[jboss-user] [Security & JAAS/JBoss] - recomended type of autentisation

alfonz19 do-not-reply at jboss.com
Fri Feb 13 08:26:14 EST 2009


I need (and would appretiate any) hint. I'm writing some application and have to support a few places to authentize towards. I do not not how to describe it better, so sorry about my english. I've found out, that jboss does support four methods: basic, form, digest and client-certificate. I cannot use client-certificate and basic seems weak to me.

I can use form over ssl, but I'm not sure whether is it enough and whether I should use some kind of challenge-response approach in it.

Then there is digest, but I'm not sure how it works, since I did not found enough materials (at least I do not know what module-option passwordIsA1Hash means, and how exactly it all works) and moreover I do not know how (whether) I can use this kind of authentication with LDAP or ActiveDirectory.

Do you have any suggestions? If you solve this problem in any better way, please tell me. I'm listening. Thanks in advance.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4209877#4209877

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4209877

More information about the jboss-user mailing list