Hi,
I have an enterprise application managing "its own security", I have a
"user" entity containing usernames, passwords and access level, and I
have a bean that let you login.
I have understood that this is not really the best way to go, (as
implementing the security myself is cumbersome and inflexible, and
forces me to use stateful beans), so I started learning JAAS.
Now, with JAAS, it seems that I can use any *external* source as a users
repository (provided I implement my realm and loginmodule of course).
My application is already able to manage users: the "users" table is
part of the application itself, and provided you logged in my
application with sufficient privileges you will be able to add new
users: what is the right way to do it in JAAS?
I mean, can an enterprise application provide its own realm or must this
realm be completely separated (ie on a different jar to be put in /lib
and loaded only on GF startup)?
If it cannot be done, what is the right way for an external realm to
rely on the same "user" entity used by my Enterprise application?
Piero