aspose file tools*
The moose likes JBoss/WildFly and the fly likes FORM and BASIC authentication in the same web app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "FORM and BASIC authentication in the same web app" Watch "FORM and BASIC authentication in the same web app" New topic
Author

FORM and BASIC authentication in the same web app

Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201
Hi,

Can we have FORM based authentication for certain resources while BASIC authentication for other resources as far as JBOSS is concerned?

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.

I have already implemented BASIC authentication. But now stuck as to how to include JBOSS's DatabaseServerLoginModule.

Thanks.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

Girish Vasmatkar wrote:

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.



Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.

[My Blog] [JavaRanch Journal]
Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201
Thanks for the quick reply,

Jaikiran Pai wrote:
Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.


The application basically will first open up the home page. Since it is still in it's early days. So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.

I hope, I made myself clearer.

Thanks again!!!



Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

Either I did not understand your question or I have got my security configuration knowledge completely wrong

So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

....As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.


What I meant in my previous reply was that BASIC auth-method and JAAS are not mutually exclusive. You can use JAAS with BASIC auth-method and when you wish to switch to FORM based authentication, you just change the auth-method to FORM.
Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 201
Okay, then, is there any link or concrete example of JASS based security with DataBaseLoginModule?
The link I posted seems quite confusing to me.
It would be of great help.!!
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

Here. The only change you have to do in that example is to point the <security-domain> element in the web.xml to your application policy name in login-config.xml
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: FORM and BASIC authentication in the same web app