Tivoli Directory Server & WAS Security Authentication - Websphere

This is a discussion on Tivoli Directory Server & WAS Security Authentication - Websphere ; In need some help. I'm trying to develop web-based application (JSP-Servlets-Web Services-EJB) authentication, using Tivoli Directory Server 6.0 (TDS) and Websphere Application Server 6.1 (WAS). Situation: I have already configured the integration of TDS and WAS, and it works fine. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Tivoli Directory Server & WAS Security Authentication

  1. Tivoli Directory Server & WAS Security Authentication

    In need some help. I'm trying to develop web-based application (JSP-Servlets-Web Services-EJB) authentication, using Tivoli Directory Server 6.0 (TDS) and Websphere Application Server 6.1 (WAS).

    Situation:

    I have already configured the integration of TDS and WAS, and it works fine. I tried out a simple example that authenticates with my users in TDS, and accesses protected resources according to the different roles I have mapped out.

    Environment:

    I have a welcome page: index.jsp that fowards to my protected resource (a member welcome JSP). My login page uses Form-Based authentication; j_security_check.

    Problem:

    j_security_check only checks username and password for authentication, and I need to validate an additional field in my TDS (LDAP Tree). Is there anyway I can customize the j_security_check, or extend it so I can do additional validations?

  2. Re: Tivoli Directory Server & WAS Security Authentication

    amelende82@gbm.net wrote:
    > In need some help. I'm trying to develop web-based application
    > (JSP-Servlets-Web Services-EJB) authentication, using Tivoli
    > Directory Server 6.0 (TDS) and Websphere Application Server 6.1
    > (WAS).
    >
    > Situation:
    >
    > I have already configured the integration of TDS and WAS, and it
    > works fine. I tried out a simple example that authenticates with my
    > users in TDS, and accesses protected resources according to the
    > different roles I have mapped out.
    >
    > Environment:
    >
    > I have a welcome page: index.jsp that fowards to my protected
    > resource (a member welcome JSP). My login page uses Form-Based
    > authentication; j_security_check.
    >
    > Problem:
    >
    > j_security_check only checks username and password for
    > authentication, and I need to validate an additional field in my TDS
    > (LDAP Tree). Is there anyway I can customize the j_security_check, or
    > extend it so I can do additional validations?


    Well, you can change the login.jsp to capture additional information
    (I'm not totally sure from your question if you need to do that or not)
    and you could add a servlet filter to j-security-check to verify that
    it's been entered.

    However, the architecturally correct thing to do to extend the
    authentication process is probably to write a custom JAAS login module.

    For WAS you would put it in the web-inbound configuration *before* the
    Websphere modules (ltpa and identity mapping login modules), do your
    validation there, and make probably mark your module as Requisite.

    See:

    http://www.ibm.com/developerworks/we..._benantar.html

  3. Re: Tivoli Directory Server & WAS Security Authentication

    Im really familiar with JAAS, but anyway I solved my problem using a filter. Thankyou for the suggestion, Ill try to read more about JAAS (I have a very tight deadline).

    Thanks,

+ Reply to Thread