How should a JEE application store credentials for logging in to an external system?
Posted
by
FGreg
on Programmers
See other posts from Programmers
or by FGreg
Published on 2014-05-07T20:46:59Z
Indexed on
2014/06/09
3:41 UTC
Read the original article
Hit count: 243
I am in a situation where I have a Web Application (WAR) that is accessing a REST service provided by another application. The REST service uses Basic HTTP Authentication.
So that means the application calling the REST service needs to store user credentials somehow. To further complicate things, this is an enterprise, so there are different 'regions' the application moves through which will have different credentials for the same service (think local development, development region, integration region, user test region, production, etc...)
My first instinct is that the credentials should be stored by the JEE container and the application should ask the container for the credentials (probably via JNDI?). I'm beginning to read about Java Authentication and Authorization Service (JAAS) but I'm not sure if that is the appropriate solution to this problem.
How should a JEE application store credentials for logging in to an external system?
A few more details about my WAR. It is a Spring-Integration project that has no front-end. The container I am working with is Websphere. I am using JEE 5 and Spring 4.0.1.
To this point I have not needed to consider spring-security... does this situation mean I should re-evaluate that decision?
© Programmers or respective owner