How to pass WebSEAL security context from JSP/Servlet to EJB
Question
I have JSP with calling to my Session Bean, I've implemented this via JNDI InitialContext(). Session Bean class is having a @RolesAllowed annotation with one defined user. I want to restrict users who can call methods of this bean.
Application Sever connected to TAM/WebSEAL via junction. So I can see that authenticated users have defined "iv-user", "iv-groups", "iv-creds" http request header values, unauthenticated - don't. But then I trying to call any of bean methods I've got a Security Exception like trying to access as unauthenticated user. Moreover, I don't see userPrincipal when at the response of request.getUserPrincipal()
How to pass security context from WebSEAL / Tivoli Access Manager into EJB and use it for JAAS annotations?
1 answers
solution1
0 ACCPTED 2011-10-20 16:03:18
I've found one solution:
1. Switch WebSphere to use a Standalone LDAP registry, set link as Trusted (actually it not necessary)
2. Setup LTPA authentication between WAS and WebSEAL
after these JSP should get security context and pass to the called methods.
3. Define security constraints inside target web application.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.