[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web Sphere Security

To: "Cynthia Jeness" <cindy@philibert.com>, <ajug-members@ajug.org>, <ajug-officers@ajug.org>
Subject: Re: Web Sphere Security
From: "James W. Anderson" <jwanderson@bellsouth.net>
Date: Thu, 11 Sep 2003 22:14:36 -0400
References: <3F60514B.2060300@philibert.com>

I believe you need to implement form-based security at the HTTP server
level, not within WebSphere App Server.

In your httpd.conf file you should add the AuthType, AuthName, AuthUserFile,
AuthGroupFile and require settings to the virtual host or directory which
you want to require authentication.

I hope this helps.

----- Original Message -----
From: "Cynthia Jeness" <cindy@philibert.com>
To: <ajug-members@ajug.org>; <ajug-officers@ajug.org>
Sent: Thursday, September 11, 2003 6:41 AM
Subject: Web Sphere Security


> We have a web application that has FORM based security defined in the
> web.xml file.  This web application works find under Tomcat; i.e., when
> I try to access a protected resource, it pops up the dialog and requires
> a valid user name and password.
>
> We have taken the same war file that we use in Tomcat and moved it to
> WebSphere.  We have enabled global security and J2EE security.  We
> deployed our war file and mapped the role defined in web.xml as part of
> deploying the war.  However, we we access our application, it displays
> the request page without enforcing the security check.  One of my
> programmers has spend the last three days examining the WebSphere
> documentation without success.
>
> Do any of you know what magic incantation we must use to get WebSphere
> 5.02 to perform appropriate security checking?
>
> Cindy
>
>

Prev by Date: Help!! (WAS & IBMHTTPServer)
Next by Date: Re: Java Forums and Sites
Prev by thread: Help!! (WAS & IBMHTTPServer)
Next by thread: 2-4 week Java contract
Index(es):
- Date
- Thread