Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JSF, JAAS, and Tomcat

 
Chuck Syp
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am pretty new to JSF, and so far I love it, with the exception of authorization and authentication. I have been looking for a good tutorial to get me going using JAAS with JSF and tomcat for a while and have only found fragments. Does anyone know of a good online resource or book that could help me wrap my head around this. What I am trying to do isn't that uncommon, I am trying to authenticate a user against a mysql database table or a LDAP server.

Thanks in advance for anyone that can help.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18094
48
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JAAS is a particular security framework, but the fundamental framework for J2EE is Container Managed Authentication and Authorization. It's not JAAS, although Tomcat can use JAAS as one of the security realm options.

The J2EE CMA&A model is based on an externally-defined "black box" A&A provider, known as a Realm. Basically, the Realm answers one of 2 questions:

1. Is the supplied userid/password combination valid?

2. Is the user a participant in security role "X" (X being supplied as a parameter).

The container itself also interacts. It matches incoming URLs against the security URL patterns in order to determine if the user needs to be authenticated (logged in) and what roles a given URL may service.

Because the Realm is defined through a standard interface, you can select a Realm, such as the JDBCRealm, LDAP Realm, JAAS Realm, or even supply a custom realm for use with specialized systems such as a Web Services-based security API.

Documentation on developing webapps that interface with the J2EE Container Managed A&A subsystem is provided in most books on basic J2EE, especially those that cover servlets and JSPs. Documentation on setting up and configuring a Realm is part of the server documentation, and the Tomcat Realm documentation is fairly good.
 
Kamal Wickramanayake
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Again, not JAAS, but have a look at Using Spring Security in your Java web application.

I am sure you will love it. MySQL, LDAP and many other authentication mechanisms are possible.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic