Java Application with Multiple JAAS Security Areas

Question

Java Application with Multiple JAAS Security Areas

I was wondering if it is possible to have a Java EE application with several JAAS security areas. I am currently developing an application in which some users need to authenticate with data stored in a database, while other users need to authenticate through an LDAP binding.

So, I created 2 security areas in Glassfish 3.1, a JDBC area and an LDAP area and configured my web.xml to use the LDAP area (most users are LDAP).

Then I use:

HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest(); request.login(username, password);

for user authentication

Can I switch to the JDBC scope before calling 'request.login'?

early

+4

security authentication java-ee-6 jaas jdbcrealm

ufasoli Aug 12 '10 at 15:44

source share

3 answers

John smith · Answer 1 · 2011-11-15T11:56:40+0000

Did you see it?

Cross-domain authentication using single sign-on with JAAS http://www.devx.com/security/Article/28849/1954

Mark w · Answer 2 · 2011-03-02T19:05:33+0000

I saw somewhere that you can configure the use of two areas or two methods in one area, that if the first failure fails, try the second. I don’t know where I saw him from. Perhaps this will point you in the right direction.

Gonzalo casadevall · Answer 3 · 2017-08-02T11:03:11+0000

You must program your JAAS custom login module, which attempts to authenticate with the method, and if try B does not work.

In your application, everything works transparently in the JAAS login module.

Java Application with Multiple JAAS Security Areas

More articles: