I'm trying to work out how the Login module flags work in JAAS (using JBoss 5.1 EAP) and I've come across a puzzling situation that I'm hoping someone can clarify for me. For background, my login...

I need to provide password for keystore in my EJB but I don't want it to be visible to developers. My idea was to create Authentication Alias in Websphere Console and later lookup for MY_ALIAS and ...

What is the best way to go about implementing authentication and authorization for a JSF web application? Preferrably I'd still want to use container-based security, as I need to call EJBs that req...

I have an interesting project requirement where we must accept a token as a GET paramenter that will authenticate a user coming into an application. This is to allow trusted third parties to ...

This is related to Tomcat 6 with JAASRealm and a custom JAAS module for security. Other Application Servers seem to support the mapping of application role names (in web.xml) to actual groups of t...

When using JAAS JDBCRealms with Tomcat, I usually define the realm in server.xml. But now I am looking for a simpler solution, where I don't have to configure the Tomcat container when deploying th...

I'm running Tomcat 6.0.29 and created a realm and loginmodule of my own. They are defined in server.xml like so: <Realm className="mycompany.tomcat.MyRepositoryRealm" appName="My_Realm" userCla...

I'm using mockito to test a legacy JAAS/LDAP login module. The javax.security.auth.callback.CallbackHandler interface defines the function: void handle(javax.security.auth.callback.Callback[] cal...

we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module.Krb5L...

I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new ...

I'm trying to find a simple, flexible way to add JaaS authentication to REST. I found a post that I think leads me in the right direction (See StevenC's answer). It sounds like the servlet containe...

The following code is for authenticating to a windows AD server using Java+Kerberos and it works fine- public class KerberosAuthenticator { public static void main(String[] args) { String jaasCo...

Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and pri...

I need to write a java program to connect to a HTTPS server (DoD website). The website requires CAC (DoD common access card) authentication. If you access this site via browser, you insert your CAC...

What's the point of JAAS if I have to write my own {whatever}LoginModule and everything else?