On 07/02/11 4:35 PM, Marvan Spagnolo wrote:
> Hi all,
>
> in the company I work for we've a project where we setup Glassfish
> with a custom realm and a custom login module.
> So far, we have more or less followed what is highlighted in the
> "Oracle Glassfish Server 3.0.1 Application Development Guide"
> in the section "Realm Configuration", thus we've overridden the
> authenticate() method while extending AppservPasswordLoginModule
> (and provided also our custom realm).
>
> What I would like to do now is to provide a custom class implementing
> Principal and setting in the subject those custom principals upon
> successful authentication.
>
> I've read in the guide mentioned above that I should never override
> the commit method, yet it seems the only possible way to insert
> custom principals in the subject, especially when I then read in the
> javadoc of the public method AppservPasswordLoginModule#getSubject()
> the following:
>
> [...]
> A custom login module could overwrite commit() method, and call
> getSubject()
> to get subject being authenticated inside its commit(). Custom
> principal then can be added to subject.
> [...]
>
> So the code seems to be negating what the guide says, I am inclined to
> follow what is suggested in the code, but what do you people think ?
> What is the best practice for setting custom principals in a custom
> realm scenario ?
You could do that. But be aware that the Custom Principal will not be
used by the container Authorization framework. Is that fine for your
usecase ?.
>
> Thanks in advance,
>
> Reza Marvan Spagnolo
>