I would like to know how does the authentication will be addressed in the case of an open web application, by open, i mean open to the public, customers plus the employees. The customers can naturally register and automatically get an account to login in.
* I can't imagine doing it using LDAP for all the users ! Is it doable ?
* Is a JDBCrealm, with a user and role table for all the users appropriate ?
* Another idea i have think about, with a JAASRealm, we could for example implement a combination use, LDAP for the employee and database table for the customer(Like for the JDBCrealm), doing some condition over the provided username, isn't this approriate ?
Normally LDAP is used for employees & database is used for customers. Another reason for using LDAP is that normally companies have a LDAP sever already set up for employees, by using LDAP the employees are able to use existing user id/passwords.
I think that it should be possible to configure JAAS to work for JDBC & LDAP realm. I had worked on a application which had a similar requirement. We did not want the employee facing app to be availaible on internet, for which we had deployed it as two different apps, basically two different domains in weblogic. For the customer facing domain authentication was done from database & for employee facing auth it was done from LDAP.
Youssef Ben Kaddour El Wazzani
Joined: Feb 20, 2011
Thank you Rishi, this is really more than i was expecting as a response .
To be honest, i had though about the idea you have mentioned, about having two different apps to serve separatly the employees and customers, and thus eliminate the authentication confusion, but finally abandoned it when i was imagining the deployment diagram .