0 Replies Latest reply: Oct 22, 2010 4:30 AM by 807340 RSS

    Using Weblogic LDAP JAAS credentials for 3rd party authentication

    807340
      Hello to all!
      I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.

      I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).

      I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.

      Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.

      How do I get this from the weblogic server ?

      Of the following approaches, can you tell me which are the most correct ones ?
      <ul>
      a)<b>
          LoginContext lc = null;
          try {
              lc = new LoginContext("<JAAS instance name>");
              lc.login();
          } catch (LoginException e) {
              e.printStackTrace();
          }
          javax.security.auth.Subject subject = lc.getSubject();
      </b>
      </ul>
      <ul>
      b)<b>
          LoginContext lc = new LoginContext("<JAAS instance name>"
              new MyClass.CallbackHandler(userid, password));
          lc.login();
          javax.security.auth.Subject subject = lc.getSubject();
          javax.security.auth.Subject.doAs(subject, myClassObject);
      </b>
      </ul>
      <ul>
      c)<b>
          javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
          subjectA.doAs(subjectA, myClassObject);
      </b>
      </ul>
      Thanks in advance,
      Nuno B.