I am implementing a custom login module for authentication. The sample
code that is available at sdn and help.sap is a bit different from what
is recommended as the JAAS specification by Sun. Please refer to the
Sun's recommendation at
There are some marked differences in what is recommended by Sun and the
sample login module available at the sdn and help.sap site.
I am wondering if the Sun's recommendation is supported by SAP with
WebAS or should the login modules be on lines similar to the SAP's
sample login module.
Please let me know if someone can confirm on this or has any information on the same?
Typical recommendations from Sun which are not available in SAP's
sample login module implementations are mentioned below:
1. For the login() method, it is recommended that nothing be stored in
the shared state, where as sample login module stored username in the
shared state in the login() method. Perhaps this is required for use by
2. The return value of commit() method should be determined by the
return value of the login method, where as sample login module returns
a true even when the login() method has failed. Only in case of a login
exception (from callbacks) the commit returns false.
3. Similarly the return value of abort() method should be appropriately
determined by the return values of both login and commit methods.
Whereas the sample login module does not care about the return value of
These are some of the examples. My question is that does SAP support
Sun's recommendation of JAAS login module to be used with WebAS or
should the Login MOdules be completely based upon the recommendations
as mentioned in the SAP's sample login module.
Looking forward to your response!