1 Reply Latest reply on Nov 29, 2001 10:22 AM by J. Wolfgang Kaltz

    JAAS authentication using EJB

    Samuel Rouiller Newbie

      Hi,

      I need to authenticate users that access my web app to display some kind of account specific information.

      I've got a simple authentication mechanism running with form-based authentication in the web app, and using the DatabaseServerLoginModule to find principals and roles from my DB.

      What should I do to authenticate users against data contained in some entity bean (account name & password) instead of the DB tables? Should I write my own LoginModule?

      I have also another understanding problem: I need to authenticate users against several type of accounts implemented by different EB's. Should I map one role name from the web-app auth-constraint to each type of account? Do I have to handle this in the LoginModule or somewhere else?

      Any help or suggestion will be greatly appreciated, thanks in advance.

      Sam

        • 1. Re: JAAS authentication using EJB
          J. Wolfgang Kaltz Novice

          > I have also another understanding problem: I need to
          > authenticate users against several type of accounts
          > implemented by different EB's. (...)

          My understanding is : ff different beans need different types of login, then you should have different security contexts in your jaas.jar. Then you deploy the beans in different jars, one for each security context you require, and in this jar you refer to the appropriate security context.