Hi all,
in the company I work for we've a project where we setup Glassfish with a
custom realm and a custom login module.
So far, we have more or less followed what is highlighted in the "Oracle
Glassfish Server 3.0.1 Application Development Guide"
in the section "Realm Configuration", thus we've overridden the
authenticate() method while extending AppservPasswordLoginModule
(and provided also our custom realm).
What I would like to do now is to provide a custom class implementing
Principal and setting in the subject those custom principals upon
successful authentication.
I've read in the guide mentioned above that I should never override the
commit method, yet it seems the only possible way to insert
custom principals in the subject, especially when I then read in the javadoc
of the public method AppservPasswordLoginModule#getSubject() the following:
[...]
A custom login module could overwrite commit() method, and call getSubject()
to get subject being authenticated inside its commit(). Custom principal
then can be added to subject.
[...]
So the code seems to be negating what the guide says, I am inclined to
follow what is suggested in the code, but what do you people think ?
What is the best practice for setting custom principals in a custom realm
scenario ?
Thanks in advance,
Reza Marvan Spagnolo