Hello all,

I am in the process of developing a J2EE application for a Product. As of now, the product is web based with JSP, Struts and EJB. For user authentication, I used a form-based authentication and get the user details in the EJB layer by using the getPrincipal().getName(). I implemented an example on Weblogic and it seems to work fine.

The problem
------------
Since it is going to be a product getting implemented on various application servers, I would like to implement a generic authentication/authorization framework which will let me expose my EJBs to other non-web based clients later. That way, I should not be worrying about how the client sends me the authencation credentials to call the EJBs.

I was looking into JAAS for it but am not able to understand how JAAS can be implemented to do what I am trying to do. For now, JAAS has to work with Form-base authentication but later should be able to work to authenticate independent of the client.....

How do I make JAAS and Form-Based authentication work together? I was reading that Weblogic, under the hoods, implements a JAAS LoginModule but it may not be the same on Websphere or JBoss....

Could anyone please direct me in the right way - any articles or suggestions. I have been breaking my head for the last few days with this problem. I AM CONFUSED !!!

Thanks,
Sonu

Send a post and let me know where to send it...

Thanks for the response.

You can send it to sonu_thekool at yahoo dot com

I would really appreciate if you could also post a brief idea of how you implemented the architecture on different Application Servers.

Thanks again.

Regards,
Sonu

appreicate your help.

N