• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Login Use Case and JAAS...

 
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys,

I am assuming that JAAS is virtually a requirement for the login functionality. I am wondering if anyone has specified that JAAS be configured to authenticate the user via a custom database call to retieve the username and password for a specific user or simply used an LDAP call.

I surpose you could use both.

I am quite a beginner with JAAS, to make a custom db call to authenticate the user, does this entail writing/using a custom LoginModule object? Also doing LDAP authentication means we are using an already written LoginModule?

Is it a common thing to write LoginModule's for J2EE apps to handle user authentication?

Thank you for any help, any comments are very appreciated.

Regards,
James.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Any JAAS experts in the forum?

Please help...


Regards,
James.
 
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi James,

In my app with tomcat, i wrote 2 login modules for auth, one for LDAP and another for DB. Both implements LoginModule interface, where i put my principal and roles in a subject class, passing this one for tomcat container.
 
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I am assuming that JAAS is virtually a requirement for the login functionality.


If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.
 
James Turner
Ranch Hand
Posts: 194
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Roger Chung-Wee:

If you have a web application, then surely the servlet specification provides the means to do authentication. This ranges from Basic to HTTPS client.



I think that these authentication methods use JAAS on the server end, appart from HTTPS which is mearly the transportation protocol.

I am just thinking about how to configure JAAS to handle these Basic, Digest, Client-Cert and Form authentication methods on the server side.

I believe this process is application server specific and may require the creation of a custom LoginModule.

I was wondering if this was common practice for the SCEA?

Regards,
James.
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

I am also considering JAAS for security and performing authentication and authorization from a stateless session bean so both web and swing client can use the same method. I am new to JAAS and was wondering is it possible to achieve this i.e how would I set this up if a user required authentication and arrived at the ejb layer without having being authenticated via the web container first.


Thanks
 
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi James,

I used JAAS in my assignment. All I did was just mentioned in my document how authentication and authorization will be handled. You don't really have to go to the actual implementation details.

HTH
 
It sure was nice of your sister to lend us her car. Let's show our appreciation by sharing this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic