6 Replies Latest reply on May 31, 2007 4:11 PM by marcos_aps

    Doubts about the authenticaton process

    marcos_aps

      - JBoss 4.2.0GA

      Hello, everybody!
      I have my own database with my users and their passwords already encrypted. So I want to write a custom login module to do the authentication, but as I'm new to Java EE and JBoss I'm with the following doubts to proceed:

      - How do I link the username and password typed on a web page to the custom login module? I mean how do I pass the username and password to the login module?

      - How do I have control about when JBoss do the authentication. I mean, I just want JBoss do the authentication when I fire it (after, of course, a button in my login page is pressed).

      I know that these should be basic doubts, but I would like to have your help with it as I'm new to it in JBoss and Java EE.

      Thank you.

      Marcos

        • 1. Re: Doubts about the authenticaton process
          peterj
          • 2. Re: Doubts about the authenticaton process
            marcos_aps

             

            "PeterJ" wrote:
            See http://www.jboss.com/index.html?module=bb&op=viewtopic&t=103158


            I don't want to use I DatabaseServerLoginModule provided by JBoss to do the authentication. I want to develop my own login module to connect with my database that already has a table with my users and the password encrypted (they're hashed too). So, I don't use the JBoss functions to hash the passwords.
            What I just want to know is how I will make my custom login module aware of the username and password typed in the login web page that I will use. Do I have to use some standard name for the username and password input fields in the login web page for JBoss to pass them to my registered login module? Do they have to start with 'j_'? If so, what are the real names that I have to use?
            I know that I have to tell the server what is the login page that I use and what authentication method that I want (FORM in my case), but I don't know how to tell it what are my username and password input fields. How do I proceed?

            Thank you.

            Marcos

            • 3. Re: Doubts about the authenticaton process
              peterj

              The easiest, and correct, way to do what you want to do is write your own login module, hence my reason for pointing you to a prior discussion of this topic (if you look carefully at that topic, that user also had encrypted password in the database and thus could not use the DatabaseServerLoginModule to perform the login and had to write his own login module). The DatabaseServerLoginModule should provide you with a reasonable template (or you could subclass it) within which you can do your own work to validate the user and return the collection of roles.

              • 4. Re: Doubts about the authenticaton process
                marcos_aps

                 

                "PeterJ" wrote:
                The easiest, and correct, way to do what you want to do is write your own login module, hence my reason for pointing you to a prior discussion of this topic (if you look carefully at that topic, that user also had encrypted password in the database and thus could not use the DatabaseServerLoginModule to perform the login and had to write his own login module). The DatabaseServerLoginModule should provide you with a reasonable template (or you could subclass it) within which you can do your own work to validate the user and return the collection of roles.


                I agree with you, Peter and that's exactly what I'm going to do. But there's a part of my doubt that is a little more simple: if I use j_security_check and name my input texts in the login page j_username and j_password, will JBoss pass these values to my own login module? If so, I'm done.

                Thank you.

                Marcos

                • 5. Re: Doubts about the authenticaton process
                  peterj

                  Yes.

                  • 6. Re: Doubts about the authenticaton process
                    marcos_aps

                     

                    "PeterJ" wrote:
                    Yes.


                    Thank you very much, Peter.

                    Marcos