I used container managed security (I mean declaring security issues in web.xml, and using security standard servlet API isUserInRole, getUserPrincipal and so on) for several webapp, but I'm now facing the following need that this approach seem not to satisfy:
I have to authenticate users based on both 1) A usual username, password mechanism; 2) A OTP (One Time Password) mechanism, something like a complex string parameter on a URL (sent by e-mail), stored in the DB that uniquely identifies the identity of the user. Now, I'm doing some little tries with JAAS to achieve this, but I have the following doubt: If I understand well I cannot merge the two approaches, that is use servlet declarative and programmatic security with JAAS. If I use JAAS LoginModules, I will not have the isUserInRole and other API's working... Is that right ?? Any help is very appreciated Renato ____________________________________ Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _____________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
