Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

j2ee security

Status
Not open for further replies.
john307rnr

john307rnr

Programmer
Aug 10, 2002
10
DE
first of all i have to say that i am a bloody beginner in the j2ee environment. i read a lot of the docu that is out there but things aren't getting much clearer. But now to my problem:

the application i am working on (JSP frontend, some java beans and servlets) has a custom security class. it is my job to implement the functionality of the current security with the built in j2ee security. but also the j2ee built in security has to be adjusted to do authorization and authentification without xml files and with a database. i read that oracle has developed it's own jaas provider (JAZN)that fits in tomcat and orion. damn i know that the information i gave to you is probably confusing but it's the best i can tell you till know. i go an have a coffee. thanks !
 
Sort by date Sort by votes
i forget the question: does anybody know if the things i told you above are possible to implement ? does andybody have some experience with it ?
 
Upvote 0 Downvote
J2EE is basically just an extension & API ... its not an "out of the box" type thing.

What "security" do you mean ? There is no real "built in" security that you mention, you must employ APIs lie JAAS in order to get "security" ...

What do you want ? Basic SSL over HTTP for login, or for all web pages, or do you want to implmenet some kind of custom encryption algorithm or what ?

Considering that banks just use clear text passwords over SSL, I would think you are being paranoid if doing anything else over HTTP, and making life VERY difficult for yourself ...

--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
i mean the built in security with which you can limit the users access to web resources. it's an xml file where you supply an URI and a rolename that can access the given URI. i "think" that this feature comes with JAAS. and i also "think" that JAAS's methods isUserInRole() ... are used to evaluate the XML files. now i want to overwrite/reimplement JAAS's isUserinRole() ... to do a DB lookup. Please tell me if i'm totally wrong or if you know a (better) solution.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gurupot
  • Locked
  • Question
Demo j2ee env
Replies
1
Views
178
Diancecht
Diancecht
russland
  • Locked
  • Question
J2EE and EJB3 2
Replies
8
Views
174
Diancecht
Diancecht
4314059
  • Locked
  • Question
define sevral session in j2ee project
Replies
2
Views
111
Diancecht
Diancecht
akaStallion
  • Locked
  • Question
j2ee sdk
Replies
0
Views
83
akaStallion
akaStallion
DotNetGnat
  • Locked
  • Question
Security roles in JAVA EE application
Replies
1
Views
98
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top