users@glassfish.java.net

Re: Custom Realms on Glassfish

From: <glassfish_at_javadesktop.org>
Date: Mon, 07 Jul 2008 06:54:31 PDT

The problem lies in the fact the JAAS authentication cannot directly deal with group memberships. So while the GlassFish Realm is also associated with a JAAS LoginModule the only extra method that the Custom Realm is expected to implement is :

 /**
     * Returns the name of all the groups that this user belongs to
     * @param username name of the user in this realm whose group listing
     * is needed.
     * @return enumeration of group names (strings)
     * @exception InvalidOperationException thrown if the realm does not
     * support this operation - e.g. Certificate realm does not support this
     * operation
     */
    public abstract Enumeration getGroupNames (String username)
        throws InvalidOperationException, NoSuchUserException;

Other Application server may allow you to use a JAAS Login Module, but then they also deal with this issue in other proprietary ways :

Quoting from : http://today.java.net/pub/a/today/2006/09/14/using-jaas-in-ee-and-soa.html

(BEA WebLogic attaches objects with proprietary WLSUser and WLSGroup marker interfaces to identify principals and groups within a Subject and to know which Principal object should be used for J2EE methods. IBM WebSphere, on the other hand, adds an object implementing WSPrincipal and WSCredential interfaces for the same purpose.)

Please see the JSR 196 LoginBridge Profile supported in GlassFish.
Please see the spec at : http://jcp.org/aboutJava/communityprocess/final/jsr196/index.html
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=284687