[jboss-user] [Security & JAAS/JBoss] - recomended type of autentisation

Friday, 13 February 2009

Hi,

I need (and would appretiate any) hint. I'm writing some application and have to
support a few places to authentize towards. I do not not how to describe it better, so
sorry about my english. I've found out, that jboss does support four methods: basic,
form, digest and client-certificate. I cannot use client-certificate and basic seems weak
to me.

I can use form over ssl, but I'm not sure whether is it enough and whether I should
use some kind of challenge-response approach in it.

Then there is digest, but I'm not sure how it works, since I did not found enough
materials (at least I do not know what module-option passwordIsA1Hash means, and how
exactly it all works) and moreover I do not know how (whether) I can use this kind of
authentication with LDAP or ActiveDirectory.

Do you have any suggestions? If you solve this problem in any better way, please tell me.
I'm listening. Thanks in advance.
alfonz.

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4209877#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - recomended type of autentisation