3 Replies Latest reply on Jan 15, 2005 5:26 PM by Scott Stark

    Manual login from servlet

    chris bono Newbie

      I am integrating a .NET->Java bridge into a J2EE app. The bridge has a webapp that listens for TCP/binary connections from the .NET proxies. On every request the user/pass is sent. I need to extract these values and manually log into the container on every request. No HTTP Basic is not supported. Very similar architecture as webservices.

      Two ways to do it (that both work)
      1) use LoginContext("client-login", ...").login() and hide the underneath mechanisms

      2) manually authenticate against the SecurityManager and then set then set the SecurityAssociation (similar to the way that axis org.jboss.net.axis.server.JBossAuthenticationHandler) works.

      I like approach 1) as it hides the authentication mechanism and is less
      custom code. However, which method is better performing? How much
      penalty will I pay for going through the JAAS interface? Any suggestions are welcomed.