• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Part 2: Security in Web & Swing App

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm planning on using a filter to make sure only authenticated users are allowed to access "protected resources" for the web application (similar to the petshop approach). I'm thinking of using XML over HTTP for the swing app to server communication. Is my understanding correct that the Swing app will need to have the authentication logic in its Front Controller or Business Delegate. Is there any way to have this logic in one place that both web & swing apps can use?

Solomon
 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was planning on having the swing application use JNDI to obtain the session beans (session facades). I haven't figured out how to invoke JNDI over ssl. Does anyone know this?

Thanks.

Ravi
 
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was even faced with the same trouble as your, and thought out some idea,
here are two solutions, but they just represent my point view.

1. Both web app and swing app base on web container, in other words, swing app access EJB through web container, so you can put a Filter in web tier.

2.To swing app, client directly access EJB, and you configure the security of EJB in ejb-jar.xml.

best reguards
 
Solomon Raz
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I seem to like the first solution you've provided. I have a question on that though. For web apps, the filter will look at the URL to see if it is a 'protected resource' and then authenticate the user. Since all calls from the swing app will be to the same URL (that of the FC servlet), how will the filter know when to authenticate. Please clarify.

Solomon
 
Solomon Raz
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Along, I guess after giving it some thought, I may have answered my own qn. I'm thinking the filter servlet will look at the URL and if it is that of the swing app's FC, it should look at the XML message and determine what the request type is and do the necessary authentication. Is this in line with your thought also.

thanks
Solomon
 
Ravi Dhanum
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello all,

There is an invaluable discussion on this at:
web and swing authentication
I'm planning on using container managed for the web and client.

-Ravi
 
What do you have in that there bucket? It wouldn't be a tiny ad by any chance ...
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic