[JBoss-user] Integrating Tomcat and jBoss security logon

Tue, 01 May 2001 01:37:14 -0700 

I have looked in user manuals, FAQs and mailing list archives but cannot
find the answer to a deceptively simple question that I hope you can help
with ...

How do I allow a user to logon to my Tomcat server and then pass their logon
username and password transparently down to any enterprise beans that the
JSP uses on their behalf ?

My detailed scenario is as follows :-

I am starting with an application that I am running in Tomcat 3.2.1 as a
JSP.

Security is configured so that the web browser pops up a dialog asking the
user to logon to a web security realm (as opposed to having a JSP I have
written to do the logon - at which point I could cache the username/password
myself). 

This is a model I favour and it allows users of my application to use
features in browsers that let them cache their log on preferences. 

The JSP then makes uses of a JavaBean which accesses my database directly
via JDBC. The JSP checks permissions for a given username once they have
logged on by checking the UserPrincipal.

I wish to migrate this application to an EJB application server and have
installed the jBoss 2.1/Tomcat 3.2.1 integrated environment.

I have sucessfully ported functionality from my JavaBean to an Entity Bean
and enabled JAAS security on the jBoss container. A standalone client can
now log-on directly and securely via this mechanism to the Entity Bean.

I have sucessfully deployed a .war file with my JSPs and Entity Beans
bundled together and can view the JSP via the Tomcat web server. If I
disable security on the Entity Bean, the JSP will talk to it fine.

However I have not been able to allow a user to logon to the JSP page (via a
pop-up dialog) and then enable the JSP to pass the username/password onto
JAAS to talk to the entity bean. Can someone point me at a resource that
explains how to do this, surely it must be a common problem faced in
deploying web applications ?

Thanks in advance for your help,
Pete

--
Pete Bennett (mailto:[EMAIL PROTECTED])
Principal Architect, Synomics Ltd.
http://www.synomics.com  

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to