Hi,
I'm working on converting a swing applet from orion to JBoss. I've been
able to establish connectivity to the JBoss server and invoke methods on
various EJB's via the ClientLoginModule. The existing code accepts a
generic username and password that is logged into the "other" login
configuration. In order to make this work, I had to tell the client
which login module to use by specifying the path to the auth.conf file
in the applet parameters window. The configuration line looks similar
to the following:
-Djava.security.auth.login.config=http://localhost/cems/auth.conf
While this is working for development, I will need to implement a more
appropriate security mechanism for production. I've written a custom
login module that is similar to the DatabaseLoginModule except the table
structure is slightly different. Because the custom login module must
validate against a database server, it cannot be loaded into the client
as it will not be able to communicate with the database server.
Ideally, the calls within the module to perform the authentication
would only occur on the server. After reading through most of chapter 8
in the documentation, it looks like the only method that I may be able
to get this to work is in a model similar to the SRPLoginModule in which
requests are delegated to the server via a proxy. I'm wondering if
there is a simpler way to do this or if I just misunderstood the setup?
Thanks
Todd
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
- [JBoss-user] Security question Ferran Puig
- [JBoss-user] JBoss in a shared environment Renato
- Re: [JBoss-user] Security question Cloudor Pu
- [JBoss-user] security question Todd M Benge
- [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question Scott M Stark
- Re: [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question Scott M Stark
- Re: [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question (with exc... Rafal Kedziorski
- Re: [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question Rafal Kedziorski
- Re: [JBoss-user] security question Scott M Stark