Hi! Calling all Security Specialists!! I'm working on a J2EE project with Weblogic 7.0 and Struts 1.0.2. The client wants secure authentication and authorization for Login module through JAAS and/ or LDAP. Also the client does not want to store userid and password in the RDBMS. Security is a new area for me, and I'm not finding the right info from the websites. My questions are: 1. Is it possible to use JAAS and store userid, password somewhere other than the RDBMS? 2. Since Weblogic 7.0 has an embedded LDAP, can I use it in conjunction with JAAS to store ID and password info? If so, how do I obtain a reference to the embedded LDAP server? Specifically, what are the steps?
posted 14 years ago
look at http://www2.theserverside.com/resources/articles/Pramati-JAAS/article.html