File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JBoss/WildFly and the fly likes Using DatabaseServerLoginModule of JBoss Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Using DatabaseServerLoginModule of JBoss" Watch "Using DatabaseServerLoginModule of JBoss" New topic
Author

Using DatabaseServerLoginModule of JBoss

Meg Adal
Ranch Hand

Joined: Mar 12, 2002
Posts: 70
I am developing a login page for a website where username,pwd are in database.I am using DatabaseServerLoginModule with FORM-Based authentication.

If we use DatabaseServerLoginModule, we need 2 tables
1. For Principal i.e. table with username,pwd say Users.
2. For Roles i.e. table with username,role,rolegroup.

In my case we don't have this Roles tables.
so I twisted the "roleQuery" entry in <application-policy> in login-config.xml and hardcoded the role

So basically I am using DatabaseServerLoginModule only for authentication but not for autherization.

My question :
Which once will be faster
using DatabaseServerLoginModule or
Adding new class to validate the password from database.

Thanks in advance.
[ July 20, 2005: Message edited by: Meg Adal ]
norman richards
Author
Ranch Hand

Joined: Jul 21, 2003
Posts: 367
I may be forgetting about a configuration option somewhere, but a custom module would definitely work. You'd probably only need to override one or two methods so it wouldn't be much to write.

I wouldn't worry about it though. One extra query at login won't impact your performance. JBoss caches the credentials so it doesn't need to check on every request. I'm willing to bet it's not even in your top 25 performance optimizations for the app.
Meg Adal
Ranch Hand

Joined: Mar 12, 2002
Posts: 70
Thanks Norman for the reply.

You got my point
I was little skeptical about the extra query for "Roles" in case of DatabaseServerLoginModule (which is not needed for our login page as we don't have roles).

So I have following 2 optoins :
1. Customize DatabaseServerLoginModule (which will execute 2 queries one on Users table and other on Roles table )
OR
2. Don't use DatabaseServerLoginModule at all but define Servlet to query
Users table only.
[ July 21, 2005: Message edited by: Meg Adal ]
norman richards
Author
Ranch Hand

Joined: Jul 21, 2003
Posts: 367
Option 3 is to create a custom login module which extends DatabaseServerLoginmodule and overrides the roles query to return a static set of roles. This shouldn't be more than 20-30 lines of code.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using DatabaseServerLoginModule of JBoss
 
Similar Threads
JAAS problem ??? plz help
Securing Application for JBoss5.1.0
Simple form-based authentication using JAAS
Security features in Jboss
Studying HeadFirst book: cannot make authentification