I have Websphere Application Server version 7.0, running on Windows.
I created a JAAS Login Module that implements the javax.security.auth.spi.LoginModule interface and created a data source that uses this login module (under Mapping-Configuration alias). Since this data source should get the credentials for the connection from the login module, there are no authentication alias configured on the data source.
I want to use this data source on my application, but my application uses direct JNDI lookup for the data source. According to this article, when using direct JNDI lookup, websphere creates a default resource-reference that is configured with res-auth=application. Since the res-auth is application my login module is never invoked, but I get a logon denied error because the "Component-Managed Authentication Alias" is empty.
I tried to create a resource reference manually with res-auth=Container but it didn't help.
Is there any way to change the default res-auth to be Container?
Is there any way to make a login module work when the res-auth is set to Application?
Thanks.
Go to your datasource >> security settings >> select your jaas login module for both Component-managed authentication alias & Container-managed authentication alias
Regards,
u can change res-auth in web.xml file to container, so it will use container managed authenication alias.
Related
I made a new Spring Boot project using the Spring Initializr. I'm building an On-premise backend so what I'm trying to achieve is that when the user opens the jar executable and the server starts, he should be able to configure the database connection by going to localhost:8080/ in his web browser. Basically the index.html will have a form with 4 fields for IP Address, Database Name, UserName and Password. When the form is submitted spring will try to connect to the database with the provided information.
I have all my entities, repositories and controllers but currently the only way i can connect to a database is with the application.properties file, but since the user wont have access to the source, there should be a way for him to configure his database.
Thanks for your time!
I would suggest to use the Spring cloud Config server to store database related properties which is capable of picking up configuration at run time. Although it is typically configured with a Git repository, you can store them locally as pointed out in this thread.
I am working on WebSphere migration. I have an application which is deployed on the WebSphere application server
as it Seems. The application needs some of the class files.
These classes are loaded using com.ibm.websphere.runtime.CustomService
As I do not have access to the WebSphere Admin Console. is there any configuration file in which CustomService config settings are stored?
I tried creating one as documented here https://www.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.iseries.doc/ae/trun_customservice.html and the configuration seems to be stored in server.xml of the server where the custom service is defined.
I am using WebSphere v8.5 and in the administration console, and the Security Settings in the Data Sources section allow me to set my mapping-configuration alias to either ClientContainer or WSLogin. What is the difference between these two settings?
I am able to connect and my project appears to work regardless of which setting I choose. Can someone please explain when is one setting chosen over the other?
Each one in the list is a Java Authentication and Authorization Service (JAAS) configuration, which in turn contains an IBM-implementation of the JAAS Login Module.
According to the reference page, Login configuration for Java Authentication and Authorization Service:
The WSLogin module defines a login configuration and the LoginModule implementation that can be used by applications in general.
The ClientContainer module defines a login configuration and the LoginModule implementation that is similar to the WSLogin module, but enforces the requirements of the WebSphere Application Server client container.
The DefaultPrincipalMapping module defines a special LoginModule that is typically used by Java 2 Connector to map an authenticated WebSphere Application Server user identity to a set of user authentication data (user ID and password) for the specified back-end enterprise information system (EIS).
So for general use, you can use the WSLogin module. When you use a Java EE client, use the ClientContainer module. And when using Java 2 Connectors, use the DefaultPrincipalMapping module.
Check this link for a bit more information Configuration entry settings for Java Authentication and Authorization Service
In general, for any server resources like Datasources, queue connection factories etc, you should use DefaultPrincipalMapping.
ClientContainer alias is more dedicated to external applications running in the client container that will connect to WAS, and WSLogin is more appropriate for apps running on the server that would like to customize authentication process.
we are providing facility to customer to configure ldap server runtime. But when i modify provider server url used in constructor of context source, the application crashes. Is there any way to change ldap server url at runtime? for LdapAuthenticationProvider.
If this is a case where you are changing the provider because one may be down for some reason, you should set up multiple authentication providers (security:authentication-provider) in your spring-security config file. Spring-security will start at the top of the list & keep trying until it finds one that works. That way you can leave this setup & not have a need to redeploy your code.
In an enterprise java project that uses spring security, what are the ways to keep some private keys secure at the application server such as weblogic?
If you store the credentials in a property file.
You could change the permission on the configuration files after they have been deployed.
For example you can give readonly access to the application server user, such that nobody else can read the credentials.