D
davout
I have a java app that uses a number of other external applications as part
of its business logic. These include other custom apps, LDAP and RDBMS data
servers. My Java app has its own authentication scheme that uses JAAS.
When it comes to connecting to these other external systems normally you
might expect the Java application to use a single authentication credential
as a means of accessing the external system. However, in this case the
requirement is that all external system access should be identified by the
orginating user. Hence, if 'Joe' is the user connecting to my Java app then
'Joe' should be the user connecting to the external custom, RDBMS or LDAP
system.
Looking at JAAS it seems that I could handle this be creating LoginModule
implementations for each external system, but there are a couple of issues
to resolve...
First, some systems like JNDI/LDAP return a class instance (e.g. DirContext
for JNDI) as a result of the successful login. Given that my Java business
logic has to employ a user specific context when communicating with the
external system how should I obtain this?
For example if I'm accessing an LDAP server to perform data operations then
if Joe is the originating Java app user when it comes to performing the LDAP
operations these must be performed using a JNDI DirContext that is specific
to Joe. How should I retrieve this? As the DirContext is created as part of
the LoginModule 'login' method should I store it somewhere within the
LoginModule 'commit' method? Or should I retrieve the authentication
parameters from the Subject and then create a new JNDI connection?
Second, if I use multiple JAAS LoginModules then this is likely to require
multiple sets of user ID's and passwords (i.e. the LDAP server credentials
are unlikely to be the same as those required for a RDBMS). This is a web
based system. How should I obtain, package and store the multiple sets of
credentials?
By the way single sign-on if not available as an option.
TIA
.... davout
of its business logic. These include other custom apps, LDAP and RDBMS data
servers. My Java app has its own authentication scheme that uses JAAS.
When it comes to connecting to these other external systems normally you
might expect the Java application to use a single authentication credential
as a means of accessing the external system. However, in this case the
requirement is that all external system access should be identified by the
orginating user. Hence, if 'Joe' is the user connecting to my Java app then
'Joe' should be the user connecting to the external custom, RDBMS or LDAP
system.
Looking at JAAS it seems that I could handle this be creating LoginModule
implementations for each external system, but there are a couple of issues
to resolve...
First, some systems like JNDI/LDAP return a class instance (e.g. DirContext
for JNDI) as a result of the successful login. Given that my Java business
logic has to employ a user specific context when communicating with the
external system how should I obtain this?
For example if I'm accessing an LDAP server to perform data operations then
if Joe is the originating Java app user when it comes to performing the LDAP
operations these must be performed using a JNDI DirContext that is specific
to Joe. How should I retrieve this? As the DirContext is created as part of
the LoginModule 'login' method should I store it somewhere within the
LoginModule 'commit' method? Or should I retrieve the authentication
parameters from the Subject and then create a new JNDI connection?
Second, if I use multiple JAAS LoginModules then this is likely to require
multiple sets of user ID's and passwords (i.e. the LDAP server credentials
are unlikely to be the same as those required for a RDBMS). This is a web
based system. How should I obtain, package and store the multiple sets of
credentials?
By the way single sign-on if not available as an option.
TIA
.... davout