dcsimg
How does client authentication work in WebSphere 4.0?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Boris_Shpungin
Posted On:   Monday, April 8, 2002 07:14 PM

For the last couple of days, I've been digging through WebSphere 4.0 documentation and so far am very frustrated with lack of any concrete information or examples. I install some EJBs that I access from a java client (a "driver" that will eventually sport a GUI.) The EJBs are supposed to have security enforced, so I define a role and create method permissions for that role when I deploy these beans. Looking from the adminclient, I see the deployed beans and my custom role ("ROLE") mapped, currently, to "all authenticated users". I'm guessing that for all of this to work I'd have to enable security, which I did. I'm using iPlanet Directory Server 5.0 as the authentication backend (Netscape directory type   More>>

For the last couple of days, I've been digging through WebSphere 4.0 documentation and so far am very frustrated with lack of any concrete information or examples.


I install some EJBs that I access from a java client (a "driver" that will eventually sport a GUI.) The EJBs are supposed to have security enforced, so I define a role and create method permissions for that role when I deploy these beans. Looking from the adminclient, I see the deployed beans and my custom role ("ROLE") mapped, currently, to "all authenticated users". I'm guessing that for all of this to work I'd have to enable security, which I did. I'm using iPlanet Directory Server 5.0 as the authentication backend (Netscape directory type in the drop list), and I've created a sample user "bjones" in there that I want to authenticate as. Everything seems to work; I can see the list of users and groups being correctly retrieved from the directory by the adminclient console, and I can bind to bjones through iPlanet console as well as from a JNDI test client I wrote that uses Sun's LDAP context factory.


Now the big question is, how does the client app authenticate with the server to have my role "ROLE" assigned to its session?? (e.g. so that EJBContext.isCallerInRole("ROLE") would return true ?) I wondered if the JNDI parameters (SECURITY_PRINCIPAL and SECURITY_CREDENTIALS) would be used for that purpose (so the driver app could login as bjones), but apparently they are irrelevant. No matter what I pass, the client beans report their caller principal as "UNAUTHENTICATED" and isCallerInRole("ROLE") returns false . Of all the examples I could find online, I didn't see even a single one that managed to provide authentication information to WebSphere in the process of looking up or creating a session bean.


I found a lot of examples for security-enabled web apps with their customizable login pages -- but that's not what I need! I just want to initiate a session as a particular user. What do I need to do? If I missed something in the uncharted oceans of WebSphere documentation, could you please point out where I should look? A million thanks!

   <<Less
About | Sitemap | Contact