Win a copy of React Cookbook: Recipes for Mastering the React Framework this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Rob Spoor
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Holloway
  • Piet Souris
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Frits Walraven
  • Himai Minh

Swing Client Vs Web application -- authentication ..

 
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let us say a specific functionality is to be provided both on the web as ejb application and as well as swing application, then how do we go about doing handling security /authentication? any thoughts on the issues to be considered? any useful links???

Thanks in advance, Veena
 
Ranch Hand
Posts: 276
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
MOSTLY authentication is done at the web tier is what i saw in many books.
about authorization its done by method basis in EJB.
you can also use do authorization in web tier but security management in ejb is more powerful than web tier.

about swing i have no idea.
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you handle authentication/authorization at the EJB level, you can put any kind of client access layer (web, Swing, WS, ...) on top of it. That still leaves the question of whether declarative or programmatic security would be used, though.
 
veena madhukar
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
how can authentication be done at the ejb level?
 
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Let us say a specific functionality is to be provided both on the web as ejb application and as well as swing application, then how do we go about doing handling security /authentication? any thoughts on the issues to be considered? any useful links???



We are currently building an application that uses EJB3 as the backend and JSF and Swing as the front ends.

Security checks are done in both front end and back end. The back end simply assumes that the front end is dumb and never trusts the front end. Before you execute any function on the back end, it checks the user's credential and permission levels.

In addition to the security checks done in the back end., some security checks are done in the front end as well (just to maintain sanity).

For example if an user manages to navigate to a page that he is not allowed to visit (ex: via bookmark), then the front end checks the user's permission level and disallows him.

Now in the worst case that the permission levels on the front end are configured incorrently and the user is allowed to visit a page that he is not allowed to., if the user performs an action on the page, a call is made to the backend which checks the user's permission level and disallows the action.

So, in a nutshell your security / permission checks should be in the back end. Whatever security / permission checks you put on the front end would just complement the security checks on the back end.
 
veena madhukar
Ranch Hand
Posts: 86
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you very much. What kind of security check are you doing in the front end? Any tools? When you say security checks are being done at EJB...is it declarative security checks?
 
Ulf Dittmer
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have just posted a reply to the other thread you started, which delves a bit into the topic.
 
Check your pockets for water buffalo. You might need to use this tiny ad until locate a water buffalo:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic