• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

LoginModules (jaas) and EJB

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear All!

I'm a beginner and I need someone's advice on such subject:

I'm writing an j2ee application and I store user data as an entity bean. In this bean I keep the passwords and login's too.

Now I'm implementing the web interface and I'm wondering how to secure it. I'm using jboss and it is using jaas. I think that I should write a custom login modulo which would take the data from EJB, is this a good idea ? If not what solutions are better?

Thanks in advance for your help

Karol Oslowski
 
Rancher
Posts: 43024
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It depends on your requirements, especially how fine-grained you need security to be. If you have your user data in a relational DB already, and it is sufficient to assign various roles to them after they are authenticated, it may be sufficient to use servlet security (i.e., setting up a realm, and hooking it up in your web.xml). It#s a programmatic approach, where you check whether a user has certain role before executing actions that require specific role privileges.
If you want/need to handle access declaratively, possibly even on a per-method basis, JAAS would be the way to go. JAAS is much more powerful, but also a lot more involved to implement.
 
Karol Oslowski
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your answer. But actualy my concern was mainly wheter it is nice (well designed) to keep user data (such as login's and passwords) in an Entity Bean with CMP.

Thanks again

k.
 
Ulf Dittmer
Rancher
Posts: 43024
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As long as you ensure that not just any old web application can get access to the user information, I see no problem with using EJBs.
 
World domination requires a hollowed out volcano with good submarine access. Tiny ads are optional.
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic