users@glassfish.java.net

Re: Application authenticating itself

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Fri, 19 Oct 2007 11:55:42 +0530

Piero Filippin wrote:

> Hi,
> I have an enterprise application managing "its own security", I have a
> "user" entity containing usernames, passwords and access level, and I
> have a bean that let you login.
>
> I have understood that this is not really the best way to go, (as
> implementing the security myself is cumbersome and inflexible, and
> forces me to use stateful beans), so I started learning JAAS.
>
> Now, with JAAS, it seems that I can use any *external* source as a
> users repository (provided I implement my realm and loginmodule of
> course).
>
> My application is already able to manage users: the "users" table is
> part of the application itself, and provided you logged in my
> application with sufficient privileges you will be able to add new
> users: what is the right way to do it in JAAS?
>
> I mean, can an enterprise application provide its own realm or must
> this realm be completely separated (ie on a different jar to be put in
> /lib and loaded only on GF startup)?
>
The classes have to be put in domain-dir/lib/classes. The following
article might help you :

http://developers.sun.com/appserver/reference/techart/as8_authentication/index.html

> If it cannot be done, what is the right way for an external realm to
> rely on the same "user" entity used by my Enterprise application?
>
By "user" entity, do you mean a table in some external datastore ?.
See if any of the following will help :

1. use JDBC Realm :
http://blogs.sun.com/swchan/entry/jdbcrealm_in_glassfish

Else you can also write a Custom Realm that can acess the "user" entity.

Thanks.

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>