Hi all. I am working on an enterprise project with a fine-grained access control.
Using default GlassFish's security implementation does not meet the requirements of the project.
I made a custom JDBC authentication module. It is working with GlassFish v3, that's fine.
But I also need a dynamic role-group mappings. This is already achieveable by providing a custom RoleMapper implementation using the SimplePolicyProvider, also known as the inmemory JACC provider. This is also working.
But I need more flexibility. The problem that I meet is perfectly described by
Miroslav Nachev -
http://forums.java.net/jive/servlet/JiveServlet/download/56-18152-217586-770/att1.html
What I mean is problem 2 , as 1 and 3 are already solved.
Currently I am wondering how to get to the instance of the caller bean in my RoleMapper impl. I can also be wrong - maybe I need it in authenticateUser method of the Realm?
I think that this is a major lack of functionality in GlassFish, as JBoss has security proxies, which I could not find in GlassFish.
[Message sent by forum member 'rado_penev' (rado_penev)]
http://forums.java.net/jive/thread.jspa?messageID=346765