This example contains the source code for the WebsphereAuthenticatedBeanFactory.
Click the following link to download the sources for this example as ZIP file:
The ZIP file contains source code, properties and a JAAS authentication file.
An AuthenticatedBeanFactory is responsible for authenticating the user at an application server. After a successful login to the application server it returns a Infinity Process Platform session bean. There is no need to call the login method on this Infinity Process Platform session if retrieved by an AuthenticatedBeanFactory.
Since the mechanisms to authenticate against an application server are not portable for each application server there has to be an own AuthenticatedBeanFactory. Even different configurations or authentication methods can require different AuthenticatedBeanFactory classes. This is an example of how to authenticate against IBM WebSphere.
For more detailed information on the AuthenticatedBeanFactory interface please refer to chapter Integrating External User Repositories in the Programming Guide.
This example can be used in the console module that is created by the WebSphere EAR
archetype. Open the
pom.xml which is located in the
module and include the following dependency:
<dependency> <groupId>com.infinity.bpm.examples</groupId> <artifactId>websphere-auth</artifactId> <version>9.2.0</version> <scope>runtime</scope> <exclusions> <exclusion> <groupId>org.eclipse.stardust.engine</groupId> <artifactId>carnot-engine</artifactId> </exclusion> </exclusions> </dependency>
carnot.properties file of the console module you have to set the following properties:
Credential.Provider = org.eclipse.stardust.examples.authentication.websphere.WASCredentialProvider Secure.Session.Factory = org.eclipse.stardust.examples.authentication.websphere.WASSecureSessionFactory Security.Authentication.ConfigurationName = WSLogin Websphere.ServerName=localhost Websphere.ServerPort=2809
Websphere.ServerPort must be adjusted
according to your environment.
etc/template/jaas.conf file from the
websphere-auth.zip archive to
<was-ear-archetype-project>/console/etc and reference it in each console call,
for instance via the environment variable CARNOT_JVM_PROPERTIES:
In the next step copy the
<was-ear-archetype-project>/console/etc and set the com.ibm.CORBA.securityEnabled.
property to true. After that this file must be referenced in each console call:
set CARNOT_JVM_PROPERTIES=-Dcom.ibm.CORBA.ConfigURL=file:<was-ear-archetype-project>/console/etc/sas.client.props %CARNOT_JVM_PROPERTIES%
With this change the console tool will use the SecureSessionFactory to authenticate the user against the application server.
Please note that this example assumes that the Engine is using implicit authentication. Further details can be found in the Security chapter of the Operation Guide.