I am in the process of developing a J2EE application for a Product. As of now, the product is web based with JSP, Struts and EJB. For user authentication, I used a form-based authentication and get the user details in the EJB layer by using the getPrincipal().getName(). I implemented an example on Weblogic and it seems to work fine.
Since it is going to be a product getting implemented on various application servers, I would like to implement a generic authentication/authorization framework which will let me expose my EJBs to other non-web based clients later. That way, I should not be worrying about how the client sends me the authencation credentials to call the EJBs.
I was looking into JAAS for it but am not able to understand how JAAS can be implemented to do what I am trying to do. For now, JAAS has to work with Form-base authentication but later should be able to work to authenticate independent of the client.....
How do I make JAAS and Form-Based authentication work together? I was reading that Weblogic, under the hoods, implements a JAAS LoginModule but it may not be the same on Websphere or JBoss....
Could anyone please direct me in the right way - any articles or suggestions. I have been breaking my head for the last few days with this problem. I AM CONFUSED !!!