Can anybody give me a hint about JAAS servlet implementation ?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   smallufo_huang
Posted On:   Wednesday, March 6, 2002 05:13 AM

I am running UBBThreads (www.infopop.com) in my web site. It is a web-based threading-like discussing board , with its authentication/authorization mechanism. About the authentication , it is just a username/(encrypted)password pair in MySQL database , and the program extracts the username/password from user's browser cookie to validate. All the system is written in PHP , which I am not familiar with. I want to add a layer (in Java), connecting its database , so that I can develop other services on my website based on UBBThreads' authentication mechanism, and I don't need to develop another entitlement system. I recently know that JAAS is the standard Java pluggable authentication/   More>>

I am running UBBThreads (www.infopop.com) in my web site.

It is a web-based threading-like discussing board , with its authentication/authorization mechanism.

About the authentication , it is just a username/(encrypted)password pair in MySQL database , and the program extracts the username/password from user's browser cookie to validate.

All the system is written in PHP , which I am not familiar with.



I want to add a layer (in Java), connecting its database , so that I can develop other services on my website based on UBBThreads' authentication mechanism, and I don't need to develop another entitlement system.



I recently know that JAAS is the standard Java pluggable authentication/authorization. If I implement UBBThreads' JAAS layer , it may be easily connected to other enterprise level Java application. Therefore , I looked into the JAAS documentation . But maybe because my English is not so good , I found JAAS is very hard to comprehend.



There are many terms I am not very clear about , such as credential/principal... In the example SUN provided : TextCallbackHandler.java / DialogCallbackHandler.java / SimpleLoginModule.java ...etc , I read them throughly but still don't know how to implement a servlet based JAAS.

I thought these should be the classes I have to implement , please correct me if I am wrong :



1. ServletCallbackHandler extends HttpServlet implements javax.security.auth.callback.CallbackHandler

2. UBBThreadsPrincipal implements java.security.Principal

3. UBBThreadsModule implements javax.security.auth.spi.LoginModule



But I still don't know how to start ? Should I use JAAS with ServletFilter ? or within-program-logically ? Which program involves JDBC connection ?



I heard about that JAAS is also dependent on servlet container , and I am using Resin 2.0.5 on Linux. Does Resin support JAAS ? If do , how should I do ? Can anybody give a hint ? Thank you very much.

   <<Less
About | Sitemap | Contact