I've spent almost entire day with JSF authentication and I think I'm totally lost. I want to have authentication that will be flexible.
Most people said that "HTTP FORM based authentication in conjunction with JDBC realms" is the best.. but in my opinion is a little bit.. not flexible. I don't want to set database name, and tables where will be username, password, group etc. as constant.
So my question is: What is the best way in case when I've web-service (JAX-WS, WCF etc - that is not important I think) that has a method which returns whether username and password are correct? When I've a function that will connect to DB itself to check whether user and password is ok.. I need only the whole mechanism that will care about which page display (login page or "requested" page). And in case login page, it will use my webservice method to check it..
btw. Is there any good article that will compare and say what method in which case should we use ?
PS. Sorry for the topic if it's bad, I don't have any better idea :/
EDIT: Other words: Here is an example how to use Realm and form based authentication. I must have DB, with User Table, User Name Column, Password Column, Group Table etc. Right? I have to configure my domain with this... But, what If I don't have an access to database? I have access only to web-services, which will tell me whether user and password are correct..
Which user authentication method should I use in this case ?
