Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > JAAS and user specific access to external system functionality

Thread Tools

JAAS and user specific access to external system functionality

Posts: n/a
I have a java app that uses a number of other external applications as part
of its business logic. These include other custom apps, LDAP and RDBMS data
servers. My Java app has its own authentication scheme that uses JAAS.

When it comes to connecting to these other external systems normally you
might expect the Java application to use a single authentication credential
as a means of accessing the external system. However, in this case the
requirement is that all external system access should be identified by the
orginating user. Hence, if 'Joe' is the user connecting to my Java app then
'Joe' should be the user connecting to the external custom, RDBMS or LDAP

Looking at JAAS it seems that I could handle this be creating LoginModule
implementations for each external system, but there are a couple of issues
to resolve...

First, some systems like JNDI/LDAP return a class instance (e.g. DirContext
for JNDI) as a result of the successful login. Given that my Java business
logic has to employ a user specific context when communicating with the
external system how should I obtain this?

For example if I'm accessing an LDAP server to perform data operations then
if Joe is the originating Java app user when it comes to performing the LDAP
operations these must be performed using a JNDI DirContext that is specific
to Joe. How should I retrieve this? As the DirContext is created as part of
the LoginModule 'login' method should I store it somewhere within the
LoginModule 'commit' method? Or should I retrieve the authentication
parameters from the Subject and then create a new JNDI connection?

Second, if I use multiple JAAS LoginModules then this is likely to require
multiple sets of user ID's and passwords (i.e. the LDAP server credentials
are unlikely to be the same as those required for a RDBMS). This is a web
based system. How should I obtain, package and store the multiple sets of

By the way single sign-on if not available as an option.


.... davout

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Access Subject after JAAS LoginModule? ohaya Java 2 09-02-2010 09:53 AM
JAAS, authorization and role groups Java 0 11-30-2005 11:10 PM
Solution for specific web app functionality needed (scheduling, networking) mirek ASP .Net 3 12-17-2003 09:59 PM
Control access to JAAS CallbackHandler.handle method? davout Java 0 10-28-2003 10:47 PM
Newbie question on JAAS and LDAP davout Java 0 10-24-2003 05:24 PM