Login/Register
How to access authentication alias from EJB deployed to Websphere 6.1
Asked Answered
javasecuritywebspherejaaswebsphere-6.1
A

1

6

I need to provide password for keystore in my EJB but I don't want it to be visible to developers. My idea was to create Authentication Alias in Websphere Console and later lookup for MY_ALIAS and obtain password from alias. I found some discussion related to subject at: http://www.coderanch.com/t/79439/Websphere/Authentication-Data

Do anybody knows can alias be lookuped? What is your suggested method to achieve my goal?

Thank you very much!

Asis answered 11/1, 2011 at 22:43 Comment(0)
J
7

You can use the following code to obtain credentials from J2C authentication data entry:

import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.auth.callback.WSMappingCallbackHandlerFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;

Map map = new HashMap();
map.put(Constants.MAPPING_ALIAS, "YOUR_J2C_DATA_ALIAS");
CallbackHandler callbackHandler = WSMappingCallbackHandlerFactory.getInstance().getCallbackHandler(map, null);

LoginContext loginContext = new LoginContext("DefaultPrincipalMapping", callbackHandler);
loginContext.login();

Subject subject = loginContext.getSubject();
Set credentials = subject.getPrivateCredentials();

PasswordCredential passwordCredential = (PasswordCredential) credentials.iterator().next();

String user = passwordCredential.getUserName();
String password = new String(passwordCredential.getPassword());
Jejune answered 15/6, 2011 at 10:0 Comment(8)
I'm wondering if there is a way to do this without referencing the Websphere specific classes (Constants and WSMappingCallbackHandlerFactory)?Wooster
@Wooster I don't think this is possible. It is WAS-specific stuff so one should assume using some specific classes. BTW, these are part of public WAS API. Do you have any problem using it?Femmine
I'm sure I could use it but I don't want to include container-specific classes in my application. Isn't there a way to code against only the JEE classes? What makes this WAS-specific? Is it J2C Authentication Data that is WAS-only?Wooster
You don't have to include them - it is enough to compile against them. There are many things in the area of configuration that is up to the server. There is no such thing as Authentication Alias in Java EE specification. It deliberately avoids specifying things like these and there is a reason for this.Femmine
If you do not want to include WAS-specific classes during compile time (and you should not) see: #14039538Hawker
@ user482745 Oh yeah, configure and use third-party container like Spring instead of public WAS API. You must be kidding.Femmine
Thanks @fnt worked great! Just wondering if there is a way to obtain the node name prefix that is part of the J2C alias separately? i.e) my j2c alias is DEVXXXXNode/myjaasalias. Is there a way to obtain DEVXXXXNode so that I can run this on other environments with differing node names and plug in the node name dynamically?Senatorial
Aliases prefixed with node names is just a convention. Prefix is added by default during alias creation but you don't have to do this. So from J2C perspective any alias is just an opaque id. What you might want is obtaining the node name (assuming your environments use that default convention). I am pretty sure there should be API for this or at least some way. I can't recall off the top of my head.Femmine

© 2022 - 2024 — McMap. All rights reserved.