Reputation: 1068
Java Application with Multiple JAAS Security Realms
I was wondering if it was possible to have a Java EE application with multiple JAAS security realms. I'm currently developing an application in which some users need to be authenticated with data stored in a database, while other users need to be authenticated through an LDAP bind.
So I created 2 security realms in glassfish 3.1, a JDBC realm and an LDAP realm and configured my web.xml to use the LDAP realm (most users are LDAP).
I then use :
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
request.login(username, password);
to authenticate user
is it possible to switch to JDBC realm before calling 'request.login' ?
thanks in advance
Upvotes: 4
Views: 3518
Answers (3)
Reputation: 1
You must program your custom JAAS login module that try authenticate in method and if is not work try method B.
In you application is transparently all works in the JAAS login module.
Upvotes: 0
Reputation: 51
Have you seen this?
Cross-Domain Single Sign-On Authentication with JAAS http://www.devx.com/security/Article/28849/1954
Upvotes: 1
Reputation: 5964
I have seen somewhere that you can configure to use two realms or two methods in one realm, that if the first fails it will try the second. I dont know where I saw it sorry. Perhaps that will point you in the right direction.
Upvotes: 0
Related Questions
- Secure Authentication and Authorization in core Java Application
- JBOSS 7 with two contexts. One with SSL Mutual Auth and the other just SSL
- Jaas JDBC Authentication
- Multiple security realms
- Websphere Application Login
- Java Web Application: Using a custom realm
- Java EE 6 App different login methods
- Attribute/Domain security with JavaEE/JaaS?
- How to define Tomcat security Realms per webapp
- Java authentication, authorization service (JAAS)