[JBoss-user] Security Question

[Todd M Benge]

Hi,

I'm working on converting a swing applet from orion to JBoss. I've been able to establish connectivity to the JBoss server and invoke methods on various EJB's via the ClientLoginModule. The existing code accepts a generic username and password that is logged into the "other" login configuration. In order to make this work, I had to tell the client which login module to use by specifying the path to the auth.conf file in the applet parameters window. The configuration line looks similar to the following:

-Djava.security.auth.login.config=http://localhost/cems/auth.conf

While this is working for development, I will need to implement a more appropriate security mechanism for production. I've written a custom login module that is similar to the DatabaseLoginModule except the table structure is slightly different. Because the custom login module must validate against a database server, it cannot be loaded into the client as it will not be able to communicate with the database server. Ideally, the calls within the module to perform the authentication would only occur on the server. After reading through most of chapter 8 in the documentation, it looks like the only method that I may be able to get this to work is in a model similar to the SRPLoginModule in which requests are delegated to the server via a proxy. I'm wondering if there is a simpler way to do this or if I just misunderstood the setup?

Thanks

Todd



-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user