File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Authentication for different user type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Authentication for different user type" Watch "Authentication for different user type" New topic

Authentication for different user type

Youssef Ben Kaddour El Wazzani
Ranch Hand

Joined: Feb 20, 2011
Posts: 41

I would like to know how does the authentication will be addressed in the case of an open web application, by open, i mean open to the public, customers plus the employees. The customers can naturally register and automatically get an account to login in.

* I can't imagine doing it using LDAP for all the users ! Is it doable ?
* Is a JDBCrealm, with a user and role table for all the users appropriate ?
* Another idea i have think about, with a JAASRealm, we could for example implement a combination use, LDAP for the employee and database table for the customer(Like for the JDBCrealm), doing some condition over the provided username, isn't this approriate ?

Rishi Shehrawat
Ranch Hand

Joined: Aug 11, 2010
Posts: 218

Normally LDAP is used for employees & database is used for customers. Another reason for using LDAP is that normally companies have a LDAP sever already set up for employees, by using LDAP the employees are able to use existing user id/passwords.
I think that it should be possible to configure JAAS to work for JDBC & LDAP realm. I had worked on a application which had a similar requirement. We did not want the employee facing app to be availaible on internet, for which we had deployed it as two different apps, basically two different domains in weblogic. For the customer facing domain authentication was done from database & for employee facing auth it was done from LDAP.
Youssef Ben Kaddour El Wazzani
Ranch Hand

Joined: Feb 20, 2011
Posts: 41

Thank you Rishi, this is really more than i was expecting as a response .

To be honest, i had though about the idea you have mentioned, about having two different apps to serve separatly the employees and customers, and thus eliminate the authentication confusion, but finally abandoned it when i was imagining the deployment diagram .

Thanks again.
I agree. Here's the link:
subject: Authentication for different user type
It's not a secret anymore!