0 Replies Latest reply on Mar 22, 2009 5:01 PM by Adam

    two authorization/authenications mechanisms in one j2ee app

    Adam Newbie


      I've got big problem. There is the system on which I do work, it uses NTLM to autheticate the user. There is special authenticator - the same like NtlmHttpFilter from Jcifs, but not a servlet - a special class (which is derived from AuthenticationBase from tomcat jars) packaged as jar together with login module, which I use in my app. Login module is used to authorise the user - retrieves roles from database.
      When user enteres the app url in the browser it is automatically logged in when she/he is logged in the domain. But when not - the browser shows the window to log in.
      I need in my app the second way to authenticate and authorise the user - login and password should be matched with these from db. I wrote a special jsp and servlet to do that. I also wrote loginModule to log user from db. But how can I do authorisation - so that user roles are retrieved correctly?
      Application uses ejb3 and user principal must be in the sessioncontext.
      Is that possible?