Win a copy of Reactive Streams in Java: Concurrency with RxJava, Reactor, and Akka Streams this week in the Reactive Progamming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

JAAS and container managed security

 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

I have a J2EE application server, a swing client, and a web client. Can I use JAAS to authenticate the swing client? I already have form-based login on the web client. The J2EE app server EJBs are protected and the web resources are protected. The declarative J2EE container managed security is working for the web client. The swing client will be accessing the EJBs via JNDI. Will the container managed authorization work for the swing client (authenticated via JAAS)?

Thanks in advance.

-Saha
 
Ranch Hand
Posts: 2713
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it will work fine. Depending on the application server you may/or may not have to use JAAS. Most allow you to execute as the last user you retrieved an InitialContext as. Example:



The above code will execute the EJB as the user you passed to the InitialContext. If you still want to go down the JAAS path that is not a problem either but you should read your Application Server documentation for the appropriate way to authenticate via JAAS. Also remember you will have to execute your EJB call as part of a PrivelegedAction to propagate the user principal... this also might require a call to a vendor-specific API. For example, in WLS 6.1 you could do a plain Subject.doAs() but in WLS 8.1 you need to use weblogic.security.Security.runAs() instead.
 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Chris,

Thanks for the very helpful information. This answers my question in full.

-Saha
 
I'm so happy! And I wish to make this tiny ad happy too:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!