Thanks Kumar, I'll look into this.
http://docs.oracle.com/cd/E19798-01/821-1752/gizdx/index.html
Andy
On Thu, Jul 12, 2012 at 2:35 PM, KumarJayanti
<v.b.kumar.jayanti_at_oracle.com> wrote:
>
> On Jul 12, 2012, at 9:45 AM, Andreas Junius wrote:
>
>> Hi Glassfish Users,
>>
>> I just subscribed to this list, so let me introduce myself: I'm
>> Andreas from South Australia and I have been working as a Java
>> developer for several years. However I'm relatively new to Glassfish -
>> I did some minor projects so far but now I started to work on a larger
>> project. So my first questions is about security realms:
>>
>> The use-case: I've users and these users have "registered" gadgets,
>> e.g. smartphones. They can have more than one device and "registered"
>> means, they get a digital certificate for a particular device. The
>> users have also user names and password to identify themselves.
>>
>> I need therefore a certicate realm to authenticate the device and then
>> a JDBC realm to authenticate the user.
>>
>> Is it possible to chain the realms for a single call or is there a
>> best practise of how to solve this problem? Any hints are highly
>> appreciated!
>>
> The best way to do this to write a custom JSR 196 Server Authentication Module which can chain the individual JAAS Login modules.
>
> As such Glassfish does not support chaining of realms OOTB.
>
>
>
>
>> Cheers,
>> Andreas
>