My problem is i am trying to find some thing similar to weblogic way of authentication (by calling weblogic api class Authenticate.authenticate())
so if i get step by step procedure that would be nice
Authenticate.authenticate() is weblogic specific and you will not find an equivalent in JBoss.
But they boh support JAAS, so some aspects will be similar.
For example, you can create a JAAS login module that will check if the user is locked or not and just abort the authentication process if locked or let it go through if user is not locked.
Letting the authentication process going through means that other configured JAAS login modules can then be invoked to perform the rest of the authentication (for example authenticate against LDAP using the JBoss LDAP login module).
All this is standard JAAS behavior and documentation can be found in the standard JDK doc.
The JBoss specific documentation (pointer I sent) will indicate how to integrate your custom JAAS login module in JBoss.
Hi Thomas thanks for your reply
further I need some clarification in terms of i want to write custom login module both server and client side how should i do?
From a pure JAAS point of view, client or server JAAS login modules does not make any differences.
On both side you have one or more JAAS module configured (stack of JAAS modules).
The differences when used with JBoss are as follow:
1) The JBoss client JAAS login module (ClientLoginModule) must be part of your client side JAAS login module stack (unless you write a replacement for it as well, but then you will need to take a close look at JBoss sources).
2) Server JAAS login modules are usually used to also do custom user/role associations. In such case your JAAS login module needs also to take care of these associations and this is done in a JBoss epcific fashion (JAAS does not define how to associate roles to users).
3) Client side JAAS configuration is usually done the "standard" JAAS way (an auth.conf file provided via the java.security.auth.login.config system property), while the server side JAAS configuration is usually done via the conf/login-config.xml or deployed as part of your J2EE application (see DynamicLoginConfig in the wiki pages: http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX).
If I subclass AbstractServerLoginModule and write my logic in (Overriding the super's)login method i can acheive the task rite?
i have to override
The login operation is a JAAS defined operation.
The other ones are specific to the AbstractServerLoginModule to make your life easier so you do not have to worry about the other JAAS defined operations (initialize, commit, abort and logout).
i have a doubt
say i have configured a client login module,
how can i call jboss server side login module to do the actuall login operation?
say in weblogic if i call Authenticate.authenticate()
it executes all login module avialble the server side stack so my server side login does the login operation.
what is the equvalent way in JBOSS?
I believe that JBoss and WebLogic are not working the same way.
With WebLogic, when you call login on your client side, this will indeed go back to the server to perform the authentication (or something like that).
With JBoss, client side login does nothing except associating the user credentials with the current security context. You server side login modules will be invoked at the first EJB request, using the credentials collected though the client login module.
I am also in the same situation. Oneof the application I am migrating from weblogic to jboss is using weblogic security extension, acls, groups,acls, permissions, User info etc...
Could you help me how to map the weblogic equivalents to jboss?
You can mail me at firstname.lastname@example.org
I think you will not find a one-to-one match from weblogic to jboss. The best way to do this is to understand what actually needs to happen during the login (from your application perspective, security rules etc etc) and the have these coded into one (or more) LoginModule implementations.
Then in the login-conf.xml you can define a realm/domain with this one (or more) modules and use that realm in your application jboss.xml.
Moral of the story... dont try to do a one to one match. It may not be possible and you might end up doing stuff to the code that is not architecturally sound and unmanagable.