Hi,
Michael Hardy wrote:
> Greetings,
> We currently use JAAS and db stored groups and users to manage a
> form-based login. We would also like to have the same level of
> authentication\authorization security on a web service we have
> created. Since the consumer of the web service is a client device, we
> do not wish to use the form authorization\authentication method. We
> have verified that using BASIC authentication the conversation between
> device and web service functions perfectly. However, this of course
> precludes our form-based login for the web site in our enterprise
> application. Is there a strategy for mixed BASIC and FORM
> authentication? Even better might be a mixed FORM (web site login
> authentication and authorization) and CLIENT-CERT model.
Not sure if we understood the requirement very well, but if you have a
Web App with Form Login and another WebService, can they not be two
separate deployable modules ?.
Based on what we understood so far, One thing that you can explore is
the possibility of using a Server Auth Module (SAM) .
http://blogs.sun.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the
http://blogs.sun.com/monzillo/entry/pluggable_authentication_in_the_glassfish.
We were wondering how you would disthinguish between when to use FORM
and when to use BASIC auth in your current design. May be i should wait
for some clarification from your side, before suggesting anything more.
regards,
kumar
> Thank You,
> -Michael