• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Piet Souris
  • Carey Brown
  • Stephan van Hulst
Bartenders:
  • Frits Walraven
  • fred rosenberger
  • salvin francis

Map an actual user to a principal? (and other general ?s)

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First let me say that I am just learning about J2EE and security. I've only used form based authentication against a typical "user/password" db table, with programatic security checks sprinkled throughout the web tier code. I want to get away from this poor design.
I am confused about how all this works. If I wanted to use declarative security:
1) what is the typical platform independent technology used to store and manage actual users? How does LDAP fit with this? How can this work with an application that allows web users to change their passwords?
2) What is used as the "glue" between some user management technology and the J2EE security infrastructure. I see how principles and roles can be created, but I don't understand how user "johndoe1" is assigned to role/principle.
Thanks!!
 
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As far as I am aware, the idea is that user "johndoe1" is a principal. A "principal" is just a general term for the computer representation of a particular someone or something (a user, a client, a customer, whatever) external to the system. A "role" is a job, category, or group which may be applied to zero or more principals, for example "administrator", "department head", "CEO".
So to create a Principal, you just need to instantiate an object, representing that external someone, which implements the java.security.Principal interface. In your case you might have a User class with a name field and and any other information you might need.
Does that help?
 
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Patrick Nolan:

1) what is the typical platform independent technology used to store and manage actual users? How does LDAP fit with this? How can this work with an application that allows web users to change their passwords?


Either LDAP or RDBMS will meet most of the requirements. Take a look at Tomcat Realm HOW-TO guidefor more detailed info.


2) What is used as the "glue" between some user management technology and the J2EE security infrastructure. I see how principles and roles can be created, but I don't understand how user "johndoe1" is assigned to role/principle.
Thanks!!


This glue is typically provided by the J2EE Server vendor. For example, Tomcat includes classes to interface with LDAP or an RDBMS. It also includes internal classes that can be used to develop custom interface. Same is true for EJB container implementations.
 
Author
Posts: 367
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JAAS is often used as the glue technology in app servers. In JBoss, for example, you can defined a JAAS domain that does the actual authentication work. You'll have to look at your specific app server to see how it supports JAAS (assuming it does). If you are curious, here's something I wrote about
JAAS and JBoss. It explains how I configured JAAS for JBoss and extended it slightly to match the format of our authentication information in our database. Hope it helps at least explains the concepts...
 
Nothing? Or something? Like this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic