File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login Use Case and JAAS...

 
James Turner
Ranch Hand
Posts: 194
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

I am assuming that JAAS is virtually a requirement for the login functionality. I am wondering if anyone has specified that JAAS be configured to authenticate the user via a custom database call to retieve the username and password for a specific user or simply used an LDAP call.

I surpose you could use both.

I am quite a beginner with JAAS, to make a custom db call to authenticate the user, does this entail writing/using a custom LoginModule object? Also doing LDAP authentication means we are using an already written LoginModule?

Is it a common thing to write LoginModule's for J2EE apps to handle user authentication?

Thank you for any help, any comments are very appreciated.

Regards,
James.
 
James Turner
Ranch Hand
Posts: 194
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any JAAS experts in the forum?

Please help...


Regards,
James.
 
Anderson Fonseca
Ranch Hand
Posts: 126
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi James,

In my app with tomcat, i wrote 2 login modules for auth, one for LDAP and another for DB. Both implements LoginModule interface, where i put my principal and roles in a subject class, passing this one for tomcat container.
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am assuming that JAAS is virtually a requirement for the login functionality.

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.
 
James Turner
Ranch Hand
Posts: 194
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Roger Chung-Wee:

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.


I think that these authentication methods use JAAS on the server end, appart from HTTPS which is mearly the transportation protocol.

I am just thinking about how to configure JAAS to handle these Basic, Digest, Client-Cert and Form authentication methods on the server side.

I believe this process is application server specific and may require the creation of a custom LoginModule.

I was wondering if this was common practice for the SCEA?

Regards,
James.
 
Jesse Jesse
Greenhorn
Posts: 22
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I am also considering JAAS for security and performing authentication and authorization from a stateless session bean so both web and swing client can use the same method. I am new to JAAS and was wondering is it possible to achieve this i.e how would I set this up if a user required authentication and arrived at the ejb layer without having being authenticated via the web container first.


Thanks
 
Giju George
Ranch Hand
Posts: 333
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi James,

I used JAAS in my assignment. All I did was just mentioned in my document how authentication and authorization will be handled. You don't really have to go to the actual implementation details.

HTH
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic