• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Bear Bibeault
  • Liutauras Vilda
  • Devaka Cooray
  • Knute Snortum
  • Junilu Lacar
  • Henry Wong
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Piet Souris

JSF, JAAS, and Tomcat

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am pretty new to JSF, and so far I love it, with the exception of authorization and authentication. I have been looking for a good tutorial to get me going using JAAS with JSF and tomcat for a while and have only found fragments. Does anyone know of a good online resource or book that could help me wrap my head around this. What I am trying to do isn't that uncommon, I am trying to authenticate a user against a mysql database table or a LDAP server.

Thanks in advance for anyone that can help.
Saloon Keeper
Posts: 21710
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JAAS is a particular security framework, but the fundamental framework for J2EE is Container Managed Authentication and Authorization. It's not JAAS, although Tomcat can use JAAS as one of the security realm options.

The J2EE CMA&A model is based on an externally-defined "black box" A&A provider, known as a Realm. Basically, the Realm answers one of 2 questions:

1. Is the supplied userid/password combination valid?

2. Is the user a participant in security role "X" (X being supplied as a parameter).

The container itself also interacts. It matches incoming URLs against the security URL patterns in order to determine if the user needs to be authenticated (logged in) and what roles a given URL may service.

Because the Realm is defined through a standard interface, you can select a Realm, such as the JDBCRealm, LDAP Realm, JAAS Realm, or even supply a custom realm for use with specialized systems such as a Web Services-based security API.

Documentation on developing webapps that interface with the J2EE Container Managed A&A subsystem is provided in most books on basic J2EE, especially those that cover servlets and JSPs. Documentation on setting up and configuring a Realm is part of the server documentation, and the Tomcat Realm documentation is fairly good.
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Again, not JAAS, but have a look at Using Spring Security in your Java web application.

I am sure you will love it. MySQL, LDAP and many other authentication mechanisms are possible.
knowledge is the difference between drudgery and strategic action -- tiny ad
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!