jaas

I need to provide password for keystore in my EJB but I don't want it to be visible to developers. My idea was to create Authentication Alias in Websphere Console and later lookup for MY_ALIAS and obtain password from alias. I found some discussion related to subject at: http://www.coderanch.com/t/79439/Websphere/Authentication-Data Do anybody knows can alias be lookuped? What is your suggested method to achieve my goal? Thank you very much! You can use the following code to obtain credentials from J2C authentication data entry: import com.ibm.wsspi.security.auth.callback.Constants; import com

I have this security configuration in Glassfish domain.xml which works for 4.0 but fail in 4.1.1 can someone help to identify what is wrong. The only difference is the class package "ee" GF 4.0 (with extra ee ) <auth-realm classname="com.sun.enterprise.security.ee.auth.realm.jdbc.JDBCRealm" name="authentication-realm"> <property name="jaas-context" value="jdbcRealm"></property> <property name="password-column" value="password"></property> <property name="datasource-jndi" value="jdbc/SomeDS"></property> <property name="group-table" value="v_user_role"></property> <property name="charset" value=

I am trying to secure my application which is built using JSF2.0. I am confused about when do people choose to go with security alternatives like Shiro, Spring Security or owasp's esapi leaving behind container managed security. Having seen some of related questions on Stack Overflow, where I realized that container based security was more preferred by JSF developers in past. But I have also been strongly recommended to use Apache Shiro. I am novice in terms of the security issues and have no idea what may be the relevant issues & how to deal with them. Therefore I'm looking for something that

I am having a hard time understanding JAAS. It all seems more complicated than it should be (especially the Sun tutorials). I need a simple tutorial or example on how to implement security (authentication + authorization) in java application based on Struts + Spring + Hibernate with custom user repository. Can be implemented using ACEGI. Here are some of the links I used to help understand JAAS: http://www.owasp.org/index.php/JAAS_Tomcat_Login_Module http://www.javaworld.com/jw-09-2002/jw-0913-jaas.html http://jaasbook.wordpress.com/ http://roneiv.wordpress.com/2008/02/18/jaas-authentication