Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login Use Case and JAAS...

 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I am assuming that JAAS is virtually a requirement for the login functionality. I am wondering if anyone has specified that JAAS be configured to authenticate the user via a custom database call to retieve the username and password for a specific user or simply used an LDAP call.

I surpose you could use both.

I am quite a beginner with JAAS, to make a custom db call to authenticate the user, does this entail writing/using a custom LoginModule object? Also doing LDAP authentication means we are using an already written LoginModule?

Is it a common thing to write LoginModule's for J2EE apps to handle user authentication?

Thank you for any help, any comments are very appreciated.

Regards,
James.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any JAAS experts in the forum?

Please help...


Regards,
James.
 
Anderson Fonseca
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi James,

In my app with tomcat, i wrote 2 login modules for auth, one for LDAP and another for DB. Both implements LoginModule interface, where i put my principal and roles in a subject class, passing this one for tomcat container.
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am assuming that JAAS is virtually a requirement for the login functionality.

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Roger Chung-Wee:

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.


I think that these authentication methods use JAAS on the server end, appart from HTTPS which is mearly the transportation protocol.

I am just thinking about how to configure JAAS to handle these Basic, Digest, Client-Cert and Form authentication methods on the server side.

I believe this process is application server specific and may require the creation of a custom LoginModule.

I was wondering if this was common practice for the SCEA?

Regards,
James.
 
Jesse Jesse
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I am also considering JAAS for security and performing authentication and authorization from a stateless session bean so both web and swing client can use the same method. I am new to JAAS and was wondering is it possible to achieve this i.e how would I set this up if a user required authentication and arrived at the ejb layer without having being authenticated via the web container first.


Thanks
 
Giju George
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi James,

I used JAAS in my assignment. All I did was just mentioned in my document how authentication and authorization will be handled. You don't really have to go to the actual implementation details.

HTH
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic