Hi Kumar,
Your explanation about glassfish security is one of the best I read.
From what I understood there are limitations, lack of features, on the
default version of glassfish
that one is expected to fill either with custom work or with commercial
solutions.
Of course it is not acceptable to define authorization rules, roles etc
inside the code with annotations and
even though defining authorization rules in web.xml file is certainly
better than inside the source it is still
far from a proper solution.
This is very disappointing as I was expecting a more complete security
solution from SUN by default.
Lets hope that in the next version glassfish will get a proper
user/group/role/access GUI interface and back-end support.
Providing a proper AAA solution, with GUI support on the admin console
is important for a multiuser, application server.
I am also looking at the flexiblejdbcrealm even though it is very hard
to figure out how to use
without documentation.
Someone also recommended JetSpeed 2 as an alternative as JetSpeed
already has a complete security model in place
but I have already spend several weeks reading glassfish documents. I
don't want to do all this work again if there is a hope
with glassfsh.
if there is anyone who has already solved this issues,
on glassfish and wish to share please email me.
thank you
Στις 11/3/2011 9:36 πμ, ο/η Kumar.Jayanti έγραψε:
> Hi,
>
> On 11/03/11 11:39 AM, java4dev wrote:
>> Στις 11/3/2011 7:27 πμ, ο/η Kumar.Jayanti έγραψε:
>>> On 10/03/11 11:10 PM, java4dev_at_gmail.com wrote:
>>>> Hello,
>>>>
>>>> I am new to web development and decided to use glassfish as
>>>> application
>>>> server.
>>>> My problem is that I found the available documentation incomplete for
>>>> many things I need to do.
>>>> First thing I have to do is to figure out how to setup authentication
>>>> and registration for my application.
>>>>
>>>> I first tried to use a JDBC realm and I found through google search
>>>> dome blogs describing how to setup a jdbc realm and a form based
>>>> authentication, but the problem is that they define only two tables,
>>>> one for users and on that is basically relation between users and
>>>> groups, no roles at all and no accee control, and they provide
>>>> jsp/html
>>>> pages instead of jsf.
>>>
>>> Are you aware of this external project :
>>> http://flexiblejdbcrealm.wamblee.org/site/
>>
>> I wasn't aware of this project. I will take a look.
>>>
>>>> Finally I decided that if I am going to keep copying my data to
>>>> different tables (my schema is more complete supporting users, groups,
>>>> roles, access rights etc) to support glassfish then it is probably
>>>> better to use LDAP.
>>>> But there is no documentation on how to setup something like this.
>>>> There is no ldif file for the structure.
>>>> Where can I found information on how to setup glassfish with LDAP. How
>>>> to setup groups Roles and access control on the LDAP server that
>>>> glassfish can use?
>>>> How can I write jsf pages for user login/registration ?
>>>>
>>>> just point me to the right direction(documents)
>>>>
>>>>
>>> See if this helps :
>>> https://www.opends.org/wiki/page/GlassfishApplicationServer
>>
>> Yes I have read this and this is my problem with this. There is no
>> way to specify roles and role/group/user relation on the ldap.
>> According to documentation you specify roles, role mapping on xml files.
>> I can't believe that this is how we are expected to operate web
>> applications.
>> What if you are in a dynamic changing environment, with many groups
>> and users come and go or change roles all the time, like a bank.
>> Especially if you have a cluster configuration. I was expecting to be
>> able to set the whole security form a central place.
>> Have I misunderstood the documentation, is this a glassfish
>> limitation, or is this done in a different way?
>>
> In JavaEE programming model the set of roles of an application have
> to be declared and are fixed at the time of deployment (any change to
> the roles needs redeployment). The mapping of roles to groups and
> principals can be dynamic in principle, and changes to group
> memberships (principals being added/removed from groups) does not
> impact the deployment.
>
> In GlassFish V3.1 you have 4 options:
>
> 1. The default is use of static role-to-group/principal mapping in
> glassfish-web.xml (formerly sun-web.xml)
> 2. Enable Default-Principal-To-Role-Mapping from the console : In
> this case the same named groups are mapped to same named roles. So if
> the authenticated user is in Group "G" then he has the role "G".
> 3. You can switch the JSR 115 (JACC) provider from "default" to
> "simple" under the security-service of your instance (from the
> console). And then you have the ability to plugin your own RoleMapper
> which implements the
> com.sun.enterprise.security.jacc.provider.JACCRoleMapper interface.
> The system property simple.jacc.provider.JACCRoleMapper.class should
> point to the implementation class of your custom RoleMapper. You could
> place your Jar implementing the rolemapper under glassfish/lib. You
> do not have to implement all the methods in the interface (some
> cleanup is due for V3.2 release). See the class
> GlassFishRoleMapper.java for a sample.
> http://java.net/projects/glassfish/sources/svn/content/trunk/v3/security/inmemory.jacc.provider/src/main/java/com/sun/enterprise/security/jacc/provider/GlassfishRoleMapper.java?rev=45481
>
>
> 4. If you are using Oracle GlassFish Server V3.1 then you have the
> following additional option :
> http://blogs.sun.com/gfsecurity/entry/single_sign_on_using_oam
>
>>>
>>> regards,
>>> kumar
>>>> thank you
>>>>
>>>> Nikolas
>>>
>>
>