Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Extend JAAS for class instance-level authorization: Example for WebSphere Application Server

Return to article

The WebSphere example scenario is similar to the command-line example scenario. Upon startup, the example program prompts for a userid and password. It checks the supplied userid and password with the entries in the users.xml file. After the user is authenticated, the application homepage is displayed. The user has three options: Create profile; Display profile; and Update profile. The application contains only one Profile object, which is stored in memory. The first user that logs in has to create the object before anything else. The user that creates the object is the object owner. By default, any user can create the object, as specified in the policy file.

A typical scenario would be as follows: Jane logs in and creates the Profile object. Jane can display and update the object at this time. Jane logs off and John logs in. John tries to view the Profile object but an "unauthorized" page is displayed. John logs off and the system administrator logs in. The administrator updates the Profile object, making John the owner. John logs back in and successfully displays the Profile object.

Example setup

Start by extracting all the source files for this example to the temp directory. The following setup instructions assume you have WebSphere Application Server, version 4.0.2 installed in your system's D:\WebSphere\AppServer directory. If your installation is different, be sure to change the drive and path accordingly.

  1. Copy the jaas.jar and the jaasmod.jar files to WebSphere's JDK jre\lib\ext directory (for example, D:\WebSphere\AppServer\java\jre\lib\ext).

  2. Add the following to the java.security file located in WebSphere's JDK jre\lib\security directory (for example, D:\WebSphere\AppServer\java\jre\lib\security): auth.policy.provider=com.ibm.resource.security.auth.XMLPolicyFile.

  3. Copy the resourceSecurity.jar file to WebSphere's lib directory (for example, D:\WebSphere\AppServer\lib).

  4. Launch the WebSphere Administrator's Console.

  5. From the Console menu, choose Wizards, then Install Enterprise Application.

  6. Select the "Install standalone module (#.war, *.jar)" radio button.

  7. Choose the JaasWasExampleWeb.war file located in the temp directory from which you extract the files in the path field.

  8. Enter an application name (for example, JaasWasExampleWeb).

  9. Enter a context root for Web module (for example, /JaasWasExampleWeb).

  10. Click the Next button until the Finish button is enabled (approximately 10 times). Note that the application is installed in the Default Server.

  11. Click the Finish button. A successful dialog will display when deployment is completed.

  12. Open the JVM Settings of the Default Server by expanding the Nodes tree, expanding machine node name, expanding the Applications Servers node, and selecting the Default Server. Click on the JVM Settings tab, then click the Advanced JVM Settings button. Add the following to the "Boot classpath (prepend)" field: 
    ;D:/WebSphere/AppServer/lib/xerces.jar;
D:/WebSphere/AppServer/lib/xalan.jar;
D:/WebSphere/AppServer/java/jre/lib/ext/jaas.jar;
D:/WebSphere/AppServer/java/jre/lib/ext/jaasmod.jar;
D:/WebSphere/AppServer/lib/resourceSecurity.jar;



  13. Click the OK button followed by the Apply button.

  14. Add the system properties displayed below:
    • java.security.manager
    • com.ibm.resource.security.auth.policy: D:\WebSphere\AppServer\installedApps\JaasWasExampleWeb.ear\JaasWasExampleWeb.war\WEB-INF\config\ResourcePolicy.xml
    • java.security.auth.login.config: file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/JaasWasExampleWeb.war/WEB-INF/config/login.conf
  15. Click the Apply button to save the changes.

  16. Open your browser window and navigate to the D:\WebSphere\AppServer\installedApps\JaasWasExample.ear\JaasWasExampleWeb.war\WEB-INF\config directory.

  17. Open the login.conf file and make sure the userFile and the groupFile point to the users.xml and the groups.xml in the current directory, D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/config. (Be sure to use a forward slash (/) and not a backward slash (\).)

  18. Open the ResourcePolicy.xml file and make sure the paths specified in the codebase are valid. (for example, file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/lib/controller.jar).

  19. Open the security.policy file and make sure the paths specified in the codebase are valid. (for example, file:/D:/WebSphere/AppServer/installedApps/JaasWasExampleWeb.ear/ JaasWasExampleWeb.war/WEB-INF/classes/*).

  20. Regenerate the Web server plug-in.

  21. Start the Default Server; be sure that the IBM HTTP Server is also running.

  22. Open a Web browser and enter the following URL: http://localhost/JaasWasExampleWeb/request/home.

Return to article

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]