Showing results for 
Search instead for 
Did you mean: 

Server side login identity

Former Member
0 Kudos


I created a custom login module. On the client side(this is java command line program) the user is authenticated using the login() method of the custom login module.

Now it invokes the session bean and when the method getCallerPrincipal is called it is "Guest".

Where is this identity set.

How I can make the client logon to the server using the identity it authenticated?

thanks a lot

Padmaja Ragavendra

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos


the login module has to make authentication that is trusted by the server. Otherwise a client can simply skip that part and tell the server that the caller is already authenticated.

To have custom authentication you need to:

1. include the custom login modules in your application and deploy it with them. this is important for class loading reasons - the JAAS framework can load the class of the custom login modules using the class loader of the application. If you have your login modules in a library you may use a special property of Security Provider service "LoginModuleClassLoaders" to enumerate the libraries that contain login modules (this property is available since SAP J2EE Engine 6.40 SP05).

2. invoke the JAAS framework on the server:

2.1. in the environment of web application you can use the web-j2ee-engine.xml descriptor of the application to define the authentication stack and include your custom login module within;

2.2. in the case of remote application (based on P4/RMI) you can use the remote login context It works the same as JAAS with the difference that it makes remote communication for the callbacks. For this reason only a limited number of callbacks are accepted. To instantiate a RemoteLoginContext you need to provide the connect info - hostname, port for the P4 protocol.