> From: Brett Slocum
> Authentication is done by taking the userid and password from the JSP
> and running a stored procedure in the AS400 via JDBC. JDBC is setup to
> use one AS400 id in the <webapp>.xml.

Okay, so you have application-enforced security based on the user ID in
your application.  Is it crucial that you authenticate in the
application as opposed to using HTTP authentication and making the user
log in via normal HTTP challenge?  If you create a validation list on
the iSeries and use that to authenticate the user/password, it doesn't
need to be the same as an iSeries user profile and password, and then
you can just pass the user ID to the stored procedure.

There are no database changes, but you do have to administer the
validation list, which is a different interface (either browser-based
via WebSphere or through some rather clunky APIs).

I realize this isn't exactly the security setup you're doing, but it
would actually make your job a little easier, as well as using an
industry standard authentication interface.  You can use SSL to encrypt
the exchange, and even (much as I despise it <grin>) use something like
Kerberos for single sign-on.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.