Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

FORM and BASIC authentication in the same web app

 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Can we have FORM based authentication for certain resources while BASIC authentication for other resources as far as JBOSS is concerned?

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.

I have already implemented BASIC authentication. But now stuck as to how to include JBOSS's DatabaseServerLoginModule.

Thanks.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Girish Vasmatkar wrote:

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.



Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.
 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the quick reply,

Jaikiran Pai wrote:
Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.


The application basically will first open up the home page. Since it is still in it's early days. So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.

I hope, I made myself clearer.

Thanks again!!!



 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Either I did not understand your question or I have got my security configuration knowledge completely wrong

So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

....As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.


What I meant in my previous reply was that BASIC auth-method and JAAS are not mutually exclusive. You can use JAAS with BASIC auth-method and when you wish to switch to FORM based authentication, you just change the auth-method to FORM.
 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay, then, is there any link or concrete example of JASS based security with DataBaseLoginModule?
The link I posted seems quite confusing to me.
It would be of great help.!!
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here. The only change you have to do in that example is to point the <security-domain> element in the web.xml to your application policy name in login-config.xml
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic