File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB and other Java EE Technologies and the fly likes JAAS and container managed security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "JAAS and container managed security" Watch "JAAS and container managed security" New topic

JAAS and container managed security

Saha Kumar
Ranch Hand

Joined: Feb 23, 2006
Posts: 218
Hello All,

I have a J2EE application server, a swing client, and a web client. Can I use JAAS to authenticate the swing client? I already have form-based login on the web client. The J2EE app server EJBs are protected and the web resources are protected. The declarative J2EE container managed security is working for the web client. The swing client will be accessing the EJBs via JNDI. Will the container managed authorization work for the swing client (authenticated via JAAS)?

Thanks in advance.

Chris Mathews
Ranch Hand

Joined: Jul 18, 2001
Posts: 2712
Yes, it will work fine. Depending on the application server you may/or may not have to use JAAS. Most allow you to execute as the last user you retrieved an InitialContext as. Example:

The above code will execute the EJB as the user you passed to the InitialContext. If you still want to go down the JAAS path that is not a problem either but you should read your Application Server documentation for the appropriate way to authenticate via JAAS. Also remember you will have to execute your EJB call as part of a PrivelegedAction to propagate the user principal... this also might require a call to a vendor-specific API. For example, in WLS 6.1 you could do a plain Subject.doAs() but in WLS 8.1 you need to use instead.
Saha Kumar
Ranch Hand

Joined: Feb 23, 2006
Posts: 218

Thanks for the very helpful information. This answers my question in full.

With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: JAAS and container managed security
Similar Threads
Authenticating with EJB tier/JAAS - 2 different ways ?
how does big java application implement security (authentication/ authorization)?
JAAS Vs. Container managed security in web tier (managed at web.xml)
price itinerary use case
JAAS vs Container Managed Security