File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Customized JAAS Module. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Customized JAAS Module." Watch "Customized JAAS Module." New topic

Customized JAAS Module.

Raymond Miao

Joined: Feb 26, 2004
Posts: 4

I am trying to build a website runing on Sun app server. the site will have to be launched from other legacy site which will provide a single access token as request parameter for authentication. I want to create a customized authentication module to handle this access token, verify it, then tell web container the user is valid/invalid. I try to do in by extend the PasswordLoginModule class provided by Sun app server the problem is looks like the class only accept username and pasword as authentication input parameters so does its parent LoginModule. I am wondering if there is a way or workaround to bypass the username/password thing so I can check my access token.

The access token will be verified against database.

Any thoughts?
Thanks a lot.
Charles GAY

Joined: Jun 11, 2004
Posts: 18
Hi Raymond,
effectively the sun one app server forces you to extends the sun's PasswordLoginModule and not directly the LoginModule.
i think it is a drawback.....
another option would be to configure jGuard (http:/ on your application server, and use your loginModule (which extends directly LoginModule) with the jGuard configuration.
=> the requirement to extends passwordloginModule seems to be reaised by proprietary application server design....(bad j2ee security specification consequences...).
jGuard integrates JAAS in your j2ee environment without any proprietary issue.

hope it helps,

Charles(jGuard team).
I agree. Here's the link:
subject: Customized JAAS Module.
It's not a secret anymore!