Re: Authentication for web clients and Swing clients

From:

=?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk>

Newsgroups:

comp.lang.java.programmer

Date:

Tue, 26 Dec 2006 22:10:28 -0500

Message-ID:

<4591e41e$0$49201$14726298@news.sunsite.dk>

Francesco wrote:

I have to design for University thesis a full j2ee system, with EJB
middle tier and both web clients and Swing Clients.

My dilemma is how can I handle authentication successfully for both web
clients and swing clients ?

I'm thinking to connect swing/web clients to a Business Delegate and
use declarative security in the EJB deployment descriptors.

Will it work ?

And should I need any additional class (besides Business Delegate),
like Login Manager ? or the container will handle it all for me ?
I ask this because I have to draw a Class Diagram, so if any additional
classes are needed I have to draw them.

It is not a problem to do login for a web app or to do login
for a fat client.

The problem is to do both against the same user database.

I can see two routes:

1) setup form based login in the web app against a database
    and let your fat client requests be validated against the
    same database.

2) setup form based login to work with JAAS and also use JAAS
    for your fat client (and let JAAS authenticate against whetever).

Arne