WebSphere Authentication Example

This example contains the source code for the WebsphereAuthenticatedBeanFactory.

Click the following link to download the sources for this example as ZIP file:

The ZIP file contains source code, properties and a JAAS authentication file.

An AuthenticatedBeanFactory is responsible for authenticating the user at an application server. After a successful login to the application server it returns a Infinity Process Platform session bean. There is no need to call the login method on this Infinity Process Platform session if retrieved by an AuthenticatedBeanFactory.

Since the mechanisms to authenticate against an application server are not portable for each application server there has to be an own AuthenticatedBeanFactory. Even different configurations or authentication methods can require different AuthenticatedBeanFactory classes. This is an example of how to authenticate against IBM WebSphere.

For more detailed information on the AuthenticatedBeanFactory interface please refer to chapter Integrating External User Repositories in the Programming Guide.

This example can be used in the console module that is created by the WebSphere EAR archetype. Open the pom.xml which is located in the <was-ear-archetype-project>/console module and include the following dependency:

  <dependency>
    <groupId>com.infinity.bpm.examples</groupId>
    <artifactId>websphere-auth</artifactId>
    <version>9.2.0</version>
    <scope>runtime</scope>
    <exclusions>
      <exclusion>
        <groupId>org.eclipse.stardust.engine</groupId>
        <artifactId>carnot-engine</artifactId>
      </exclusion>
    </exclusions>
  </dependency>

In the carnot.properties file of the console module you have to set the following properties:

  Credential.Provider = org.eclipse.stardust.examples.authentication.websphere.WASCredentialProvider
  Secure.Session.Factory = org.eclipse.stardust.examples.authentication.websphere.WASSecureSessionFactory
  Security.Authentication.ConfigurationName = WSLogin
  Websphere.ServerName=localhost
  Websphere.ServerPort=2809

whereby properties WebSphere.ServerName and Websphere.ServerPort must be adjusted according to your environment.

Copy the etc/template/jaas.conf file from the websphere-auth.zip archive to <was-ear-archetype-project>/console/etc and reference it in each console call, for instance via the environment variable CARNOT_JVM_PROPERTIES:

set CARNOT_JVM_PROPERTIES=-Djava.security.auth.login.config=<was-ear-archetype-project>/console/etc/jaas.conf

In the next step copy the sas.client.props from <was-install-dir>/profiles/<profile>/properties/sas.client.props to <was-ear-archetype-project>/console/etc and set the com.ibm.CORBA.securityEnabled. property to true. After that this file must be referenced in each console call:

set CARNOT_JVM_PROPERTIES=-Dcom.ibm.CORBA.ConfigURL=file:<was-ear-archetype-project>/console/etc/sas.client.props %CARNOT_JVM_PROPERTIES%

With this change the console tool will use the SecureSessionFactory to authenticate the user against the application server.

Please note that this example assumes that the Engine is using implicit authentication. Further details can be found in the Security chapter of the Operation Guide.