Nathan,

Yes, I did get a login example working with MySQL first. I then replicated
the example to DB2 (basically made the same user and group authentication
files with SQL in DB2). Besides differences in database, I am using the
JTOpen JDBC driver (vs. MySQL driver). The JDBC resource for DB2 defined
in Glassfish does work with my JSF applications for retrieving data, but
apparently does not work with the mechanism in Glassfish to retrieve
credentials with a JDBC realm. Though it could be a configuration issue
somewhere.

If this is not due to an error on my part, however, I agree with Joe that
it doesn't invalidate Java's cross-platform claims because this is not an
issue with Java or the JVM per se. Rather, it seems like it is either an
implementation detail or problem with Glassfish or the JDBC driver. Like
Joe said, it might be due to differences between the SQL implementations
in DB2 and MySQL.

In terms of security for my JSF pages and so far as I know, security roles
and constraints are defined in an application's web.xml file when using
container-managed authentication and authorization. If one wants to build
a custom security mechanism, however, there is nothing preventing that. I
am just exploring the container-managed option. .NET provides a
cross-application security mechanism, for example, but the Java containers
may not.

As far as user profiles go, it probably would make more sense to
authenticate against IBM i profiles in this case. That is another area to
explore, and I think I could do it with the JTOpen classes. I don't think
that would integrate with container-managed security, though. (Maybe WAS
has something built-in for IBM i, but we have no justification to purchase
it at this point.) In terms of a public-facing application, though, it
seems to me that a LDAP directory or database solution might be a better
approach. Password rules could be enforced via an account management
function in the application or portal.

Blake



date: Thu, 1 Mar 2012 12:04:48 -0800 (PST)
from: Nathan Andelin <nandelin@xxxxxxxxx>
subject: Re: [WEB400] Form-based authentication with Glassfish

Blake

Did you get the MySQL interface working before trying the IBM i DB
interface? Maybe you should try the MySQL interface first, since you have
sample code for that. Then try an IBM i DB interface. If you still can't
solve it, that would essentially invalidate Java's cross-platform
compatibility claims. That should stir some java expert to take an
interest in this thread.

Actually, if you continue along this path of defining "security
constraints" in your web.xml file, it feels like you may be boxing
yourself into a corner. How broadly scoped do you want your web.xml
context to be? Would it make more sense to deploy smaller applications and
use more web.xml files? Or, since many applications would share the same
security constraints, does this architecture push you into throwing a lot
of applications into 1 web.xml context?

What about password rules? IBM i has all sorts of password rules that
shops implement to enhance security. Would it be better to authenticate
against IBM i user profiles. Or would it work better to authenticate
against an LDAP directory?

-Nathan.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.