Jakub is a Java EE developer since 2005 and occasionally a project manager, working currently with Iterate AS. He's highly interested in developer productivity (and tools like Maven and AOP/AspectJ), web frameworks, Java portals, testing and performance and works a lot with IBM technologies. A native to Czech Republic, he lives now in Oslo, Norway. Jakub is a DZone MVB and is not an employee of DZone and has posted 149 posts at DZone. You can read more from them at their website. View Full User Profile

File-based User Authentication Under WebSphere 6

  • submit to reddit

When developing a web application for the WebSphere Application Server you sometimes need to enable security because the application expects HttpServletRequest.getUserPrincipal() to be non-null. While in the production environment you will likely configure WAS to delegate the authentication to an LDAP server, during development you would likely prefer to use a simpler method that doesn't depend on an external service (and thus functions even when offline) and doesn't force you to use some real confidential credentials.

The solution is to use the sample custom file-based user registry, which is shipped with WebSphere 6.x and which enables you to define your groups and users in two files. The steps to configure it are quite simple.

1. Open the WAS administration console

2. Configure the custom user registry under Security - Global security - Custom:
2.a Define basic properties:

2.b Define location of the user and group files:

3. Enable security and select the configured custom user registry:

4. ? Add self to the allowed console users (I'm not sure whether this is necessary):

5. Create the users and groups files defined in the step 2.b:
# jh_user.props file (user name, password, unique user id, group id, user label)
jholy@at.ibm.com:password:123:567:Jakub Holy
# jh_group.props file (group name, unique group id, comma-separated member list,
# a label)
AutomatedBridge_admins:567:jholy@at.ibm.com:AB Admins

6. Restart WAS

7. Log in to the admin console with the credentials you've configured (id jholy@at.ibm.com above).


From http://www.jroller.com/holy/entry/file_based_user_authentication_under

Published at DZone with permission of Jakub Holý, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)