I am trying to design a JAAS microservice which handles user authentication for multiple J2EE applications. Currently we have multiple applications which authenticate against our LDAP and have seperate role-systems. Now I am stuck at designing the interface between the application and the authentication backend.
Via custom LoginModule: Design a custom login module which uses a nonsecured EJB interface from our LoginService to authenticate and authorize, but i remembered reading that login modules can't be injected with EJBs / use EJBs.
Is this the right starting point, or do i have other possibilities to refactor JAAS security out of our applications? Has somebody done something like that before?
