JAAS and J2EE Security - Websphere

This is a discussion on JAAS and J2EE Security - Websphere ; I have a Application1(Use J2ee Security for autentication and autorization) running in WAS1(Enabled Global Security is ok), the application running ok, but need execute a WebServices1 running in WAS2(other host) and for execute WebServices1 is necesary send user1/password1 in SOAP ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: JAAS and J2EE Security

  1. JAAS and J2EE Security

    I have a Application1(Use J2ee Security for autentication and autorization) running in WAS1(Enabled Global Security is ok), the application running ok, but need execute a WebServices1 running in WAS2(other host) and for execute WebServices1 is necesary send user1/password1 in SOAP message...but user1/password1 is same when i login in Application1, my question is ...how i catch user1/password1 in Application1 and send(after,when i execute) a WebServices.



    I develop a JAAS module for Authentication in WebServices1 and put in WAS1 i running ok...but i don't now how send user1/password1 when execute in Application1...Help Me....

  2. Re: JAAS and J2EE Security

    i atached integration architecture

  3. Re: JAAS and J2EE Security

    Oscar Vasquez Flores wrote:
    > I have a Application1(Use J2ee Security for autentication and autorization) running in WAS1(Enabled Global Security is ok), the application running ok, but need execute a WebServices1 running in WAS2(other host) and for execute WebServices1 is necesary send user1/password1 in SOAP message...but user1/password1 is same when i login in Application1, my question is ...how i catch user1/password1 in Application1 and send(after,when i execute) a WebServices.
    >
    >
    >
    > I develop a JAAS module for Authentication in WebServices1 and put in WAS1 i running ok...but i don't now how send user1/password1 when execute in Application1...Help Me....


    If you have a custom JAAS login module it should be able to get the
    userid and password from the callback handlers. Not that I would
    necessarily recommend this approach. Why don't you use an LTPA token to
    propagate identity to the downstream WAS ?

  4. Re: JAAS and J2EE Security

    On Jun 24, 1:41*pm, Paul Ilechko wrote:
    > Oscar Vasquez Flores wrote:
    > > I have a Application1(Use J2ee Security for autentication and autorization) running in WAS1(Enabled Global Security is ok), the application running ok, but need execute a WebServices1 running in WAS2(other host) and for execute WebServices1 is necesary send user1/password1 in SOAP message...but user1/password1 is same when i login in Application1, my question is ...howi catch user1/password1 in Application1 and send(after,when i execute) a WebServices.

    >
    > > I develop a JAAS module for Authentication in WebServices1 and put in WAS1 i running ok...but i don't now how send user1/password1 when execute inApplication1...Help Me....

    >
    > If you have a custom JAAS login module it should be able to get the
    > userid and password from the callback handlers. Not that I would
    > necessarily recommend this approach. Why don't you use an LTPA token to
    > propagate identity to the downstream WAS ?


    You could get the userid/password from the application1 context, but
    as Paul says you might want to reconsider this option. How did you
    planned to send this info within the soap message: encrypted? or
    clear?
    For using ltpa tokens you will need to have same tokens on both
    servers, same procedure used when you want to implement sso.

+ Reply to Thread