aspose file tools*
The moose likes Security and the fly likes A couple of questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "A couple of questions" Watch "A couple of questions" New topic
Author

A couple of questions

John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Hi:

I have a couple of questions about authentication.

1) <realm-name> is ignored if <auth-method> is FORM. In that case, what realm does FORM authenticate against?

2) Can a JAAS Login Module be used as a realm in FORM authentication? If so, how does the container know to assocaite a realm with the FORM authentication?

3) Assuming 2) is true, do the Principal objects created by the login module get saved automatically in the session?

Hope I was clear enough. Thanks.

Eric
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39544
    
  27
As to #1, the realm name isn't used anywhere, but is it really ignored? (I'm not sure, but I could envision it being used behind the scenes.)

As to #2, realms are set up in the server.xml file. Which realm is used makes no difference to the kind of authentication being used.

As to #3, Principals are not saved in sessions, but they are being made available by the server through a method in the HttpServletRequest object.


Ping & DNS - updated with new look and Ping home screen widget
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: A couple of questions
 
Similar Threads
Example Code for JAAS with JBoss? Got it to work by "fudging." How do Right?
req.isUserInRole("admin"); return false??
How to specify j_uri
Problems with FORM Authentication
j_security_check 404 error