users@glassfish.java.net

Re: Chaining security realms?

From: KumarJayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Thu, 12 Jul 2012 10:35:16 +0530

On Jul 12, 2012, at 9:45 AM, Andreas Junius wrote:

> Hi Glassfish Users,
>
> I just subscribed to this list, so let me introduce myself: I'm
> Andreas from South Australia and I have been working as a Java
> developer for several years. However I'm relatively new to Glassfish -
> I did some minor projects so far but now I started to work on a larger
> project. So my first questions is about security realms:
>
> The use-case: I've users and these users have "registered" gadgets,
> e.g. smartphones. They can have more than one device and "registered"
> means, they get a digital certificate for a particular device. The
> users have also user names and password to identify themselves.
>
> I need therefore a certicate realm to authenticate the device and then
> a JDBC realm to authenticate the user.
>
> Is it possible to chain the realms for a single call or is there a
> best practise of how to solve this problem? Any hints are highly
> appreciated!
>
The best way to do this to write a custom JSR 196 Server Authentication Module which can chain the individual JAAS Login modules.

As such Glassfish does not support chaining of realms OOTB.




> Cheers,
> Andreas