This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Part 2: Security in Web & Swing App Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Part 2: Security in Web & Swing App" Watch "Part 2: Security in Web & Swing App" New topic
Author

Part 2: Security in Web & Swing App

Solomon Raz
Greenhorn

Joined: Feb 26, 2005
Posts: 19
I'm planning on using a filter to make sure only authenticated users are allowed to access "protected resources" for the web application (similar to the petshop approach). I'm thinking of using XML over HTTP for the swing app to server communication. Is my understanding correct that the Swing app will need to have the authentication logic in its Front Controller or Business Delegate. Is there any way to have this logic in one place that both web & swing apps can use?

Solomon
Ravi Dhanum
Ranch Hand

Joined: Feb 27, 2005
Posts: 46
I was planning on having the swing application use JNDI to obtain the session beans (session facades). I haven't figured out how to invoke JNDI over ssl. Does anyone know this?

Thanks.

Ravi
Along huang
Ranch Hand

Joined: Feb 09, 2004
Posts: 72
I was even faced with the same trouble as your, and thought out some idea,
here are two solutions, but they just represent my point view.

1. Both web app and swing app base on web container, in other words, swing app access EJB through web container, so you can put a Filter in web tier.

2.To swing app, client directly access EJB, and you configure the security of EJB in ejb-jar.xml.

best reguards


SCJP1.4 SCJD 2<br />SCEA(In progressing)
Solomon Raz
Greenhorn

Joined: Feb 26, 2005
Posts: 19
I seem to like the first solution you've provided. I have a question on that though. For web apps, the filter will look at the URL to see if it is a 'protected resource' and then authenticate the user. Since all calls from the swing app will be to the same URL (that of the FC servlet), how will the filter know when to authenticate. Please clarify.

Solomon
Solomon Raz
Greenhorn

Joined: Feb 26, 2005
Posts: 19
Along, I guess after giving it some thought, I may have answered my own qn. I'm thinking the filter servlet will look at the URL and if it is that of the swing app's FC, it should look at the XML message and determine what the request type is and do the necessary authentication. Is this in line with your thought also.

thanks
Solomon
Ravi Dhanum
Ranch Hand

Joined: Feb 27, 2005
Posts: 46
Hello all,

There is an invaluable discussion on this at:
web and swing authentication
I'm planning on using container managed for the web and client.

-Ravi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Part 2: Security in Web & Swing App