• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

FORM and BASIC authentication in the same web app

 
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Can we have FORM based authentication for certain resources while BASIC authentication for other resources as far as JBOSS is concerned?

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.

I have already implemented BASIC authentication. But now stuck as to how to include JBOSS's DatabaseServerLoginModule.

Thanks.
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Girish Vasmatkar wrote:

Basically, I want first the browser to prompt the user for username and password using BASIC authentication. And then when the user enters in to home page, he/she will click on the Login link and then the JBOSS's security with JAAS should come into play. The user, after clicking the Login link will be shown a login page and this login and authentication must be based on JAAS as the link here shows.



Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.
 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the quick reply,

Jaikiran Pai wrote:
Why do you want to ask for login credentials twice? And by the way, even when using BASIC authentication, you can still configure the AS to use a DatabaseServerLoginModule in the backend.



The application basically will first open up the home page. Since it is still in it's early days. So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.

I hope, I made myself clearer.

Thanks again!!!



 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Either I did not understand your question or I have got my security configuration knowledge completely wrong

So, we want to protect the app from outside world. This BASIC authentication will be removed when the app goes to production.

....As for JAAS implementation, we are planning to have JAAS security in the JBOSS to authenticate user.



What I meant in my previous reply was that BASIC auth-method and JAAS are not mutually exclusive. You can use JAAS with BASIC auth-method and when you wish to switch to FORM based authentication, you just change the auth-method to FORM.
 
Girish Vasmatkar
Ranch Hand
Posts: 201
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay, then, is there any link or concrete example of JASS based security with DataBaseLoginModule?
The link I posted seems quite confusing to me.
It would be of great help.!!
 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here. The only change you have to do in that example is to point the <security-domain> element in the web.xml to your application policy name in login-config.xml
 
reply
    Bookmark Topic Watch Topic
  • New Topic