I have a web site that requires a user to go through an enrollment process to create an account on the site. The user is only allowed to enroll if the information they enter such as SSN, invoice number, etc. match with a record(s) we store in a database. Furthermore, the fields that we check and match against need to be configurable since we have several sites customized for several clients.
I haven't used JAAS or jGuard so bear with me - can I create a JAAS authentication file that defines multiple required or requisite login modules, each one responsible for checking just one field? That would allow me to customize the authentication for each site. How does information read from the database get passed between modules, through the LoginContext maybe?
In my
Struts Action I would be calling a login() method, even though I'm just trying to authenticate entered information to see if they can create a login account.
The Struts page
http://struts.apache.org/userGuide/preface.html mentions JAAS integration but I can't find any more documentation on what that integration actually is.
When the user completes the enrollment process, they should be able to login using a "standard" single LoginModule. Does jGuard or anyone else have a LoginModule that will check user/password against an already exisiting database schema? Re-designing the schema to accomodate a LoginModule with hardcoded table and field names is not going to work for me.
