• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Himai Minh

J2EE authentication/authorizaion: does JAAS handle system users and applicaiton users

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For security topic, I am quite confused on followings:
1. Login mechanisms specified by the J2EE platform (HTTP basic authentication, SSL authentication, or form-based login)
2. JAAS approaches
3. Customized login and authoriazation application modules

My quesitons are:
1. Does JAAS support both 1 and 3?

2. Is it correct always: There are two kinds of users in an application: J2EE system users and application users. System users are created as users in the J2EE platform, using vendor-specific tools. Application users are represented and managed by application code.

3. What are different of JAAS and Customized login and authoriazation application modules for applicaiton users?
 
Ranch Hand
Posts: 228
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To Provide or proctect Web resource , and make force the authentication,whenever unknown user or request comes to this secured web resource, be it jsp or servlet,

There are four methods available
1. Basic - JUst popup for user authentication and credentials are sent in base64
2. Client cert - or mutual authentication
3. Form based - To have customized and a cool authentication login page
4. digest - here credentials are digested in md5 or sha specified.


These are ways by which user authentication is forced.

Now How to Validate the credentials with already you hae to know whether the user is the real user with correct credentials

For that we have JAAS
other means are realms. You can authenticate using LDAP, DB [RDBMS Realm]
 
I knew that guy would be trouble! Thanks tiny ad!
Garden Master Course kickstarter
https://coderanch.com/t/754577/Garden-Master-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic