users@glassfish.java.net

JDBC Realms in Glassfish: most current advice?

From: <glassfish_at_javadesktop.org>
Date: Mon, 07 May 2007 14:24:36 PDT

Can anyone tell me if this (now quite old, and to my eyes anyhow slightly disorganized?) link (http://developers.sun.com/appserver/reference/techart/as8_authentication/index.html) is still the canonical reference for how to implement a custom Realm and LoginModule combination in Glassfish v2b45 and up?

First, from the LoginModule side, I'm particularly surprised that on the server side one must extend a particular LoginModule implementation. The referenced article says:

"In Sun Java System Application Server, version 8.1 and above (including version 9.x), custom realms must extend the com.sun.appserv.security.AppservPasswordLoginModule class. This class extends javax.security.auth.spi.LoginModule. Custom realms must not extend the JAAS LoginModule directly."

Maybe this is just a typo, or maybe I have a fundamental misunderstanding, but the article led me to believe that you have two distinct pieces--the LoginModule, which I understand from having written a few for other projects--and the custom Realm--which I don't understand and am just learning--but then it says that a custom [i]realm[/i] must extend a particular kind of [i]LoginModule[/i]--do I have this right?

If instead it is somehow required that a third-party LoginModule (not the realm) has to extend a particular Sun LoginModule, well, I would prefer not to make my customers rejigger their inheritance hierarchies--one I can think of has their own LoginModule they use in lots of different app servers. It would be nice if they could continue to use it unmolested (without wrapping, delegating, etc.).

(Obviously since Glassfish defines what a Realm is, I have no problem with Glassfish telling me that for a [i]realm[/i] I have to extend a particular class.)

Second, where are the instructions (I'm sure they exist) for setting up a JDBC realm? The only thing I could find was this (http://blogs.sun.com/swchan/entry/jdbcrealm_in_glassfish) and that seemed...well, maybe it was complete but I couldn't get it to work.

Thanks,
Laird
[Message sent by forum member 'ljnelson' (ljnelson)]

http://forums.java.net/jive/thread.jspa?messageID=215898
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.