I am running UBBThreads (www.infopop.com) in my web site.

It is a web-based threading-like discussing board , with its authentication/authorization mechanism.

About the authentication , it is just a username/(encrypted)password pair in MySQL database , and the program extracts the username/password from user's browser cookie to validate.

All the system is written in PHP , which I am not familiar with.



I want to add a layer (in Java), connecting its database , so that I can develop other services on my website based on UBBThreads' authentication mechanism, and I don't need to develop another entitlement system.



I recently know that JAAS is the standard Java pluggable authentication/authorization. If I implement UBBThreads' JAAS layer , it may be easily connected to other enterprise level Java application. Therefore , I looked into the JAAS documentation . But maybe because my English is not so good , I found JAAS is very hard to comprehend.



There are many terms I am not very clear about , such as credential/principal... In the example SUN provided : TextCallbackHandler.java / DialogCallbackHandler.java / SimpleLoginModule.java ...etc , I read them throughly but still don't know how to implement a servlet based JAAS.

I thought these should be the classes I have to implement , please correct me if I am wrong :



1. ServletCallbackHandler extends HttpServlet implements javax.security.auth.callback.CallbackHandler

2. UBBThreadsPrincipal implements java.security.Principal

3. UBBThreadsModule implements javax.security.auth.spi.LoginModule



But I still don't know how to start ? Should I use JAAS with ServletFilter ? or within-program-logically ? Which program involves JDBC connection ?



I heard about that JAAS is also dependent on servlet container , and I am using Resin 2.0.5 on Linux. Does Resin support JAAS ? If do , how should I do ? Can anybody give a hint ? Thank you very much.