File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Customized JAAS Module. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Customized JAAS Module." Watch "Customized JAAS Module." New topic
Author

Customized JAAS Module.

Raymond Miao
Greenhorn

Joined: Feb 26, 2004
Posts: 4
Hi,

I am trying to build a website runing on Sun app server. the site will have to be launched from other legacy site which will provide a single access token as request parameter for authentication. I want to create a customized authentication module to handle this access token, verify it, then tell web container the user is valid/invalid. I try to do in by extend the PasswordLoginModule class provided by Sun app server the problem is looks like the class only accept username and pasword as authentication input parameters so does its parent LoginModule. I am wondering if there is a way or workaround to bypass the username/password thing so I can check my access token.

The access token will be verified against database.

Any thoughts?
Thanks a lot.
Charles GAY
Greenhorn

Joined: Jun 11, 2004
Posts: 18
Hi Raymond,
effectively the sun one app server forces you to extends the sun's PasswordLoginModule and not directly the LoginModule.
i think it is a drawback.....
another option would be to configure jGuard (http:/jguard.sourceforge.net) on your application server, and use your loginModule (which extends directly LoginModule) with the jGuard configuration.
=> the requirement to extends passwordloginModule seems to be reaised by proprietary application server design....(bad j2ee security specification consequences...).
jGuard integrates JAAS in your j2ee environment without any proprietary issue.

hope it helps,

Charles(jGuard team).
 
wood burning stoves
 
subject: Customized JAAS Module.
 
Similar Threads
Deploying EJB using MySql as a datasource
TextInputCallback..
Deploying EJB using MySql as a datasource
About Headers
Sharing authentication