Log in and have profile ???

Guys,

My exam has two kinds of client.

I need to verify if user is log in and has profile.

I want to put only one point of verification.

How Do I doing this ?

I have thought to verify this within SFSB and I would to use JAAS to do this.

Regards

You can make some assumptions about this. Firstly what type of security is your application and web interface providing ? LDAP ? credentials in database tables ?

The answer to your question depends on the type of security. Some containers use JAAS internally and only require that you use JAAS when operating on a fat application client. Can you elaborate more on your security ?
[ May 29, 2007: Message edited by: John Meyers ]

Hi Alberto,

I think your attitude is very promising. I am working in the same direction.
Probably the best solution would be to keep users and credentials in the database.
The question is how is it possible to build a JAAS LoginModule?
In my opinion the LoginModule must
-look up in the database
-AND create kind of SFSB for the session state management.

Is it feasible / practicable?

Who has an example of such a LoginModule?

The other possibility could be an Intercepting Filter like in Petstore. The main drawback of this solution is that it is not possible to use this functionality for a Java client. It works only for a Web client.

Any comments are highly appreciated.
Francesco Bianchi