(I hope this gets cross-posted to the forum ;)
This might be a bit heavy for you, but we have an acegi-based solution,
where our users are in LDAP (Active Directory, to be specific), and the
groups (as well as the linking of users to groups) are in a database.
We had to write some custom code to handle that LDAP/DB "join", but,
assuming your all DB-based, it should work out of the box for you. You
can then use either the acegi tags or acegi-jsf tags to restrict parts
of pages, as well as the built-in acegi URL protections. My blog on it
might get you going in the right direction. Mind you, this in no way
represents a best practice with regard to acegi, but it does work for
us, and that was enough at the time I wrote all of that. :)
http://blogs.steeplesoft.com/2006/11/09/using-acegi-security-with-jsf/
-----
Jason Lee, SCJP
Programmer/Analyst
http://www.iec-okc.com
> -----Original Message-----
> From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
> Sent: Wednesday, February 07, 2007 3:52 PM
> To: users_at_glassfish.dev.java.net
> Subject: Re: debugging JDBCRealm configuration
>
> I'd also like to add a followup question: we're writing an
> application with a JSF-based HTML interface. We want users &
> roles to be in a database.
>
> Is there anybody here who has gone through the process of
> evaluating authentication/authorization for such a system?
> If so, what did you decide to do, or what would you recommend?
>
> We're aware of a PhaseListener approach, and we're going to
> try that next if we can't get JDBCRealm to behave.
>
> http://jdj.sys-con.com/read/250254_2.htm
>
> (I'm really shocked that there seems to be no single, clear
> path for this.) [Message sent by forum member 'pohl' (pohl)]
>
> http://forums.java.net/jive/thread.jspa?messageID=202555
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>