Hi,
On 11/03/11 11:39 AM, java4dev wrote:
> Στις 11/3/2011 7:27 πμ, ο/η Kumar.Jayanti έγραψε:
>> On 10/03/11 11:10 PM, java4dev_at_gmail.com wrote:
>>> Hello,
>>>
>>> I am new to web development and decided to use glassfish as application
>>> server.
>>> My problem is that I found the available documentation incomplete for
>>> many things I need to do.
>>> First thing I have to do is to figure out how to setup authentication
>>> and registration for my application.
>>>
>>> I first tried to use a JDBC realm and I found through google search
>>> dome blogs describing how to setup a jdbc realm and a form based
>>> authentication, but the problem is that they define only two tables,
>>> one for users and on that is basically relation between users and
>>> groups, no roles at all and no accee control, and they provide jsp/html
>>> pages instead of jsf.
>>
>> Are you aware of this external project :
>> http://flexiblejdbcrealm.wamblee.org/site/
>
> I wasn't aware of this project. I will take a look.
>>
>>> Finally I decided that if I am going to keep copying my data to
>>> different tables (my schema is more complete supporting users, groups,
>>> roles, access rights etc) to support glassfish then it is probably
>>> better to use LDAP.
>>> But there is no documentation on how to setup something like this.
>>> There is no ldif file for the structure.
>>> Where can I found information on how to setup glassfish with LDAP. How
>>> to setup groups Roles and access control on the LDAP server that
>>> glassfish can use?
>>> How can I write jsf pages for user login/registration ?
>>>
>>> just point me to the right direction(documents)
>>>
>>>
>> See if this helps :
>> https://www.opends.org/wiki/page/GlassfishApplicationServer
>
> Yes I have read this and this is my problem with this. There is no way
> to specify roles and role/group/user relation on the ldap.
> According to documentation you specify roles, role mapping on xml files.
> I can't believe that this is how we are expected to operate web
> applications.
> What if you are in a dynamic changing environment, with many groups
> and users come and go or change roles all the time, like a bank.
> Especially if you have a cluster configuration. I was expecting to be
> able to set the whole security form a central place.
> Have I misunderstood the documentation, is this a glassfish
> limitation, or is this done in a different way?
>
In JavaEE programming model the set of roles of an application have to
be declared and are fixed at the time of deployment (any change to the
roles needs redeployment). The mapping of roles to groups and
principals can be dynamic in principle, and changes to group memberships
(principals being added/removed from groups) does not impact the deployment.
In GlassFish V3.1 you have 4 options:
1. The default is use of static role-to-group/principal mapping in
glassfish-web.xml (formerly sun-web.xml)
2. Enable Default-Principal-To-Role-Mapping from the console : In this
case the same named groups are mapped to same named roles. So if the
authenticated user is in Group "G" then he has the role "G".
3. You can switch the JSR 115 (JACC) provider from "default" to
"simple" under the security-service of your instance (from the
console). And then you have the ability to plugin your own RoleMapper
which implements the
com.sun.enterprise.security.jacc.provider.JACCRoleMapper interface. The
system property simple.jacc.provider.JACCRoleMapper.class should point
to the implementation class of your custom RoleMapper. You could place
your Jar implementing the rolemapper under glassfish/lib. You do not
have to implement all the methods in the interface (some cleanup is due
for V3.2 release). See the class GlassFishRoleMapper.java for a sample.
http://java.net/projects/glassfish/sources/svn/content/trunk/v3/security/inmemory.jacc.provider/src/main/java/com/sun/enterprise/security/jacc/provider/GlassfishRoleMapper.java?rev=45481
4. If you are using Oracle GlassFish Server V3.1 then you have the
following additional option :
http://blogs.sun.com/gfsecurity/entry/single_sign_on_using_oam
>>
>> regards,
>> kumar
>>> thank you
>>>
>>> Nikolas
>>
>