This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes J2EE and JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "J2EE and JAAS" Watch "J2EE and JAAS" New topic
Author

J2EE and JAAS

Shyam Sankar
Greenhorn

Joined: Jun 12, 2003
Posts: 9
Hi,
I am developing a J2EE application with a Swing client.
For authentication, I plan to use JAAS.
what I want to know is where will the LoginModule reside?
Is it on the server?
If so will the LoginContext be created on the server?
In that case some resource on the server has to be contacted for creating the LoginContext even before any authentication is done
If the LoginContext is created on the client side, will the LoginModule also reside on the client?
If it resides on the server, where do we specify the URL of the server?
because all we do is loginContext.login()
I hope my queries are not confusing
Thanks in advance
Best Wishes
Shyam Sankar S.
Dave Teare
Ranch Hand

Joined: Oct 09, 2002
Posts: 80
Good question - I'm not sure if I have enough hands-on experience with stand-alone Java clients to help you, but I will try.
My understanding is that your client will create a LoginContext s.t. it can perform login(), doAs(), etc. The LoginModule itself will live on the server, and will authenticate users. Your client will therefore need to be configured to know where the security server is and what port it is running on.
Here is some sample WebSphere code:

I grabbed this from WebSphere's Developing with JASS and JAAS Example.
Hope this helps!
Cheers,
--Dave.
sandy km
Greenhorn

Joined: Jan 11, 2004
Posts: 13
thanks dave for your inputs. I have been trying to get an answer for a similar question which I have posted today and earlier as well.
I want to test out the jaas with a very simple example and so I could take any application.
Question is where is the jaas module running ?
can i test say a telnet application with jaas ?
ie the telnet client would call a jaas module that would verify the credentials of the user and telnet client. would that be a feasible to test ? or there are some modifications required to the client as well as the server ?
there are tutorials and white papers on jaas but none of them explains this basic fact ? or may be i need to re-read them again.
thanks
Originally posted by Dave Teare:
Good question - I'm not sure if I have enough hands-on experience with stand-alone Java clients to help you, but I will try.
My understanding is that your client will create a LoginContext s.t. it can perform login(), doAs(), etc. The LoginModule itself will live on the server, and will authenticate users. Your client will therefore need to be configured to know where the security server is and what port it is running on.
Here is some sample WebSphere code:

I grabbed this from WebSphere's Developing with JASS and JAAS Example.
Hope this helps!
Cheers,
--Dave.
Dave Teare
Ranch Hand

Joined: Oct 09, 2002
Posts: 80
Sorry Sandy,
I don't understand your question. Now, I just got back from vacation in Mexico so perhaps the sun has fried my brain
Are you writting a telnet application that will validate users against JAAS, or are you trying to test your JAAS login module using telnet?
From what I understand, the LoginModule impl will live in your application server, say WebSphere, and you will connect to it from your client using the code posted above. Of course, if you are not using WAS, you need to find an example for your particular env.
If you're simply trying to test your JAAS LoginModule impl, I would write a JUnit test that excercises your module, I don't see how telnet would fit in since the transport is specific to your env (i.e., WAS runs over IIOP).
Now, on my vacation I did read a great Struts book that showed you how to connect to your app server via telnet s.t. you could see the data traffic between a browser and a servlet. Is this similar to what yoy are trying?
--Dave.
sandy km
Greenhorn

Joined: Jan 11, 2004
Posts: 13
I want to test out JAAS login module using xyz application.
I thought telnet would be an easy one.... Any app is fine as long as I can write and test the jaas login module to authenticate a user for this app. User database could be a windows NT database or any other userdatabase.
In summary application and user_db could be any.
thanks

Originally posted by Dave Teare:
Sorry Sandy,
I don't understand your question. Now, I just got back from vacation in Mexico so perhaps the sun has fried my brain
Are you writting a telnet application that will validate users against JAAS, or are you trying to test your JAAS login module using telnet?
From what I understand, the LoginModule impl will live in your application server, say WebSphere, and you will connect to it from your client using the code posted above. Of course, if you are not using WAS, you need to find an example for your particular env.
If you're simply trying to test your JAAS LoginModule impl, I would write a JUnit test that excercises your module, I don't see how telnet would fit in since the transport is specific to your env (i.e., WAS runs over IIOP).
Now, on my vacation I did read a great Struts book that showed you how to connect to your app server via telnet s.t. you could see the data traffic between a browser and a servlet. Is this similar to what yoy are trying?
--Dave.
 
Don't get me started about those stupid light bulbs.
 
subject: J2EE and JAAS
 
Similar Threads
Authentication question - Please clarify
JAAS in Jboss
JAAS for J2EE integration
Question about JAAS
JAAS client problem in mastering EJB