[rules-users] Websphere 7.0 and Drools Guvnor 5.2 Integration

Tihomir Surdilovic tsurdilo at redhat.com
Mon Aug 22 20:15:28 EDT 2011 

Hi Henry,
I vaguely remember seeing the same problem in WAS6. WebSphere 
documentation says:
A username and password must be specified in the callback handler. 
Custom classes that are added to the Subject on the client side should 
get propagated to the server automatically whenever security attribute 
propagation is enabled. You can set the password to null if you want to 
use identity assertion without a password. 
(http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tsec_pacs.html)

So when either a null or an empty string password is supplied to the WAS 
login module, it takes it as an implicit sign that you want to do 
identity assertion instead of authentication, and therefore succeeds as 
long as the user id is valid.

As a workaround, I have seen people write their own login module that 
simply rejects any null or empty password. Then they chain this login 
module with the native WebSphere login module, so the latter can check 
credentials where a password is supplied. This is just a workaround 
however. Again I am not a WAS expert and you should probably contact one 
for further help.

Hope this helps.
Tihomir
On 8/22/11 8:01 PM, hpham1067 wrote:
> I've Guvnor working with Websphere 7.0 pretty well. That said, I've having
> problem using JAAS with WebsPhere WSLogin login implementation module, i.e.
> com.ibm.ws.security.common.auth.module.WSLoginModuleImpl. It seems that
> Guvnor will accept the any user authentication if you specify a blank
> password at the login screen. If you type in a wrong password in it work as
> expected but a blank or no password Guvnor will let the user login no
> question ask. Has anyone encounter this issue. Thanks in advance for your
> help.
>
>   - Henry
>
> --
> View this message in context: http://drools.46999.n3.nabble.com/Websphere-7-0-and-Drools-Guvnor-5-2-Integration-tp3276699p3276699.html
> Sent from the Drools: User forum mailing list archive at Nabble.com.
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>

More information about the rules-users mailing list