I need authenticate the users of a swing application with a database. I am using:
Client --> ClientLoginModule
Server --> DatabaseServerLoginModule
In the client's code I obtain the username and the password and then I call LoginContext.login(). I know that this don't authenticate the user, only bind principals and credentials in the next invocations to the server's methods.
I want authentice the user before executing a business method.
It's correct execute a method of a session bean to authenticate the user?. If i obtain a exception, then i know that the authentication failed.
We do this and it works so far. The method we call to see if the user is authenticated is UserSessBean.getUserProfile() or some such, so it is not so ugly to use this as a test for autentication.
We had to do some trial and error to see what exceptions came back so we could present "username/password" not valid nicely.