Originally posted by Rowan John:
Hi,
I have a few basic questions. We are developing a typical application using Websphere 5.0 that has both a web tier (eg Struts) and an EJB tier.
a) We plan on using form-based authentication (with SSL) -- can we use JAAS to authenticate the user against IBM Directory Server? Which approach would I use to achieve this, ie integrate JAAS with Struts or use form-based custom authentication or is their some other approach that is better?
b) Once the user is authenticated in the web tier and they make a call into the ejb tier, I assume the security context passed in means that they arent re-authenticated via JAAS again in the ejb tier?
c) Does JAAS have to be setup separately for both the web and ejb tiers?
d) Given that both the web and ejb tier have their own deployment descriptors is their anyway to consolidate the <security-role> information, or does this have to be duplicated in each deployment descriptor?
many thanks,
Rowan
Kyle Brown, IBM Fellow, CTO for the IBM CIO Office, Author of Cloud Application Architecture Patterns, The Cloud Adoption Playbook, and many more. See my homepage at http://www.kyle-brown.com/ for the latest updates.
Kyle Brown, IBM Fellow, CTO for the IBM CIO Office, Author of Cloud Application Architecture Patterns, The Cloud Adoption Playbook, and many more. See my homepage at http://www.kyle-brown.com/ for the latest updates.
Well, you wouldn't use JAAS because you do not need it and it won't work. Period, end of story. In WebSphere JAAS login modules are only used by Application clients.
Kyle Brown, IBM Fellow, CTO for the IBM CIO Office, Author of Cloud Application Architecture Patterns, The Cloud Adoption Playbook, and many more. See my homepage at http://www.kyle-brown.com/ for the latest updates.
Hey, check out my mega multi devastator cannon. It's wicked. It makes this tiny ad look weak:
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
|