[jboss-user] [Security & JAAS/JBoss] - Re: Basic app client to app server authentication in J2EE

Wolfgang Knauf do-not-reply at jboss.com
Tue Mar 31 08:07:29 EDT 2009


Hi,

there are two steps required to configure security:

a) on the server (through "login-config.xml" and security domains).

b) on the client (as the client security layer has to know how to perform login against the server).

The client basically sends user and password to the server, and the server grants access or denies it. The client knows whether he has to send user/password or a certificate (this is configured by code and through "auth.conf"). But the client does NOT know how the user/password login is handled on the server side.

Unfortunately, the term "LoginContext" appears on both sides, but these are different things.

You might take a look at the EJB3 tutorial for a very simple sample (chapter 27): http://www.jboss.org/file-access/default/members/jbossejb3/freezone/docs/tutorial/1.0.4/html/Security_and_Transactions_in_EJB3.html

Best regards

Wolfgang

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222316#4222316

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222316



More information about the jboss-user mailing list