any derivative
work, must
include the above copyright notice and disclaimer of warranty.
*/
package credentialexamples;
import java.io.*;
import org.apache.jetspeed.portlet.*;
import org.apache.jetspeed.portlet.event.*;
import com.ibm.wps.portletservice.credentialvault.*;
import com.ibm.wps.sso.LTPATokenCredential;
import java.util.*;
import java.net.*;
import javax.security.auth.Subject;
public class CredentialExamplesPortlet extends PortletAdapter {
private CredentialVaultService vaultService;
public void initConcrete(PortletSettings settings) throws
UnavailableException {
super.initConcrete(settings);
try {
vaultService = (CredentialVaultService)
getPortletConfig().getContext().getService(CredentialVaultService.class);
} catch (Exception e) {
return;
}
}
public void init(PortletConfig portletConfig) throws
UnavailableException {
super.init(portletConfig);
}
public void doView(PortletRequest request, PortletResponse response)
throws PortletException, IOException {
try {
Subject subject = vaultService.getUserSubject(request);
System.out.println(subject.toString());
Object[] temp = subject. getPrivateCredentials(LTPATokenCredentia
l.class).toArray();
LTPATokenCredential ltpaToken = (LTPATokenCredential) temp[0];
System.out.println("LTPAToken: " + ltpaToken.getTokenString());
// Create the LTPA Cookie in the Header
String cookie = "LtpaToken=" + ltpaToken.getTokenString();
// Create the URL to a protected URL and get a URLConnection
URL url = new URL("http://dtscdoug.dfw.ibm.com/snoop");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
// Set the LTPA token Cookie
con.setRequestProperty("cookie", cookie);
// Connect
con.connect();
BufferedReader br = new BufferedReader(new
InputStreamReader(con.getInputStream()));
String line = "";
while (line != null) {
line = br.readLine();
response.getWriter().println(line);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
-----------------------------------
Regards,
Michael Yashin
|
|
|
|
|