File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Part 2: Security in Web & Swing App

 
Solomon Raz
Greenhorn
Posts: 19
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm planning on using a filter to make sure only authenticated users are allowed to access "protected resources" for the web application (similar to the petshop approach). I'm thinking of using XML over HTTP for the swing app to server communication. Is my understanding correct that the Swing app will need to have the authentication logic in its Front Controller or Business Delegate. Is there any way to have this logic in one place that both web & swing apps can use?

Solomon
 
Ravi Dhanum
Ranch Hand
Posts: 46
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was planning on having the swing application use JNDI to obtain the session beans (session facades). I haven't figured out how to invoke JNDI over ssl. Does anyone know this?

Thanks.

Ravi
 
Along huang
Ranch Hand
Posts: 72
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was even faced with the same trouble as your, and thought out some idea,
here are two solutions, but they just represent my point view.

1. Both web app and swing app base on web container, in other words, swing app access EJB through web container, so you can put a Filter in web tier.

2.To swing app, client directly access EJB, and you configure the security of EJB in ejb-jar.xml.

best reguards
 
Solomon Raz
Greenhorn
Posts: 19
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I seem to like the first solution you've provided. I have a question on that though. For web apps, the filter will look at the URL to see if it is a 'protected resource' and then authenticate the user. Since all calls from the swing app will be to the same URL (that of the FC servlet), how will the filter know when to authenticate. Please clarify.

Solomon
 
Solomon Raz
Greenhorn
Posts: 19
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Along, I guess after giving it some thought, I may have answered my own qn. I'm thinking the filter servlet will look at the URL and if it is that of the swing app's FC, it should look at the XML message and determine what the request type is and do the necessary authentication. Is this in line with your thought also.

thanks
Solomon
 
Ravi Dhanum
Ranch Hand
Posts: 46
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

There is an invaluable discussion on this at:
web and swing authentication
I'm planning on using container managed for the web and client.

-Ravi
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic