• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication question - Please clarify

 
Johnty Rhodes
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As Customer data (UserName/Pwd) is kept in the DB and if we use an application EJB (say SignOnEJB) to authenticate the User login,

1. Web Client - How can the SignOnEJB send the context back to the Web Container (which will be used for rest of the EJB calls)?

2. Swing Client - Should the Swing Client do authentication for every call as context will not be maintained as Swing client side.

Please clarify.

-Johnty
SCEA - I
 
Santiago Urrizola
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you should read about JAAS, to build and autorization autentication mechanism
 
Samuel Pessorrusso
Ranch Hand
Posts: 164
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For the first question: Why don't you use the web container authentication?
 
Vlad Eroshin
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys. What is the point in Using JAAS. I read about it. I implemented a couple of applications with it. Is the only benefit of using it that you can write in config file which login modules to use for different realms.
LoginContext creates Subject with Principals? How Subject can be used later? what is its primary goal?
 
Johnty Rhodes
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My understanding is JAAS is very easy to implement for the Web Application, as the Web Container takes care of maintaining the 'Subject' for each call to App Container. JAAS Loginmodule will query the DB to get check the username/password and set the 'Subject'.

But my questions are - As Swing App is a separate client,

1. How will this Swing Client access the JAAS Authentication provider which is sitting in App Server? (by jndi lookup???)

2. How will it get the validated Subject back from the JAAS Authenticator?

OR

Should be we have to have some SignOnEJB which does JAAS Login and returns the validated Subject?
public class SignOnEJB{

public Subject login(String Username, String password){

}

}

Thanks
[ June 24, 2006: Message edited by: Johnty Rhodes ]
 
Santiago Urrizola
Ranch Hand
Posts: 172
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. How will this Swing Client access the JAAS Authentication provider which is sitting in App Server? (by jndi lookup???)


With an implementacion on LoginModule and diferent callbacks (login.conf file in the client application)

2. How will it get the validated Subject back from the JAAS Authenticator?


The autenticatd user are stored in the logincontext class
 
Johnty Rhodes
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your replies.

Please continue this discussion in
http://www.coderanch.com/t/154785/java-Architect-SCEA/certification/Swing-client-communication
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic