Tuesday, December 4, 2012

TomEE and JAAS with Javascript

TomEE has four different LoginModule implementations out-of-the-box. The PropertiesLoginModule maps the users and the groups in two files. The SQLLoginModule queries a database. The ServiceProviderLoginModule loads a service with a ServiceLoader. The photodb application uses a fourth one: the ScriptLoginModule.

The ScriptLoginModule uses the Java Scripting API, making it possible to execute Javascript (or any other scripting language) for the user authentication process. See example:

This script authenticates only two users: "michael" and "eddie". The "user" and the "password" variables are bound by the ScriptLoginModule. The "groups" is the list of groups the user belongs to. Let's make it better. We are going to use an EJB. See example:

Now we are using our own EJB to authenticate the users, and we can be very creative on how to do it. I am not that creative so I am going to use a dummy service. :O)

How would you use this class to authenticate against Google or an LDAP server?
Test it! If you followed the instructions on how to install the application, you will only need to update your photodb source code. Our application has only the four users defined by the "LoginImpl" class.