• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

J2EE and JAAS

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am developing a J2EE application with a Swing client.
For authentication, I plan to use JAAS.
what I want to know is where will the LoginModule reside?
Is it on the server?
If so will the LoginContext be created on the server?
In that case some resource on the server has to be contacted for creating the LoginContext even before any authentication is done
If the LoginContext is created on the client side, will the LoginModule also reside on the client?
If it resides on the server, where do we specify the URL of the server?
because all we do is loginContext.login()
I hope my queries are not confusing
Thanks in advance
Best Wishes
Shyam Sankar S.
 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good question - I'm not sure if I have enough hands-on experience with stand-alone Java clients to help you, but I will try.
My understanding is that your client will create a LoginContext s.t. it can perform login(), doAs(), etc. The LoginModule itself will live on the server, and will authenticate users. Your client will therefore need to be configured to know where the security server is and what port it is running on.
Here is some sample WebSphere code:

I grabbed this from WebSphere's Developing with JASS and JAAS Example.
Hope this helps!
Cheers,
--Dave.
 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks dave for your inputs. I have been trying to get an answer for a similar question which I have posted today and earlier as well.
I want to test out the jaas with a very simple example and so I could take any application.
Question is where is the jaas module running ?
can i test say a telnet application with jaas ?
ie the telnet client would call a jaas module that would verify the credentials of the user and telnet client. would that be a feasible to test ? or there are some modifications required to the client as well as the server ?
there are tutorials and white papers on jaas but none of them explains this basic fact ? or may be i need to re-read them again.
thanks

Originally posted by Dave Teare:
Good question - I'm not sure if I have enough hands-on experience with stand-alone Java clients to help you, but I will try.
My understanding is that your client will create a LoginContext s.t. it can perform login(), doAs(), etc. The LoginModule itself will live on the server, and will authenticate users. Your client will therefore need to be configured to know where the security server is and what port it is running on.
Here is some sample WebSphere code:

I grabbed this from WebSphere's Developing with JASS and JAAS Example.
Hope this helps!
Cheers,
--Dave.

 
Dave Teare
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry Sandy,
I don't understand your question. Now, I just got back from vacation in Mexico so perhaps the sun has fried my brain
Are you writting a telnet application that will validate users against JAAS, or are you trying to test your JAAS login module using telnet?
From what I understand, the LoginModule impl will live in your application server, say WebSphere, and you will connect to it from your client using the code posted above. Of course, if you are not using WAS, you need to find an example for your particular env.
If you're simply trying to test your JAAS LoginModule impl, I would write a JUnit test that excercises your module, I don't see how telnet would fit in since the transport is specific to your env (i.e., WAS runs over IIOP).
Now, on my vacation I did read a great Struts book that showed you how to connect to your app server via telnet s.t. you could see the data traffic between a browser and a servlet. Is this similar to what yoy are trying?
--Dave.
 
sandy km
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I want to test out JAAS login module using xyz application.
I thought telnet would be an easy one.... Any app is fine as long as I can write and test the jaas login module to authenticate a user for this app. User database could be a windows NT database or any other userdatabase.
In summary application and user_db could be any.
thanks

Originally posted by Dave Teare:
Sorry Sandy,
I don't understand your question. Now, I just got back from vacation in Mexico so perhaps the sun has fried my brain
Are you writting a telnet application that will validate users against JAAS, or are you trying to test your JAAS login module using telnet?
From what I understand, the LoginModule impl will live in your application server, say WebSphere, and you will connect to it from your client using the code posted above. Of course, if you are not using WAS, you need to find an example for your particular env.
If you're simply trying to test your JAAS LoginModule impl, I would write a JUnit test that excercises your module, I don't see how telnet would fit in since the transport is specific to your env (i.e., WAS runs over IIOP).
Now, on my vacation I did read a great Struts book that showed you how to connect to your app server via telnet s.t. you could see the data traffic between a browser and a servlet. Is this similar to what yoy are trying?
--Dave.

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic