File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Using JAAS/Struts for enrollment authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Using JAAS/Struts for enrollment authentication" Watch "Using JAAS/Struts for enrollment authentication" New topic

Using JAAS/Struts for enrollment authentication

Simon McClenahan

Joined: May 12, 2005
Posts: 3
I have a web site that requires a user to go through an enrollment process to create an account on the site. The user is only allowed to enroll if the information they enter such as SSN, invoice number, etc. match with a record(s) we store in a database. Furthermore, the fields that we check and match against need to be configurable since we have several sites customized for several clients.

I haven't used JAAS or jGuard so bear with me - can I create a JAAS authentication file that defines multiple required or requisite login modules, each one responsible for checking just one field? That would allow me to customize the authentication for each site. How does information read from the database get passed between modules, through the LoginContext maybe?

In my Struts Action I would be calling a login() method, even though I'm just trying to authenticate entered information to see if they can create a login account.

The Struts page mentions JAAS integration but I can't find any more documentation on what that integration actually is.

When the user completes the enrollment process, they should be able to login using a "standard" single LoginModule. Does jGuard or anyone else have a LoginModule that will check user/password against an already exisiting database schema? Re-designing the schema to accomodate a LoginModule with hardcoded table and field names is not going to work for me.
Charles GAY

Joined: Jun 11, 2004
Posts: 18
the answer to your question is yes with jGuard!(

to avoid duplicate information, you should see the detailed answer here:

sincerly yours,

Charles(jGuard team).
Pauline McNamara

Joined: Jan 19, 2001
Posts: 4012
Hello Charles (aka diabolo diabolo)

Welcome to Javaranch. Remember that pesky naming policy that you agreed to when you registered? Besides our "Be nice!" rule, it's one that we take seriously (don't let the one-eyed moose fool you!). Please take a minute to change your display name.

Thanks and hope you'll be visiting the ranch often.

I agree. Here's the link:
subject: Using JAAS/Struts for enrollment authentication
It's not a secret anymore!