Blake
Did you get the MySQL interface working before trying the IBM i DB interface? Maybe you should try the MySQL interface first, since you have sample code for that. Then try an IBM i DB interface. If you still can't solve it, that would essentially invalidate Java's cross-platform compatibility claims. That should stir some java expert to take an interest in this thread.
Actually, if you continue along this path of defining "security constraints" in your web.xml file, it feels like you may be boxing yourself into a corner. How broadly scoped do you want your web.xml context to be? Would it make more sense to deploy smaller applications and use more web.xml files? Or, since many applications would share the same security constraints, does this architecture push you into throwing a lot of applications into 1 web.xml context?
What about password rules? IBM i has all sorts of password rules that shops implement to enhance security. Would it be better to authenticate against IBM i user profiles. Or would it work better to authenticate against an LDAP directory?
-Nathan.
----- Original Message -----
From: "BButterworth@xxxxxxxxxxxxxx" <BButterworth@xxxxxxxxxxxxxx>
To: web400@xxxxxxxxxxxx
Cc:
Sent: Thursday, March 1, 2012 9:50 AM
Subject: [WEB400] Form-based authentication with Glassfish
I am researching using Glassfish, JSF and Primefaces to develop some
intranet applications and have developed some simple examples which
display DB2 data using Primefaces charts and datatables. Now I am trying
to develop a mechanism to secure these applications. One option is to use
form-based, container-managed authentication, and I have created a working
login example against a MySQL database.This article offers a similar
example:
http://blog.eisele.net/2011/01/jdbc-security-realm-and-form-based.html
Instead of MySQL, I would like to use DB2 on IBM i, but I am running into
problems. Has anyone had success getting form-based authentication to work
using Glassfish (3.1.x) with a JDBC realm and the JTOpen driver (7.6)
against DB2 on IBM i (7.1)? I have a JDBC connection pool and resource
defined in Glassfish for DB2, and it should be configured properly because
I am using it to access DB2 data in the JSF applications mentioned above.
The same JDBC resource is specified in the security realm defined in
Glassfish, which is used with form-based authentication. My DB2 example is
modelled on my working MySQL example in terms of the users and groups
files. When I attempt to authenticate, however, I get this warning:
Message ID
WEB9102
Complete Message
Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: Login
failed: Security Exception
Maybe there is a way to turn on more detailed logging? I have two JDBC
realms defined in Glassfish, one for MySQL and one for DB2. I can specify
which realm I want to use in the web.xml of my simple login application.
If I set it to the MySQL realm, it works. When I flip it to the DB2 realm,
it doesn't. In any event, I seem to have hit a brick wall, so I thought
I'd see if anyone on the list has success attempting this.
Thanks,
Blake
midrange.com
