File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Sessions in JAAS ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Sessions in JAAS ?" Watch "Sessions in JAAS ?" New topic
Author

Sessions in JAAS ?

Dragan Jovanovic
Greenhorn

Joined: Feb 07, 2008
Posts: 15
Hi.
I have a swing/jboss project with JAAS. Swing app shows a login form, user fills userName and password (and some other stuf) in, JAAS consults mysql base and lets the user in. EJB3 objects on JBoss call Context.getCallerPrincipal method to obtain information about user who called them and it all works fine.
But.
I allow every user to log into app many times, maybe setting some parameters on login form differrent (for example ledger year). So, I want every serverSide object to be aware of the session, not only the user. I created algorithm that returns a unique id for the session while loging on and I want to pass that value to server through JAAS. I browsed a lot of JAAS literature looking for a common way to solve this (and I think my problem IS common), but I didn’t see anything similar to my story.

I guess I should pass another (third) value into Callback array, but I don’t know how and where. Any idea ?
Nitesh Kant
Bartender

Joined: Feb 25, 2007
Posts: 1638

Dragan: I want to pass that value to server through JAAS.

Does the JAAS login module need this information for authentication?
If not then it will probably be a bad idea because then your login module will interact with other components on the server side and thus making the login module coupled with the components you are having.

Dragan: I guess I should pass another (third) value into Callback array, but I don’t know how and where. Any idea ?

If you have to do it then yes, the callbacks is the only way to go. You have to pass an additionaly callback and of course the callback handler must be able to handle the callback.

In my opinion, you must make a call to the server, it should first do an authentication, if required, and then do the session specific work. So, rather than the first call being the JAAS call and that internally doing session handling, it should be the other way round.


apigee, a better way to API!
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Sessions in JAAS ?