3 Replies Latest reply on Mar 5, 2004 3:39 PM by ebdr

    multiple authentication mechanism

    ebdr Newbie

      Hi,

      I have an app running on jboss-3.2.0_tomcat-4.1.24 which has uses the org.jboss.security.auth.spi.DatabaseServerLoginModule and a FORM auth-method. The default user of the app is 'guest'. guest users are allowed to view part of the application and can login to view more based on their new role.

      I now need to add one more authentication layer to protect the application from undesired 'guests'. I would like to setup only one user/password for initial access to the application. This user/password has no direct use on the web app and I would like to separate it from the web app configuration.

      How would I go about doing somehting like this.

      Thank you for you help.

      -Eric

        • 1. Re: multiple authentication mechanism
          Scott Stark Master

          I'm not following your question here, but if you security model does not fit into the standard role to uri based access model, you'll have to implement a custom model using filters and/or tomcat valves.

          • 2. Re: multiple authentication mechanism
            ebdr Newbie

            My problem is the following:
            I have a web app that has its own security model (the login module gets the principals from a DB) with its own set of roles (guest, seller, buyer and admin). This application is at a beta stage and will not be deployed until later. In order to do demos for potential clients, we would like to put it on the web but allow access to the URL only to interested parties. I don't want to change the role model of the web app, but just add one access layer on top of the app (Alias to a URL for example)...

            Hope this is clearer. I never used filters or valves and will look into them. They might be what I need. Thank you for your suggestions.

            -Eric

            • 3. Re: multiple authentication mechanism
              ebdr Newbie

              some more info:

              My current web app is using form based login. the additional layer needs to be a auth-method of BASIC. I would like to specify one user/password (for example demo/demo) in order to access the site (the web app) from which the user can then login (or not) to the site as different roles.

              -Eric