Websphere - Using direct JNDI lookup and JAAS Login Module

3
votes

I have Websphere Application Server version 7.0, running on Windows. I created a JAAS Login Module that implements the javax.security.auth.spi.LoginModule interface and created a data source that uses this login module (under Mapping-Configuration alias). Since this data source should get the credentials for the connection from the login module, there are no authentication alias configured on the data source.

I want to use this data source on my application, but my application uses direct JNDI lookup for the data source. According to this article, when using direct JNDI lookup, websphere creates a default resource-reference that is configured with res-auth=application. Since the res-auth is application my login module is never invoked, but I get a logon denied error because the "Component-Managed Authentication Alias" is empty. I tried to create a resource reference manually with res-auth=Container but it didn't help.

Is there any way to change the default res-auth to be Container? Is there any way to make a login module work when the res-auth is set to Application?

Thanks.

2
webspherejndijaas
This seems to be the same article as the one you've linked, but a little change in wording seems to have made it more understandable, at least for me. I think you should use the indirect jndi name instead of direct lookup with jdbc/xxx name. Quoting, retain the java:comp/env prefix. An indirect name makes any resource-reference data associated with the application available to the connection management runtime, to better manage resources based on the res-auth, ...Kurtcebe Eroglu

2 Answers

0
votes

Go to your datasource >> security settings >> select your jaas login module for both Component-managed authentication alias & Container-managed authentication alias

Regards,

0
votes

u can change res-auth in web.xml file to container, so it will use container managed authenication alias.