Regarding a custom implementation, we have a very complex
authentication system, running over multiple systems, databases and
the works.
We are using custom realms. I didn't implement it myself, though I've
seen the code, and the integration itself is very simple. If you're
authentication is any more complex than 1 list of users with
levels/groups, then a custom implementation of the Realm is a viable
option.
It's not rocket science. It all comes down to a few basic methods like
"getUser(name)" and "addUser()", "removeUser()" and so on.
Using this we can have people authenticated against our own systems,
no need for yet another list of users, and it's still maintainable
through the glassfish web console/asadmin.
Quintin
On Wed, Aug 6, 2008 at 11:20 PM, Q Beukes <java.net_at_add.za.net> wrote:
> Hey,
>
> Your solution really depends on what types of users it is.
>
> The users for every server is stored differently. With Tomcat (the
> base of Glassfish) it is done through what is referred to as realms.
>
> Your realm can be configured to "source" differently. For example you
> can have an LDAP realm which reads the users from LDAP/JNDI. Or you
> can have a flatfile realm, which reads the users from a file. Or you
> can have a JDBC realm, which reads the users through the JDBC api,
> thus from a database. You can also make your own custom realm
> implementations, which does it the way you want... even go as far as
> doing a plain hardcoded: if (user.equals("myuser") &&
> pass.equals("mypass")) { ... } else if (...) else if (...) <- this is
> a bit of humor.
>
> So depending on your realm type and configuration, adding users will
> be different.
>
> It's probably the easiest to use the JDBC realm, and have your users
> read from a database. Then adding the users through glassfish will
> result in new row entries to be made. You would then add the users in
> a similar way, by inserting new records into this table.
>
> So, just add a new realm and select the JDBC realm class. Fill in the
> fields provided, and see if you can get it working. Then just create
> new rows in this table. You can even use JPA entities to make the
> management thereof a bit more abstract. So create a JPA entity the
> represents a User, and one for a Group. Have Toplink generate the
> tables, and from these tables you fill in the JDBC realm options. Then
> inside a session bean/JSF managed bean you inject an entity manager,
> and managing users will be as simple as:
> Create new: User u = new User(); entityManager.persist(u);
> Delete: entityManager.remove(u);
> Find: entityManager.find(...)
>
> You get the idea...
>
> Alternatively you can manage a flat file, or LDAP, implement your own
> realm (to get an idea of how it's done, have a look at the source for:
> com.sun.enterprise.security.auth.realm.file.FileRealm,
> http://fisheye4.atlassian.com/browse/~raw,r=21560/glassfish-svn/trunk/v3/security/realm/src/main/java/com/sun/enterprise/security/auth/realm/file/FileRealm.java).
>
> Enjoy
> Quintin
>
> On Wed, Aug 6, 2008 at 3:49 PM, Markus KARG <markus.karg_at_gmx.net> wrote:
>>>
>>> I need to be able to add new users (with roles) to the realm (currently
>>> using the default file realm) from within admin pages of my own Java Server
>>> Faces application (not the admin pages of the server itself). Ideally this
>>> would be done in EJB's that are called by the JSF managed beans.
>>>
>>
>> Unfortunately Java EE 5 does not define a standard way to do that, so you
>> must add code that is specific to the used application server.
>>
>> Regards
>> Markus
>>
>> --
>> http://www.xing.com/go/invita/58469
>>
>>
>
>
>
> --
> Quintin Beukes
>
--
Quintin Beukes