Behaviour of BasicLoginModule and JDBCLoginModule in BES

• Product Name: Borland Enterprise Server
• Product Version: 5.2.1 & above
• Product Component: Documentation
• Platform/OS Version: ALL

Resolution

The BasicLoginModule uses a proprietary schema to store and retrieve the user information. When a username and password is provided by the client for the authentication and authorization, the LOGINUSERID and LOGINPASSWORD given in the realm configuration is used to login to the given DB and the user information is checked against the database table configured in the USERTABLE field of the realm. If the given user is a valid user and if he/she is authorized, then the user is allowed access.

The JDBCLoginModule  uses a standard JDBC database interface for authentication. When a username and password is provided by the client for the authentication and authorization, the login module creates a DB connection with the given user and password information which means a database user should exist with the given username. For authorization, the module creates a DB connection using the USERNAME and PASSWORD field of the realm and then the user is checked against the table configured in ROLETABLE field and then allowed access if the user with valid role exists in the table.