1 2 Previous Next 17 Replies Latest reply on Dec 21, 2005 8:55 AM by Nigel White

    Multi Credential Authentication

    Lewis Gass Newbie

      I have been trying to figure out how to use the standard mechanisms in order to authenticate the web and ejb tiers.

      From what I can see, most mechanisms support the idea that you only need a username and password for authentication. However in our case we need to have the user enter his id plus two forms of authentication, an access code and a date of birth, both needing to be passed down along with the user id to the login module for authentication.

      I know that the SecurityAssociationCallback can be used to pass in an arbitrary object and have been able to code up a filter servlet and a login module that will authenticate the ejb layer, but do not see any way to get tomcat to do the same thing standard, and since I cannot, the web side never is really authenticated and thus the url based security configuration in web.xml will not work.

      Am I missing something obvious or is the web side based on the idea that you only need a username and password, since the only semi-configurable part is the j_security_check form authentication, which only allows username and password.

      Any help / ideas would be appreciated.

        1 2 Previous Next