> From: Brett Slocum > > Authentication is done by taking the userid and password from the JSP > and running a stored procedure in the AS400 via JDBC. JDBC is setup to > use one AS400 id in the <webapp>.xml. Okay, so you have application-enforced security based on the user ID in your application. Is it crucial that you authenticate in the application as opposed to using HTTP authentication and making the user log in via normal HTTP challenge? If you create a validation list on the iSeries and use that to authenticate the user/password, it doesn't need to be the same as an iSeries user profile and password, and then you can just pass the user ID to the stored procedure. There are no database changes, but you do have to administer the validation list, which is a different interface (either browser-based via WebSphere or through some rather clunky APIs). I realize this isn't exactly the security setup you're doing, but it would actually make your job a little easier, as well as using an industry standard authentication interface. You can use SSL to encrypt the exchange, and even (much as I despise it <grin>) use something like Kerberos for single sign-on. Joe
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.