Stack Overflow
Stack Overflow

Questions tagged [jaspic]

JASPIC is an SPI for creating portable server authentication modules (aka SAMs or login modules). It was introduced with Java EE 6, but only for the full profile.

50 questions
15
votes
1 answer

In simplest terms, can anyone explain to me the difference between JAAS, JACC and JASPIC?

I'll be honest. I've been a developer for a quite some time now but its the first time I've heard of JACC ans JASPIC. I understand that they are standards used by authorization providers, but how exactly to they differ from JAAS? and when would we…
Hingle McJingleberry
  • 541
  • 4
  • 26
15
votes
2 answers

Java EE Security: JASPIC / JAAS or apply a Security Framework? (Glassfish 3)

I am currently using Oracle ADF (which is an end-to-end Java EE framework) for building my web applications and GlassFish 3.1 as application server. The latter supports JAAS (declarative inside its admin console). So, I have created a security realm…
Endrik
  • 2,238
  • 3
  • 19
  • 33
14
votes
5 answers

Java Web Application: Using a custom realm

I'm writing a java web application which need to perform login through a webservice. Of course, none of the realms supplied with the application server I'm using (glassfish v2) can do the trick. I therefore had to write my own. It seems however,…
LordOfThePigs
  • 11,050
  • 7
  • 45
  • 69
8
votes
3 answers

Java EE 7 Form based authentication

I'm currently working on a web application based on Java EE 7, PostgreSQL and the application server GlassFish 4. I need to implement a form based authentication, and to secure some URL knowing that : the users and the roles/groups (whatever they…
Unda
  • 1,827
  • 3
  • 23
  • 35
6
votes
1 answer

How to use JASPI/JASPIC on Jetty?

On Jetty's main project page compatibility with JASPI (JASPIC/JSR 196) is mentioned. However, the distribution of Jetty 8 does not seem to contain any classes related to JASPI. There's a jetty-security-8.1.8.v20121106.jar jar in [jetty home]/lib,…
Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
5
votes
1 answer

Is it possible to use container-managed authentication with password salting?

I know how to set up vanilla container-managed security that uses form authentication and uses digested passwords (say, SHA-256). Something like this: web.xml FORM jdbc
Matt Ball
  • 354,903
  • 100
  • 647
  • 710
5
votes
1 answer

JASPIC Wildfly 9 validateRequest with session

Based on this Jaspic Example I wrote the following validateRequest method for a ServerAuthModule: public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { boolean…
knoe
  • 644
  • 1
  • 5
  • 16
5
votes
1 answer

Is it possible to determine group membership of a user on demand instead of when logging in in ServerAuthModule (JASPIC)

I'm trying to write my own ServerAuthModule, to use a custom login system. If I understood everything right, what happens is that the container calls the validateRequest method for every incoming request, and that my SAM will check for credentials,…
Misch
  • 10,350
  • 4
  • 35
  • 49
5
votes
2 answers

Tomcat-Jaas - How to retrieve subject?

I'm studying JAAS and I'm implementing a simple example to use in a webapp using Tomcat with a JaasRealm. Now my problem is that I don't know how to retrieve the subject since code like Subject subject =…
sasaman85
  • 65
  • 1
  • 1
  • 4
5
votes
1 answer

OpenID in Java EE 6 application - how to get Principal object for user

I'm playing with OpenID authentication in my app for the first time. I can successfully authenticate user against choosen provider, but I don't know how to correctly login user on a Java EE server, so that it looks like user was logged in with e.g.…
grafthez
  • 3,921
  • 4
  • 28
  • 42
4
votes
0 answers

Why doesn't Websphere work with my JASPI login module?

In a test application with a simple REST web service as an example, I tried to use JASPI to java-ee security. JASPI worked quickly with Wildfly. At that point, I just implemented the ServerAuthModule interface and configured that module in the…
ymajoros
  • 2,454
  • 3
  • 34
  • 60
4
votes
2 answers

JSP login with declarative security - How does the actual authentication happen?

I've been a little puzzled with this as I have not seen many examples that gave me the complete picture. The best explanation I found so far is this. By defining a security role in web.xml such as "admin" for example, and having my login form with…
Mystic
  • 5,024
  • 4
  • 29
  • 31
4
votes
2 answers

WildFly9 JASPI Module Isolated from Application

I'm trying to create a custom JASPI ServerAuthModule totally isolated from my EAR application. It depends on a legacy version of spring framework 2.5.5. I'm running WildFly 9.0.2.Final. I defined a proper security domain:
Ricardo Gusmão
  • 104
  • 7
4
votes
1 answer

How to setup an application level SAM in WildFly

I previously had some code working on Glassfish, but I want to port it to WildFly. However, I cannot seem get the module to be invoked by WildFly. The ServletContextListener initializes the module as follows AuthConfigFactory.getFactory() …
Archimedes Trajano
  • 35,625
  • 19
  • 175
  • 265
4
votes
1 answer

How to save an authenticated user in JASPIC?

I have developed a Security Authentication Module (SAM) and implemented the validateRequest method. I also have a simple webapp configured to use this SAM. In my validateRequest method, I check the clientSubject and set a CallerPrincipalCallback…
Davio
  • 4,609
  • 2
  • 31
  • 58
1
2 3 4