File-based User Authentication Under WebSphere 6

When developing a web application for the WebSphere Application Server you sometimes need to enable security because the application expects HttpServletRequest.getUserPrincipal() to be non-null. While in the production environment you will likely configure WAS to delegate the authentication to an LDAP server, during development you would likely prefer to use a simpler method that doesn't depend on an external service (and thus functions even when offline) and doesn't force you to use some real confidential credentials.

The solution is to use the sample custom file-based user registry, which is shipped with WebSphere 6.x and which enables you to define your groups and users in two files. The steps to configure it are quite simple.

2. Configure the custom user registry under Security - Global security - Custom:
2.a Define basic properties:


2.b Define location of the user and group files:


3. Enable security and select the configured custom user registry:




4. ? Add self to the allowed console users (I'm not sure whether this is necessary):


5. Create the users and groups files defined in the step 2.b:
jh_user.props:

# jh_user.props file (user name, password, unique user id, group id, user label)
jholy@at.ibm.com:password:123:567:Jakub Holy

jh_group.props:

# jh_group.props file (group name, unique group id, comma-separated member list,
# a label)
AutomatedBridge_admins:567:jholy@at.ibm.com:AB Admins

6. Restart WAS

7. Log in to the admin console with the credentials you've configured (id jholy@at.ibm.com above).

 

From http://www.jroller.com/holy/entry/file_based_user_authentication_under