I am developing a Java EE application and I want to use declarative security, but I have a very unique situation: the enterprise has a Active Directory with all users personal information, including user's password. But that enterprise defined that all the roles membership should be handled in the same relational database of the application data.
So I have users name and credential on a LDAP database and roles membership on a relational database. Therefore, none of the built in login modules fits.
So the question is How do I proceed in this scenario?
I have an approach:
* Make a CustomLoginModule based on JDBCLoginModule and perform no authentication only returns roles membership
* Make a custom realm with both Login modules LDAP and my custom module with "requisite".
With this approach the roles membership will be merged?
[Message sent by forum member 'narape' ]
http://forums.java.net/jive/thread.jspa?messageID=374297