Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Excluding existing code from custom JAAS login module

 
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Inside the web tier of our application, I want to put some web services using a custom login module.
The rest of this application must be totally unaffected and continue to run as is.

I can configure oracle app server to use this custom login module for a given application, but once it does that our swing client fails to connect via RMI even though I've granted the user it connects as permissions to do so. Now this is something I can debug and look at, though I have to wonder if it isn't possible to make the login module mandatory for the web services code but optional for everything else. Is it?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
WS are typically secured using the facilities of the WS-Security standard (which provides authentication, signing and encryption). What would JAAS add to that?
 
Taariq San
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
WS are typically secured using the facilities of the WS-Security standard (which provides authentication, signing and encryption). What would JAAS add to that?



I'm using UsernameToken from WS-Security, JAAS autenticates that username and password using our existing authentication code. The app server gets back a happy boolean and allows the web service to be executed. That web service gets the Subject and uses the stored credentials to authorise the execution of the transaction, auditing etc all happens as per normal, against the JAAS authenticated user.
The client wants WS in this month, and we don't have the time or resources to fully utilize the WS standards. The existing authentication/authorization module goes back ages and does all sorts of custom stuff that will 1 or 2 ages to replace.
 
Taariq San
Ranch Hand
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Now that I've written almost everything else but this I want to come back to it, hopefully someone's more helpful than google so far.
Sure Google knows almost everything, you just have to know how to ask.

Looking at this article I see I need a policy and a conf file, I only have the conf file.
Now I'm trying to define the config policy's contents.

Lets say my web services are in package com.javaranch.ws and the rest of my code in various com.javaranch packages, can I even require the custom login module for certain packages as opposed to applications?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic