JAAS and user specific access to external system functionality

Discussion in 'Java' started by davout, Oct 25, 2003.

  1. davout

    davout Guest

    I have a java app that uses a number of other external applications as part
    of its business logic. These include other custom apps, LDAP and RDBMS data
    servers. My Java app has its own authentication scheme that uses JAAS.

    When it comes to connecting to these other external systems normally you
    might expect the Java application to use a single authentication credential
    as a means of accessing the external system. However, in this case the
    requirement is that all external system access should be identified by the
    orginating user. Hence, if 'Joe' is the user connecting to my Java app then
    'Joe' should be the user connecting to the external custom, RDBMS or LDAP
    system.

    Looking at JAAS it seems that I could handle this be creating LoginModule
    implementations for each external system, but there are a couple of issues
    to resolve...

    First, some systems like JNDI/LDAP return a class instance (e.g. DirContext
    for JNDI) as a result of the successful login. Given that my Java business
    logic has to employ a user specific context when communicating with the
    external system how should I obtain this?

    For example if I'm accessing an LDAP server to perform data operations then
    if Joe is the originating Java app user when it comes to performing the LDAP
    operations these must be performed using a JNDI DirContext that is specific
    to Joe. How should I retrieve this? As the DirContext is created as part of
    the LoginModule 'login' method should I store it somewhere within the
    LoginModule 'commit' method? Or should I retrieve the authentication
    parameters from the Subject and then create a new JNDI connection?

    Second, if I use multiple JAAS LoginModules then this is likely to require
    multiple sets of user ID's and passwords (i.e. the LDAP server credentials
    are unlikely to be the same as those required for a RDBMS). This is a web
    based system. How should I obtain, package and store the multiple sets of
    credentials?

    By the way single sign-on if not available as an option.

    TIA

    .... davout
     
    davout, Oct 25, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mirek
    Replies:
    3
    Views:
    531
    Chris Jackson
    Dec 17, 2003
  2. davout
    Replies:
    0
    Views:
    398
    davout
    Oct 24, 2003
  3. davout
    Replies:
    0
    Views:
    449
    davout
    Oct 28, 2003
  4. ohaya
    Replies:
    2
    Views:
    4,522
    singharun
    Sep 2, 2010
  5. Replies:
    0
    Views:
    710
Loading...

Share This Page