Reputation: 33
shared security between websphere and tomcat
Currently have WebSphere with some EJBs and defined custom user registry based on DB.
Now I am planning new application on Tomcat, which :
- has same users as existing WebSphere
- share access to the same DB
has to call EJB from WebSphere as logged user (results of call depend of calling user )
- Is it possible to call WebSphere EJB from Tomcat with security ? Probably yes, but if :
Users in DB have hashed passwords, Tomcat app during user login can hash entered password and determine if valid, but now if I call WebSphere EJB, I assume I should provide password (to InitialContext?), but no one knows it?
Does Anyone have idea how to solve it?
Upvotes: 1
Views: 219
Answers (1)
Reputation: 24780
Dirt and quick: Store unhashed password in Tomcat session and use it. Remember not to serialize it!
Alternative: Explore what kerberos does. I am not very familiar with it, but its objective seems exactly the same that you are looking for (kerberos centralices authentication and returns ticket that give access to the resources). Sorry I cannot be more specific.
Upvotes: 1
Related Questions
- Websphere Application Server Secure REST API
- WebSphere Java Security Issue :
- Websphere Application Login
- Java EE Server Independent Security
- Secured communication between two tomcat webapps?
- WebSphere Portal Spring Security
- Secure Login with JSP and Websphere
- Struts2 web application security
- How can we make a compromise between Tomcat and Websphere?
- Security of Tomcat versus WebSphere versus WebLogic