This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes Java in General and the fly likes Custom and generic JAAS module Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Custom and generic JAAS module" Watch "Custom and generic JAAS module" New topic
Author

Custom and generic JAAS module

Parameswaran Thangavel
Ranch Hand

Joined: Mar 01, 2005
Posts: 485
Hi,
I was looking to write a Custom and Generic JAAS based login module. which will be used for both authentication and authorization. And use it across all the application server.

I wrote a Custom LoginModule for Tomcat. Can i use the same class across all the Application server like JBoss, Weblogic and websphere.

Thanks
Param
Martijn Verburg
author
Bartender

Joined: Jun 24, 2003
Posts: 3274
    
    5

I'm really not sure about this but:

1.) If you're following the JAAS std then I don't see why not.
2.) Try first on Jboss, it should be fairly easy to get going if you're familiar with Tomcat.


Cheers, Martijn - Blog,
Twitter, PCGen, Ikasan, My The Well-Grounded Java Developer book!,
My start-up.
Parameswaran Thangavel
Ranch Hand

Joined: Mar 01, 2005
Posts: 485
Well i followed the JAAS standard. But there is a problem though. In Tomcat, i can have different Principal class for both my Principal and Roles. But when comes to JBoss I should have different class to represent the roles for my principal.

In short, It looks like i can have or reuse the Principal class across all the server (Atleast for JBoss and Tomcat).
But when it comes to authorization, we need to have custom (Container specific class) to represent the roles.

I think this is where the Spring Acegi security comes into picture. Which promises to use the same JAAS module across all the container. SPring uses its own class called GrandedAuthority to implement roles.

I never tried on Spring Acegi security, but my above understanding is based on my theoretical knowledge.

Thanks
Param
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom and generic JAAS module
 
Similar Threads
Security in heterogeneous environment?
Call secured EJB from "unsecured" web with custom credentials instead of "BASIC AUTH"ed credentials
What does using JAAS buy me?
Custom JAAS Login Module
JAAS and Websphere