Migrating Common Object Request Broker Architecture programmatic login to Java Authentication and Authorization Service (CORBA and JAAS)
Use this topic as an example of how to perform programmatic login using the CORBA-based programmatic login APIs.
Before you begin
This document outlines the deprecated Common Object Request Broker Architecture (CORBA) programmatic login APIs and the alternatives that are provided by JAAS. WebSphere® Application Server fully supports the Java™ Authentication and Authorization Service (JAAS) as programmatic login application programming interfaces (API). See Configuring programmatic logins for Java Authentication and Authorization Service and Developing programmatic logins with the Java Authentication and Authorization Service for more details on JAAS support.
Common Object Request Broker Architecture (CORBA) application programming interfaces (API) are not supported in the WebSphere Application Server for z/OS® environment. If you have an application that you are porting from another WebSphere Application Server product to WebSphere Application Server for z/OS you must be aware that the security APIs that are deprecated in Version 6.0.x. If you want to use these applications on WebSphere Application Server for z/OS Version 8.0, you must migrate to Java Authentication and Authorization Service (JAAS).
- ${user.install.root}/installedApps/sampleApp.ear/default_app.war/WEB-INF/classes/LoginHelper.java.
- ${user.install.root}/installedApps/sampleApp.ear/default_app.war/WEB-INF/classes/ServerSideAuthenticator.java.
- profile_root/installedApps/sampleApp.ear/default_app.war/WEB-INF/classes/ServerSideAuthenticator.java.
- org.omg.SecurityLevel2.Credentials. This API is included with the product, but it is not recommended that you use the API.
The APIs that are provided in WebSphere Application Server are a combination of standard JAAS APIs and a product implementation of standard JAAS interfaces.
The supported APIs that are provided in WebSphere Application Server for z/OS are a combination of standard JAAS APIs and a product implementation of standard JAAS interfaces with some minor extension.
The following information is only a summary; refer to the JAAS documentation for your platform located at: https://www.ibm.com/developerworks/java/jdk/security/ .
- Programmatic login APIs:
- javax.security.auth.login.LoginContext
- javax.security.auth.callback.CallbackHandler interface: The WebSphere Application Server product provides
the following implementation of the javax.security.auth.callback.CallbackHandler
interface:
- com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl
- Provides a non-prompt CallbackHandler handler when the application pushes basic authentication data (user ID, password, and security realm) or token data to product login modules. This API is recommended for server-side login.
- com.ibm.websphere.security.auth.callback.WSGUICallbackHandlerImpl
- Provides a login prompt CallbackHandler handler to gather basic authentication data (user ID,
password, and security realm). This API is recommended for client-side login.
If this API is used on the server side, the server is blocked for input.
- com.ibm.websphere.security.auth.callback.WSStdinCallbackHandlerImpl
- Provides a stdin login prompt CallbackHandler handler to gather
basic authentication data (user ID, password, and security realm).
This API is recommended for client-side login.Note: If this API is used on the server side, the server is blocked for input.
- javax.security.auth.callback.Callback interface:
- javax.security.auth.callback.NameCallback
- Provided by JAAS to pass the user name to the LoginModules interface.
- javax.security.auth.callback.PasswordCallback
- Provided by JAAS to pass the password to the LoginModules interface.
- com.ibm.websphere.security.auth.callback.WSCredTokenCallbackImpl
- Provided by the product to perform a token-based login. With this API, an application can pass a token-byte array to the LoginModules interface.
- javax.security.auth.spi.LoginModule interfaceWebSphere Application Server provides a LoginModules implementation for client and server-side login. Refer to Configuring programmatic logins for Java Authentication and Authorization Service for details.
- javax.security.Subject:
- com.ibm.websphere.security.auth.WSSubject
- An extension provided by the product to invoke remote J2EE resources using the credentials in the javax.security.Subject
- com.ibm.websphere.security.auth.WSSubject
- An extension provided by the product to invoke remote J2EE resources
using the credentials in the javax.security.Subject
An application must invoke the WSSubject.doAs method for J2EE resources access using the subject that is generated by an explicit invocation of a WebSphere Application Server login module.
- com.ibm.websphere.security.cred.WSCredential
- After a successful JAAS login with the WebSphere Application Server LoginModules interfaces, a com.ibm.websphere.security.cred.WSCredential credential is created and stored in the Subject.
- com.ibm.websphere.security.auth.WSPrincipal
- An authenticated principal that is created and stored in a Subject that is authenticated by the WebSphere Application Server LoginModules interface.