This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Using JAAS/Struts for enrollment authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Using JAAS/Struts for enrollment authentication" Watch "Using JAAS/Struts for enrollment authentication" New topic
Author

Using JAAS/Struts for enrollment authentication

Simon McClenahan
Greenhorn

Joined: May 12, 2005
Posts: 3
I have a web site that requires a user to go through an enrollment process to create an account on the site. The user is only allowed to enroll if the information they enter such as SSN, invoice number, etc. match with a record(s) we store in a database. Furthermore, the fields that we check and match against need to be configurable since we have several sites customized for several clients.

I haven't used JAAS or jGuard so bear with me - can I create a JAAS authentication file that defines multiple required or requisite login modules, each one responsible for checking just one field? That would allow me to customize the authentication for each site. How does information read from the database get passed between modules, through the LoginContext maybe?

In my Struts Action I would be calling a login() method, even though I'm just trying to authenticate entered information to see if they can create a login account.

The Struts page http://struts.apache.org/userGuide/preface.html mentions JAAS integration but I can't find any more documentation on what that integration actually is.

When the user completes the enrollment process, they should be able to login using a "standard" single LoginModule. Does jGuard or anyone else have a LoginModule that will check user/password against an already exisiting database schema? Re-designing the schema to accomodate a LoginModule with hardcoded table and field names is not going to work for me.
Charles GAY
Greenhorn

Joined: Jun 11, 2004
Posts: 18
Hi,
the answer to your question is yes with jGuard!(http://jguard.sourceforge.net).

to avoid duplicate information, you should see the detailed answer here:
http://sourceforge.net/forum/forum.php?thread_id=1283040&forum_id=407993

sincerly yours,

Charles(jGuard team).
Pauline McNamara
Sheriff

Joined: Jan 19, 2001
Posts: 4012
    
    6
Hello Charles (aka diabolo diabolo)

Welcome to Javaranch. Remember that pesky naming policy that you agreed to when you registered? Besides our "Be nice!" rule, it's one that we take seriously (don't let the one-eyed moose fool you!). Please take a minute to change your display name.

Thanks and hope you'll be visiting the ranch often.

Pauline
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Using JAAS/Struts for enrollment authentication
 
Similar Threads
jGuard, JAAS configuration for each webapp in j2ee
JAAS vs InitialContext authentication
Login Use Case and JAAS...
New JavaRanch Journal article: Authentication using JAAS
How to save the login ID as a session attribute ?