1 Reply Latest reply on Feb 24, 2003 12:05 PM by Steven Ostrowski

    General overview "username/password"

    Mike Wazowski Newbie

      Hi,

      I'm a new JBoss-User and I have some general questions about username and passwords. (I'm using JBoss 3.0.4.)

      With EJB I want to access a database (MS SQLServer2000). In this database I can specify users (incl. password) and their rights. That's no problem.

      But my problem is:
      An user have to login with username and password. With this values I have to look up what EJB-actions he is allowed to do. But I need this values also for identifying the user to the database.
      In the file login-config.xml I can specify an username and a password. But what do I have to do, if the user wants to change his password? And what to do, when I have to registry a new user?
      Isn't it better to save these values in the database?

      And what about security rolls?
      I have put the constants SECURITY_PRINCIPAL and SECURITY_CREDENTIALS in the InitialContext. But how do I connect these values with my JBoss configuration or with the defined security rolls in an ejb-jar.xml to control the access of my EJBs?

      I would be very thankful about a general overview or some helpful hints.

      MIKE :o)

        • 1. Re: General overview "username/password"
          Steven Ostrowski Newbie

          I would suggest looking at the more complicated login modules. In particular the database login module would help. You can retrieve the authentication information from a database table that stores usernames and passwords.

          To let someone change the password, you could write a servlet or some other app to allow them to update the database information with their new password.

          Hopefully this helps!