Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Customer login with JAAS ?

 
Jose Jim�nez
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think don't use filter to show the customer login view if client not logged-in. I think that the correct is configure the application con jaas and several methods ( confirmItinerary, payItinerary, .... ) only have permission the persons with rol = 'users'. So if a call go to server without user and password or havent permission or not register, container will throws a SecurityException that is thread for client who show a loggin screen (if call not have user,pass) or dialog to indicate that not is register

So, not duplicate code (web filter, swing )

Is this correct?? OR is necessary save in session if user is logged-in and one controller take dession about show loggin screen if a client is not logged-in and he want access to 'private resource'
 
Giju George
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jose, I agree with you and that's the way I am following. I will just document this with my design and NO sequence diagrams needed for login use case. Also the form authentication can then propogate the principal from web tier to ejb tier, where all the authorization can be further done.
 
Jose Jim�nez
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a doubt :

The first calls could be that haven's user and password in Context. How i caching the reference to ejb's home in the client.... when client insert login y password in loggin-screen... is possible put in context the this user and password? Or context only use one time ? I explain me ??

What thinks about this? Can you help me ?
 
chao cai
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Through the JAAS provided by J2EE Container ,you can use the container security,the Security Context will spread by container.I think it is good solution for authentication and authrization.
Did someone pass the partII with this solution
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic