Using JNDI Authentication Oracle Fusion Middleware Online Documentation Library
4.4 Using JNDI Authentication
Java clients use the Java Naming and Directory Interface JNDI to pass credentials to WebLogic Server. A Java client establishes a connection with WebLogic Server by getting a JNDI InitialContext. The Java client then uses the InitialContext to look up the resources it needs in the WebLogic Server JNDI tree. To specify a user and the users credentials, set the JNDI properties listed in Table 4–1 . These properties are stored in a hash table that is passed to the InitialContext constructor. Example 4–7 illustrates how to use JNDI authentication in a Java client running on WebLogic Server. Example 4–7 Example of Authentication ... Hashtable env = new Hashtable; env.putContext.INITIAL_CONTEXT_FACTORY, Note: The LoginModule.logout method is never called for a WebLogic Authentication provider or a custom Authentication provider, because once the Principals are created and placed into a Subject, the WebLogic Security Framework no longer controls the lifecycle of the Subject. Therefore, code that creates the JAAS LoginContext to log in and obtain the Subject should also call the LoginContext to log out. Calling LoginContext.logout results in the clearing of the Principals from the Subject. Note: JAAS is the preferred method of authentication, however, the WebLogic Authentication providers LoginModule supports only user name and password authentication. Thus, for client certificate authentication also referred to as two-way SSL authentication, you should use JNDI. To use JAAS for client certificate authentication, you must write a custom Authentication provider whose LoginModule does certificate authentication. For information on how to write LoginModules, see http:java.sun.comjavase6docstechnotesguidess ecurityjaasJAASLMDevGuide.html . Table 4–3 JNDI Properties for Authentication Property Meaning INITIAL_CONTEXT_FACTORY Provides an entry point into the WebLogic Server environment. The class weblogic.jndi.WLInitialContextFactory is the JNDI SPI for WebLogic Server. PROVIDER_URL Specifies the host and port of the WebLogic Server that provides the name service. For example: t3:weblogic:7001. SECURITY_PRINCIPAL Specifies the identity of the user when that user authenticates to the default active security realm. SECURITY_CREDENTIALS Specifies the credentials of the user when that user authenticates to the default active security realm. Using JAAS Authentication in Java Clients 4-13 weblogic.jndi.WLInitialContextFactory; env.putContext.PROVIDER_URL, t3:weblogic:7001; env.putContext.SECURITY_PRINCIPAL, javaclient; env.putContext.SECURITY_CREDENTIALS, javaclientpassword; ctx = new InitialContextenv;4.5 Java Client JAAS Authentication Code Examples
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Audience for This Guide
» Guide to this Document Related Information
» New and Changed Security Features in This Release What Is Security?
» Authentication Authorization Java EE Security
» User Name and Password Authentication
» Digital Certificate Authentication Authentication With Web Browsers
» Using Secure Cookies to Prevent Session Stealing
» Developing BASIC Authentication Web Applications
» Using WLST to Check the Value of enforce-valid-basic-auth-credentials
» Developing FORM Authentication Web Applications
» Developing Swing-Based Authentication Web Applications Deploying Web Applications
» auth-constraint security-constraint web.xml Deployment Descriptors
» security-role security-role-ref user-data-constraint web.xml Deployment Descriptors
» externally-defined weblogic.xml Deployment Descriptors
» security-permission-spec security-role-assignment weblogic.xml Deployment Descriptors
» getUserPrincipal isUserInRole Using Programmatic Security With Web Applications
» JAAS Authentication APIs JAAS Authentication Development Environment
» JAAS Client Application Components
» WebLogic LoginModule Implementation JVM-Wide Default User and the runAs Method
» Writing a Client Application Using JAAS Authentication
» Using JNDI Authentication Oracle Fusion Middleware Online Documentation Library
» Java Client JAAS Authentication Code Examples JSSE and WebLogic Server
» SSL Authentication APIs SSL Certificate Authentication Development Environment
» SSL Client Application Components
» SSLClient Sample SSLSocketClient Sample
» Two-Way SSL Authentication with JNDI
» Using Two-Way SSL Authentication Between WebLogic Server Instances
» Using Two-Way SSL Authentication with Servlets
» Using the CertPath Trust Manager Using a Handshake Completed Listener
» Using an SSLContext Using URLs to Make Outbound SSL Connections
» Declarative Authorization Programmatic Authorization
» SSL Client Code Examples Using Declarative Security With EJBs
» method method-permission ejb-jar.xml Deployment Descriptors
» role-name run-as security-identity ejb-jar.xml Deployment Descriptors
» security-role security-role-ref ejb-jar.xml Deployment Descriptors
» externally-defined weblogic-ejb-jar.xml Deployment Descriptors
» identity-assertion iiop-security-descriptor integrity principal-name
» role-name run-as-identity-principal weblogic-ejb-jar.xml Deployment Descriptors
» run-as-principal-name run-as-role-assignment weblogic-ejb-jar.xml Deployment Descriptors
» security-permission security-permission-spec security-role-assignment transport-requirements
» ConnectionFilterImpl Class ConnectionEvent Class
» Connection Filter Rules Syntax Types of Connection Filter Rules
» Modifying the weblogic.policy file for General Use
» Setting Application-Type Security Policies Setting Application-Specific Security Policies
» Using Java EE Security to Protect WebLogic Resources SAML API Description
» Custom POST Form Parameter Names
» Overview of Creating a Custom SAML Name Mapper
» SAMLAttributeStatementInfo Class Classes, Interfaces, and Methods
» SAMLCredentialAttributeMapper Interface Classes, Interfaces, and Methods
» Make the Custom SAMLCredentialAttributeMapper Class Available in the Console
» What Are SAML SSO Attributes?
» How to Implement SAML Attributes
» Example Custom SAML 2.0 Credential Attribute Mapper
» Custom SAML 2.0 Identity Asserter Attribute Mapper
» Example Custom SAML 1.1 Credential Attribute Mapper
» Custom SAML 1.1 Identity Asserter Attribute Mapper
» Instantiate a CertPathSelector CertPath Building
» Instantiate a CertPathBuilderParameters CertPath Building
» Use the JDK CertPathBuilder Interface Example Code Flow for Looking Up a Certificate Chain
Show more