1 Reply Latest reply on Nov 29, 2001 10:22 AM by jwkaltz

    JAAS authentication using EJB

    samuel_rouiller
    samuel_rouiller Nov 27, 2001 9:50 AM

      Hi,

      I need to authenticate users that access my web app to display some kind of account specific information.

      I've got a simple authentication mechanism running with form-based authentication in the web app, and using the DatabaseServerLoginModule to find principals and roles from my DB.

      What should I do to authenticate users against data contained in some entity bean (account name & password) instead of the DB tables? Should I write my own LoginModule?

      I have also another understanding problem: I need to authenticate users against several type of accounts implemented by different EB's. Should I map one role name from the web-app auth-constraint to each type of account? Do I have to handle this in the LoginModule or somewhere else?

      Any help or suggestion will be greatly appreciated, thanks in advance.

      Sam

      • 6649 Views
      • Tags:
        • 1. Re: JAAS authentication using EJB
          jwkaltz
          jwkaltz Nov 29, 2001 10:22 AM (in response to samuel_rouiller)

          > I have also another understanding problem: I need to
          > authenticate users against several type of accounts
          > implemented by different EB's. (...)

          My understanding is : ff different beans need different types of login, then you should have different security contexts in your jaas.jar. Then you deploy the beans in different jars, one for each security context you require, and in this jar you refer to the appropriate security context.

            • Actions