Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

OCMJEA part 2 ... how to handle custom authentication

 
Andres Olarte
Ranch Hand
Posts: 46
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For part 2, I need to provide user authentication. The way things are looking in my design, my application will not have direct access to any database. it seems that the best way to authenticate users would be checking against one of the systems I'm integrating with, via RMI or a WebService. . A custom authenticator has always been problematic in Java EE, normally requiring a custom "Provider" using the SPI of an app server, with all of the portability issues it entails.

Reading around, it seems that JASPIC can allow to create a vendor neutral solution for this problem.

Does this seem like over complicating the issue or a sensible solution?
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Andres,
While that is fine, I do think it is overly complicated. Is portability really a requirement for this application? Usually you get to specify which app server the pretend app server will run on. And this is an Oracle test, so you might as well just pick theirs.
 
Andres Olarte
Ranch Hand
Posts: 46
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne,

Thanks your answer. After doing some more reading and testing a prototype, I'm going to go with JASPIC. It seems to be easier to describe in the diagrams, compared to installing and configuring a ServerAuthenticationModule in Weblogic (the app server that I have selected based on other requirements). It was an opportunity to learn to use a technology that I hadn't used in the past.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic