I am assuming that JAAS is virtually a requirement for the login functionality. I am wondering if anyone has specified that JAAS be configured to authenticate the user via a custom database call to retieve the username and password for a specific user or simply used an LDAP call.
I surpose you could use both.
I am quite a beginner with JAAS, to make a custom db call to authenticate the user, does this entail writing/using a custom LoginModule object? Also doing LDAP authentication means we are using an already written LoginModule?
Is it a common thing to write LoginModule's for J2EE apps to handle user authentication?
Thank you for any help, any comments are very appreciated.
In my app with tomcat, i wrote 2 login modules for auth, one for LDAP and another for DB. Both implements LoginModule interface, where i put my principal and roles in a subject class, passing this one for tomcat container.
I am also considering JAAS for security and performing authentication and authorization from a stateless session bean so both web and swing client can use the same method. I am new to JAAS and was wondering is it possible to achieve this i.e how would I set this up if a user required authentication and arrived at the ejb layer without having being authenticated via the web container first.