Listing 6.6. Sample custom authentication form for ActionBazaar
The container requires a form action of j_security_check . The username and
password fields both used are predefined. Using a FORM approach instead of a BASIC
enables you to provide a customized login screen instead of the generic modal dialog that's
displayed by the browser when BASIC is used. Next, let's take a quick look at EJB authen-
tication and authorization.
EJB authentication and authorization
Although it's not commonly done, it's possible to authenticate from a standalone client
such as a swing desktop application. But this is a daunting task requiring you to implement
all of the security mechanisms being provided by the container. Many application contain-
ers provide a JAAS login module for performing this task. Because this topic is about the
EJB and not specific implementation features available from different containers, we don't
attempt to cover it. It's a moving topic that's vendor- and version-specific.