shared security between websphere and tomcat
Currently have WebSphere with some EJBs and defined custom user registry based on DB.
Now I am planning new application on Tomcat, which :
- has same users as existing WebSphere
- share access to the same DB
has to call EJB from WebSphere as logged user (results of call depend of calling user )
- Is it possible to call WebSphere EJB from Tomcat with security ? Probably yes, but if :
Users in DB have hashed passwords, Tomcat app during 开发者_StackOverflow社区user login can hash entered password and determine if valid, but now if I call WebSphere EJB, I assume I should provide password (to InitialContext?), but no one knows it?
Does Anyone have idea how to solve it?
Dirt and quick: Store unhashed password in Tomcat session and use it. Remember not to serialize it!
Alternative: Explore what kerberos does. I am not very familiar with it, but its objective seems exactly the same that you are looking for (kerberos centralices authentication and returns ticket that give access to the resources). Sorry I cannot be more specific.
精彩评论