GeeCON Prague 2014*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Login Use Case and JAAS... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Login Use Case and JAAS..." Watch "Login Use Case and JAAS..." New topic
Author

Login Use Case and JAAS...

James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Hi Guys,

I am assuming that JAAS is virtually a requirement for the login functionality. I am wondering if anyone has specified that JAAS be configured to authenticate the user via a custom database call to retieve the username and password for a specific user or simply used an LDAP call.

I surpose you could use both.

I am quite a beginner with JAAS, to make a custom db call to authenticate the user, does this entail writing/using a custom LoginModule object? Also doing LDAP authentication means we are using an already written LoginModule?

Is it a common thing to write LoginModule's for J2EE apps to handle user authentication?

Thank you for any help, any comments are very appreciated.

Regards,
James.


James<br />SCJP 1.4 - 92%<br />SCJD - 93%<br />SCWCD 1.4 - 95%<br />SCBCD 1.3 - 100%<br />SCEA - 92%
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Any JAAS experts in the forum?

Please help...


Regards,
James.
Anderson Fonseca
Ranch Hand

Joined: Feb 05, 2004
Posts: 126
Hi James,

In my app with tomcat, i wrote 2 login modules for auth, one for LDAP and another for DB. Both implements LoginModule interface, where i put my principal and roles in a subject class, passing this one for tomcat container.


Anderson Fonseca :: Brazil<br />SCJA 1.0, SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCDJWS, SCEA(I), SCEA 5 (I,II,III)
Roger Chung-Wee
Ranch Hand

Joined: Sep 29, 2002
Posts: 1683
I am assuming that JAAS is virtually a requirement for the login functionality.

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.


SCJP 1.4, SCWCD 1.3, SCBCD 1.3
James Turner
Ranch Hand

Joined: May 10, 2004
Posts: 194
Originally posted by Roger Chung-Wee:

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.


I think that these authentication methods use JAAS on the server end, appart from HTTPS which is mearly the transportation protocol.

I am just thinking about how to configure JAAS to handle these Basic, Digest, Client-Cert and Form authentication methods on the server side.

I believe this process is application server specific and may require the creation of a custom LoginModule.

I was wondering if this was common practice for the SCEA?

Regards,
James.
Jesse Jesse
Greenhorn

Joined: Jun 04, 2004
Posts: 22
Hi

I am also considering JAAS for security and performing authentication and authorization from a stateless session bean so both web and swing client can use the same method. I am new to JAAS and was wondering is it possible to achieve this i.e how would I set this up if a user required authentication and arrived at the ejb layer without having being authenticated via the web container first.


Thanks


SCJP, SCJD, SCWCD, SCBCD
Giju George
Ranch Hand

Joined: Jun 08, 2004
Posts: 333
Hi James,

I used JAAS in my assignment. All I did was just mentioned in my document how authentication and authorization will be handled. You don't really have to go to the actual implementation details.

HTH


SCJP 1.4, SCWCD 1.4, SCBCD 1.3, SCEA
 
GeeCON Prague 2014
 
subject: Login Use Case and JAAS...