Use this topic as an example of how to perform programmatic login using the CORBA-based programmatic login APIs.
Common Object Request Broker Architecture (CORBA) application programming interfaces (API) are not supported in the WebSphere Application Server for z/OS environment. If you have an application that you are porting from another WebSphere Application Server product to WebSphere Application Server for z/OS you must be aware that the security APIs that are deprecated in Version 6.0.x. If you want to use these applications on WebSphere Application Server for z/OS Version 6.0.x, you must migrate to Java Authentication and Authorization Service (JAAS).
The APIs that are provided in WebSphere Application Server are a combination of standard JAAS APIs and a product implementation of standard JAAS interfaces.
The supported APIs that are provided in WebSphere Application Server for z/OS are a combination of standard JAAS APIs and a product implementation of standard JAAS interfaces with some minor extension.
The following information is only a summary; refer to the JAAS documentation for your platform located at: http://www.ibm.com/developerworks/java/jdk/security/ .
WebSphere Application Server provides a LoginModules implementation for client and server-side login. Refer to Configuring programmatic logins for Java Authentication and Authorization Service for details.
An application must invoke the WSSubject.doAs method for J2EE resources access using the subject that is generated by an explicit invocation of a WebSphere Application Server login module.
The following example assumes that the application code is granted for the required Java 2 security permissions. For more information, see Configuring programmatic logins for Java Authentication and Authorization Service, Protecting system resources and APIs (Java 2 security), and the JAAS documentation located at http://www.ibm.com/developerworks/java/jdk/security/.
public class TestClient { ... private void performLogin() { // Create a new JAAS LoginContext. javax.security.auth.login.LoginContext lc = null; try { // Use GUI prompt to gather the BasicAuth data. lc = new javax.security.auth.login.LoginContext("WSLogin", new com.ibm.websphere.security.auth.callback.WSGUICallbackHandlerImpl()); // create a LoginContext and specify a CallbackHandler implementation // CallbackHandler implementation determine how authentication data is collected // in this case, the authentication date is collected by login prompt // and pass to the authentication mechanism implemented by the LoginModule. } catch (javax.security.auth.login.LoginException e) { System.err.println("ERROR: failed to instantiate a LoginContext and the exception: " + e.getMessage()); e.printStackTrace(); // may be javax.security.auth.AuthPermission "createLoginContext" is not granted // to the application, or the JAAS Login Configuration is not defined. } if (lc != null) try { lc.login(); // perform login javax.security.auth.Subject s = lc.getSubject(); // get the authenticated subject // Invoke a J2EE resources using the authenticated subject com.ibm.websphere.security.auth.WSSubject.doAs(s, new java.security.PrivilegedAction() { public Object run() { try { bankAccount.deposit(100.00); // where bankAccount is an protected EJB } catch (Exception e) { System.out.println("ERROR: error while accessing EJB resource, exception: " + e.getMessage()); e.printStackTrace(); } return null; } } ); // Retrieve the name of the principal from the Subject // so we can tell the user that login succeeded, // should only be one WSPrincipal. java.util.Set ps = s.getPrincipals(com.ibm.websphere.security.auth.WSPrincipal.class); java.util.Iterator it = ps.iterator(); while (it.hasNext()) { com.ibm.websphere.security.auth.WSPrincipal p = (com.ibm.websphere.security.auth.WSPrincipal) it.next(); System.out.println("Principal: " + p.getName()); } } catch (javax.security.auth.login.LoginException e) { System.err.println("ERROR: login failed with exception: " + e.getMessage()); e.printStackTrace(); // login failed, might want to provide relogin logic } } ... }
In this information ... | IBM Redbooks, demos, education, and more(Index) |