Example: JAAS programmatic login

The following example illustrates how application programs may perform a programmatic login using JAAS authentication:

  LoginContext lc = null;
            
  try {
    lc = new LoginContext("WSLogin",         
         new WSCallbackHandlerImpl("userName", "realm", "password"));
  }
  catch (LoginException le) {
    System.out.println("Cannot create LoginContext. " + le.getMessage());
    // insert error processing code
  }
  catch(SecurityException se) {
    System.out.println("Cannot create LoginContext." + se.getMessage();
    // Insert error processing 
  }

  try {
    lc.login(); 
  }
  catch(LoginExcpetion le) {
    System.out.printlin("Fails to create Subject. " + le.getMessage());
    // Insert error processing code
  }

Shown in the example, the new LoginContext is initialized with the WSLogin login configuration and the WSCallbackHandlerImpl CallbackHandler. The WSCallbackHandlerImpl is suitable for use on server side application where prompting is not desirable. A WSCallbackHandlerImpl instance is initialized by the specified user id, password, and the realm information. The present WSLoginModuleImpl class implementation that is specified by WSLogin can only retrieve authentication information from the specified CallbackHandler. A LoginContext may be constructed with a Subject object but the Subject will be disregarded by the present WSLoginModuleImpl implementation.

In addition, you can also develop your own LoginModule if the default WSLoginModuleImpl implementation cannot address all your requirements. WebSphere provides utility functions that can be used by custom LoginModule which are described in the next section.

In cases where there is no java.naming.provider.url set as a system property or in the jndi.properties file, a default InitialContext does not function if the application server is not at the localhost:2809 location. In this situation, perform a new InitialContext programmatically before of the JAAS login. JAAS needs to know where the SecurityServer resides to verify that the user ID and password are correct, prior to doing a commit(). By performing a new InitialContext as shown below, the security code has the information needed to find the SecurityServer location and the target realm.

...
  import java.util.Hashtable;
  import javax.naming.Context;
  import javax.naming.InitialContext;
  ...
  
// Perform an InitialContext and default lookup prior to logging
// in so that target realm and bootstrap host/port can be determined
// for SecurityServer lookup.
  
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY,
     "com.ibm.websphere.naming.WsnInitialContextFactory");
  env.put(Context.PROVIDER_URL, "corbaloc:iiop:myhost.mycompany.com:2809");
  Context initialContext = new InitialContext(env);
  Object obj = initialContext.lookup("");
  
    LoginContext lc = null;
    try {
      lc = new LoginContext("WSLogin",         
           new WSCallbackHandlerImpl("userName", "realm", "password"));
    } catch (LoginException le) {
      System.out.println("Cannot create LoginContext." + le.getMessage());
      // insert error processing code 
    } catch(SecurityException se) {
      System.out.printlin("Cannot create LoginContext." + se.getMessage();
      // Insert error processing 
    }

    try {
      lc.login(); 
    } catch(LoginException le) {
      System.out.printlin("Fails to create Subject." + le.getMessage());
      // Insert error processing code
    }