I am working in a Web Project using the follow technologies.. CDI + EJB3.1 + JPA2.0 + GLASSFISH 3.1.2. This project is already working fine, everyone was happy woking on that :P, but I got some gifts from my boss as follow below.
What I need ? Create a custom login to authenticate differences informations besides username and password, and I would like to do this as generic as possible..
I am reading many tutorials on the web but, I am not sure about creating JAAS Custom Login for theses technologies versions.
Now, I have a Custom Login working fine in a Java Application not in a Web Application.. as I followed a lot of tutorials... but I got surprised yesterday.. I found some tutorials talking about that Custom Login for JAAS has to extend AppservPasswordLoginModule from com.sun.appserv.security.AppservPasswordLoginModule not implements LoginModule from javax.security.auth.spi.LoginModule directly.
I found many tutorials saying to implements LoginModule. I made my Login Module implementing LoginModule and worked fine for a Java application.
I know we have many ways to do that, using servlets filters, using springSecurity, but my current project already use JAAS and I don't want to change this technology.
but what I need is a LoginModule really custom using JAAS, and I know that is possible, but I don't still know how to do this correctly.
so my questions is:
What classes use to create a Custom Login module for as Web Applications using these technologies above ?