Extend JAAS for class instance-level authorization: Example for WebSphere Application Server

Return to article

The WebSphere example scenario is similar to the command-line example scenario. Upon startup, the example program prompts for a userid and password. It checks the supplied userid and password with the entries in the users.xml file. After the user is authenticated, the application homepage is displayed. The user has three options: Create profile; Display profile; and Update profile. The application contains only one Profile object, which is stored in memory. The first user that logs in has to create the object before anything else. The user that creates the object is the object owner. By default, any user can create the object, as specified in the policy file.

A typical scenario would be as follows: Jane logs in and creates the Profile object. Jane can display and update the object at this time. Jane logs off and John logs in. John tries to view the Profile object but an "unauthorized" page is displayed. John logs off and the system administrator logs in. The administrator updates the Profile object, making John the owner. John logs back in and successfully displays the Profile object.

Example setup

Start by extracting all the source files for this example to the temp directory. The following setup instructions assume you have WebSphere Application Server, version 4.0.2 installed in your system's D:\WebSphere\AppServer directory. If your installation is different, be sure to change the drive and path accordingly.

1. Copy the jaas.jar and the jaasmod.jar files to WebSphere's JDK jre\lib\ext directory (for example, D:\WebSphere\AppServer\java\jre\lib\ext).
   
   
2. Add the following to the java.security file located in WebSphere's JDK jre\lib\security directory (for example, D:\WebSphere\AppServer\java\jre\lib\security): auth.policy.provider=com.ibm.resource.security.auth.XMLPolicyFile.
   
   
3. Copy the resourceSecurity.jar file to WebSphere's lib directory (for example, D:\WebSphere\AppServer\lib).
   
   
4. Launch the WebSphere Administrator's Console.
   
   
5. From the Console menu, choose Wizards, then Install Enterprise Application.
   
   
6. Select the "Install standalone module (#.war, *.jar)" radio button.
   
   
7. Choose the JaasWasExampleWeb.war file located in the temp directory from which you extract the files in the path field.
   
   
8. Enter an application name (for example, JaasWasExampleWeb).
   
   
9. Enter a context root for Web module (for example, /JaasWasExampleWeb).
   
   
10. Click the Next button until the Finish button is enabled (approximately 10 times). Note that the application is installed in the Default Server.
    
    
11. Click the Finish button. A successful dialog will display when deployment is completed.
    
    
12. Open the JVM Settings of the Default Server by expanding the Nodes tree, expanding machine node name, expanding the Applications Servers node, and selecting the Default Server. Click on the JVM Settings tab, then click the Advanced JVM Settings button. Add the following to the "Boot classpath (prepend)" field:

    ;D:/WebSphere/AppServer/lib/xerces.jar; D:/WebSphere/AppServer/lib/xalan.jar; D:/WebSphere/AppServer/java/jre/lib/ext/jaas.jar; D:/WebSphere/AppServer/java/jre/lib/ext/jaasmod.jar; D:/WebSphere/AppServer/lib/resourceSecurity.jar;

    
    
    
    
13. Click the OK button followed by the Apply button.
    
    
14. Add the system properties displayed below:
    • java.security.manager
    • com.ibm.resource.security.auth.policy: D:\WebSphere\AppServer\installedApps\JaasWasExampleWeb.ear\JaasWasExampleWeb.war\WEB-INF\config\ResourcePolicy.xml
    • java.security.auth.login.config: file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/JaasWasExampleWeb.war/WEB-INF/config/login.conf
15. Click the Apply button to save the changes.
    
    
16. Open your browser window and navigate to the D:\WebSphere\AppServer\installedApps\JaasWasExample.ear\JaasWasExampleWeb.war\WEB-INF\config directory.
    
    
17. Open the login.conf file and make sure the userFile and the groupFile point to the users.xml and the groups.xml in the current directory, D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/config. (Be sure to use a forward slash (/) and not a backward slash (\).)
    
    
18. Open the ResourcePolicy.xml file and make sure the paths specified in the codebase are valid. (for example, file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/lib/controller.jar).
    
    
19. Open the security.policy file and make sure the paths specified in the codebase are valid. (for example, file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/classes/*).
    
    
20. Regenerate the Web server plug-in.
    
    
21. Start the Default Server; be sure that the IBM HTTP Server is also running.
    
    
22. Open a Web browser and enter the following URL: http://localhost/JaasWasExampleWeb/request/home.

Return to article