Home/ Questions/Q 9052201
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T13:06:24+00:00

I have an EJB which makes a call to another server in the cell

  • 0

I have an EJB which makes a call to another server in the cell using HTTP (REST api).

At the EJB context the user is already authenticated and authorized, how can I propagate the security tokens to the other server avoiding the need to provide credentials in the request ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is possible to obtain WebSphere’s Ltpa token from the security subject and pass it as a cookie for the HTTP call:

    public static SingleSignonToken getSSOTokenFromSubject(final Subject subject) {
    if (subject == null) {
        return null;
    }
    return AccessController.doPrivileged(new PrivilegedAction<SingleSignonToken>() {
        public SingleSignonToken run() {
            Set<SingleSignonToken> ssoTokens = subject.getPrivateCredentials(SingleSignonToken.class);
                for (SingleSignonToken ssoToken : ssoTokens) {
                if (ssoToken.getName().equals("LtpaToken")) {
                    return ssoToken;
                }
            }

            return null;
        }
    });
}

// Get cookie to add to outgoing HTTP requests
SingleSignonToken ssoToken =  getSSOTokenFromSubject(subject);

String ssoTokenStr = null;
if (ssoToken != null) {
    byte[] ssoTokenBytes = ssoToken.getBytes();
    ssoTokenStr = com.ibm.ws.util.Base64.encode(ssoTokenBytes);
}
String ssoTokenCookie = "LtpaToken2=" + ssoTokenStr;

    By adding the ssoTokenCookie to the request cookies there is no need to provider user credentials.

    • 0