We were using the Weblogic security API for the programatic security. This security class is loaded along with the Weblogic start up class . This class do the authentication and autherisation when ever an EJB client connect to the Weblogic Server. Right now I need to do the same thing with the JBoss server. I found two classes UsernamePasswordLoginModule and AbstractServerLoginModule that can be extended to implement the programatic security. I have some questions regarding the usage of this class 1. Is it possible to query database from this implementation class to populate the Role set and password?.
2. Will the JBoss server calls this class automatically when ever an EJB client connects to it?.
Please advice me in this regard?. Am I in the right direction for implementing this security ?. I am new to JBoss. All my roles and user list are in Orcale database and so please advice me to implement the security in this scenario??
since you already have your users and roles in the oracle database you're better off using the DatabaseLoginModule.
Also you can write custom login modules, or you can use security interceptors to further your programmatic security.