4 Replies Latest reply on Feb 10, 2005 3:40 PM by Darma Muthiayen

    Authentication custom handler and JAAS module

    Darma Muthiayen Newbie

      Could someone please comment (advantages/disadvantages) on the use of a custom handler to authenticate against a security server (SimpleAuthenticationHandler.java, HTTPAuthHandler.java), as opposed to using a JAAS login module to do the same (UsernamePasswordLoginModule.java).

      The requirement is to use http basic auth to facilitate interoperability.
      The security server returns a token that is later used for authorization purposes.
      The token will be stored in the MessageContext to be passed to a custom provider that uses a dynamic proxy to forward requests to various backend EJB containers.

      Using a JAAS module with credential caching enabled on Tomcat, how to guarantee that the token is passed to the MessageContext (of the relevant request) in the handler chain.

      Are there any descriptor samples or documentation for custom handlers (other than Axis-specific deployment descriptor).

      Comments appreciated.

      Darma