开发者

shared security between websphere and tomcat

Currently have WebSphere with some EJBs and defined custom user registry based on DB.

Now I am planning new application on Tomcat, which :

  • has same users as existing WebSphere
  • share access to the same DB
  • has to call EJB from WebSphere as logged user (results of call depend of calling user )

    1. Is it possible to call WebSphere EJB from Tomcat with security ? Probably yes, but if :

Users in DB have hashed passwords, Tomcat app during 开发者_StackOverflow社区user login can hash entered password and determine if valid, but now if I call WebSphere EJB, I assume I should provide password (to InitialContext?), but no one knows it?

Does Anyone have idea how to solve it?


Dirt and quick: Store unhashed password in Tomcat session and use it. Remember not to serialize it!

Alternative: Explore what kerberos does. I am not very familiar with it, but its objective seems exactly the same that you are looking for (kerberos centralices authentication and returns ticket that give access to the resources). Sorry I cannot be more specific.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜