5 Replies Latest reply on Sep 11, 2004 9:38 PM by Scott Stark

    Login From Swing App

    estephens Newbie

      I am attempting to use the ClientLoginModule from a Swing application to perform authentication for both the Server and the client.

      I expected the LoginContext.login method to make a call to the server to perform the authentication. However, it seems to simple associate the handler with the login context. Authentication does not happen until the first call to the server. Also, after authentication, I expected that the Subject created at the server would be accessible in the client. The Subject at the client does not have any of the Principals added at the server.

      Is there a way to have the successul completion of the LoginContext.login method actually indicate that the user has been successfully authenticated? Also, can the Subject created at the server be copied to the client?

      Thanks.

        • 1. Re: Login From Swing App
          Scott Stark Master

          You have to add a login module that actually does authentication. The ClientLoginModule only propgates the caller identity to the transport layer for authentication of calls to the server.

          • 2. Re: Login From Swing App
            estephens Newbie

            Thanks Scott.

            What about the Subject? Is there anyway to syunchronize the Subject between the client and the server, other than performing the login in both places?


            Thanks

            • 3. Re: Login From Swing App
              Dmitry Sapunov Newbie

              Hi.

              Is there exists a login module performing real user authentication, not like the ClientLoginModule? Is it working with standard JBoss or needs some extras?

              And one more question.
              Using the ClientLoginModule I've seen that server do not performs authentication when InitialContext.lookup() or InitialContext.list() methods are invoked. Is there any configuration parameters telling that these methods must throw exception for user with invalid username/password?

              Thanks.

              • 4. Re: Login From Swing App
                Scott Stark Master

                The JAAS login done on a client is decoupled from the server. If you obtain the Subject from the client side LoginContext, it will not have the same info as the server. The only way they are coupled is that the configured login modules will have to validate the same identity and proof of identity. You can use client/server oriented login modules that provide tighter coupling if you want.

                • 5. Re: Login From Swing App
                  Scott Stark Master

                  The SRPLoginModule, LdapLoginModule, UserRolesLoginModule are example jboss login modules that can be used to perform client side authentication. There are others available from thirdparty sources as well.