Discussions

EJB design: Implementing User Authentication for a J2EE application

  1. Hello all,

    I am in the process of developing a J2EE application for a Product. As of now, the product is web based with JSP, Struts and EJB. For user authentication, I used a form-based authentication and get the user details in the EJB layer by using the getPrincipal().getName(). I implemented an example on Weblogic and it seems to work fine.

    The problem
    ------------
    Since it is going to be a product getting implemented on various application servers, I would like to implement a generic authentication/authorization framework which will let me expose my EJBs to other non-web based clients later. That way, I should not be worrying about how the client sends me the authencation credentials to call the EJBs.

    I was looking into JAAS for it but am not able to understand how JAAS can be implemented to do what I am trying to do. For now, JAAS has to work with Form-base authentication but later should be able to work to authenticate independent of the client.....

    How do I make JAAS and Form-Based authentication work together? I was reading that Weblogic, under the hoods, implements a JAAS LoginModule but it may not be the same on Websphere or JBoss....

    Could anyone please direct me in the right way - any articles or suggestions. I have been breaking my head for the last few days with this problem. I AM CONFUSED !!!

    Thanks,
    Sonu
  2. Send a post and let me know where to send it...
  3. Thanks for the response.

    You can send it to sonu_thekool at yahoo dot com

    I would really appreciate if you could also post a brief idea of how you implemented the architecture on different Application Servers.

    Thanks again.

    Regards,
    Sonu
  4. appreicate your help.

    N