cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JAAS Conformity

Go to solution
Former Member

on ‎12-06-2005 12:57 PM

0 Kudos

Hello,

we are migrating an J2EE Application from JBoss (via WEB AS 6.20) to WEB AS 6.40.

In Web AS 6.20 our JAAS login module works, i.e. users

are requested to fill out a jsp-based form login page,

whenever a restricted area is accessed.

The JBoss Login module then checks user and password, subsequently the roles are read from a JDBC-connected Database and added to the principal.

(e.g.: http://www.theserverside.com/articles/content/Pramati-JAAS/interaction.gif )

In Web AS 6.40 this does not work anymore, because all Principals seem to be checked against the defined SAP UserStore.

This behavior results in an error for any username, which is not defined in SAP's UME.

My Question here:

Is there any other way except writing a custom userstore to allow non-SAP-users to logon to a J2EE-security-restricted application? Can Roles be assigned to a principal in a way, that the Web AS will not double-check with the internal user store?

Any help would be greatly appreciated.

Regards,

Wolff Holtmann

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-07-2005 4:14 AM
0 Kudos

Hi,

WebAS provides the option of DBMS user store as well. refer the link.

http://help.sap.com/saphelp_nw04s/helpdata/en/4d/11440415ca6a4688aedd3c2eaa8ead/content.htm

>> Is there any other way except writing a custom userstore to allow non-SAP-users to logon to a J2EE-security-restricted application?

You create your own user store using Visual Administrator, but i have no idea of the comlpexities involved.

>> Can Roles be assigned to a principal in a way, that the Web AS will not double-check with the internal user store?

you have a java policy file located at "usr\sap\J2E\JC00\j2ee\cluster\server0" where you can Roles to a principal.

Regards,

S.Divakar

Show replies
Show replies
Former Member
‎12-08-2005 9:57 AM
0 Kudos

Divakar,

[...]

> WebAS provides the option of DBMS user store as

> as well. refer the link.

>

> http://help.sap.com/saphelp_nw04s/helpdata/en/4d/1144

> 0415ca6a4688aedd3c2eaa8ead/content.htm

>

> >> Is there any other way except writing a custom

> userstore to allow non-SAP-users to logon to a

> J2EE-security-restricted application?

>

> You create your own user store using Visual

> al Administrator, but i have no idea of the

> comlpexities involved.

thanks for your answer -- but writing a DBMS user store was the one thing we wanted to avoid.

> >> Can Roles be assigned to a principal in a way,

> that the Web AS will not double-check with the

> internal user store?

>

> you have a java policy file located at

> at "usr\sap\J2E\JC00\j2ee\cluster\server0" where you

> can Roles to a principal.

Hmm - Can you please describe this possibility in more detail? Does this mean, that I can define my users and roles within this text file - and no further check with the SAP user store is carried out?

This wouldn't help - as our users are defined in an external DB.

Our solution up to now is to implement the javax.auth.security.Principal interface containing the "name" attribute to satisfy the JAAS standard and to add our custom "loginName" attribute which we use within our application. The login is thus carried out by means of a configurable SAP user - and we have access to our custom username by casting request.getUserPrincipal() to our home-made Principal and call getLoginName().

As this implies other problems (FailedLoginCount !!!), we decided to leave JAAS out for the moment - and write our own login logic.

Thank you and Regards,

Wolff Holtmann.

Former Member
‎12-10-2005 2:35 PM
0 Kudos

>> Hmm - Can you please describe this possibility in more detail? Does this mean, that I can define my users and roles within this text file - and no further check with the SAP user store is carried out?

This wouldn't help - as our users are defined in an external DB.

The java.policy file provides the permission for the Java 'Security Role' as defined in the web.xml file.

Users are still in the UME Data store.

Regards,

S.Divakar

Answers (0)

Ask a Question