|
Jason,
If performance is the concern, why not keep
what you have, but cache the successes in a local database?
- Keith
Just
looking for the experiences of others on the list...
How are you handling client authentication in your
jBoss applications? I get the feeling that many developers on the list
are using servlet/jsp/<insert-web-technology-here> front-ends to their
ejb applications. I work in a corporation where NT authentication is
pretty standard (i.e., everyone will have an NT logon id and password), and
JNDI is not implemented. From what I understand of JAAS, the client
side must have server call-backs. In my case, the client will be a web
front-end, most likely running on a *nix box (ejb server also running on
*nix). Makes it kind of tough to integrate with NT domains.
I have coded a simple session bean that
gets around this, but I haven't load tested it yet. When an
authentication request comes in, it actually tries to open an FTP session to
one of the NT servers here, and determines whether or not the logon was
successful. I can't believe that this will hold up under any kind of
stress--that remains to be seen. My other option is to have the user
pass through a web-based authentication system on an NT web server that
could set a cookie if the user is authenticated, but I'd rather not do
that...I hate spreading the application so thin, with so many points of
failure.
Obviously, we could ask
people to register and set up passwords, etc. But, besides being a security
concern (housing people's passwords that they probably use for other
services too), it's a major hassle to ask our customers to remember yet
another password.
Has anyone
else dealt with this? What have you done about it?
-Jason
|
