We are developing an J2EE based application which can be deployed on oracle, weblogic or websphere. We store user ids and encrypted passwords in our database and I need to build a security solution that works across app servers. I realize that each vendor has their own api for implementing custom user managers, but what I was hoping to do is create a custom LoginModule that knows how to access our database, then configuring the appserver to use that. Unfortunately I have not found a lot of documentation from the vendors about how to use custom JAAS modules -- everything is about the ones they provide.
- Posted by: John Pletka
- Posted on: October 07 2003 22:50 EDT
Has anyone else successfully done something similiar? Building the LoginModule and principal objects are easy, but there is not much point in doing that if the app server has no way to use them.
- Does JASS LoginModule work as cross appserver security impl? by ashish verma on October 07 2003 23:18 EDT
- Does JASS LoginModule work as cross appserver security impl? by Jegadisan Sankar Kumar on October 08 2003 00:59 EDT
Jboss covers that how to build custom login modules in the paid doumnation with a small example.
You will probably need to make small customizations of the implementation for the various Application servers. For example, on BEA, you need to develop a AuthenticationProvider, and as far as I know, you need to add WLSUserImpl and WLSGroupImpl Principals. You can find sample code from the link provided
Basically, it can be done, but will take a bit of effort. Hope that helps