Container managed EE app sharing BPF/ICN/ICM authentication

From my experience as a P8 engineer i know many are actually struggling with this. So in this post i’ll share a textbook example on how to  re-use your BPF/ICN/ICM authentication in your own custom Java EE application.

Download the complete sample project here

The following project assumes the use of IBM Websphere with support for EE6 (personally using 8.5.5.).

The sample project contains a few essential parts:

1. A Simple rest-service that exposes two methods;

  1. a /ping api that will be accessible to all;
  2. and a /getObjetStoreID api that is only available to users currently logged on.

2. A web.xml in which is specified what resources (urls) are behind authentication, and which urls are not.

3. An (websphere specific) ibm-application-bnd.xml file in which we map security roles to subjects.

Note that this can be managed from within the wasadmin as well.

Wrapping it all up; there’s just no need for complex mechanisms, – or worse, storing and sharing passwords between services 🙂

 

One thought on “Container managed EE app sharing BPF/ICN/ICM authentication

  1. Hier ga ik zeker mee de boer op. Het is a struggle en een steeds weer terugkerend iets. Vanuit ontwikkeling wordt een showcase geschreven en voor je het weet wordt het uitgerold. Met dit kan je al direct vanaf de eerste code hier ekening mee houden. Thanks Ivo!

Leave a Reply

Your email address will not be published. Required fields are marked *