users@glassfish.java.net

Re: security for remote users

From: Shing Wai Chan <shing.wai.chan_at_oracle.com>
Date: Sat, 22 Mar 2014 10:40:30 -0700

The following two blogs are about JDBC realm in GlassFish:
     https://blogs.oracle.com/swchan/entry/jdbcrealm_in_glassfish
     https://blogs.oracle.com/swchan/entry/jdbcrealm_in_glassfish_with_mysql

Shing Wai Chan

On 3/21/14, 9:04 PM, Kevin Schmidt wrote:
> The simplest approach would be to use container based security,
> configure your application to use the file realm for users, and give
> the remote admin access to the GlassFish Admin Console so they can
> manage users in the file realm.
>
> A more robust approach would be to use a database to store the users
> and use the JDBC realm and configure your application to use it. You
> would need to implement as part of your application the user
> management though that would add users to the database. You can
> search for examples, but here is the first one I came across:
> http://blog.eisele.net/2013/01/jdbc-realm-glassfish312-primefaces342.html
>
>
> On Fri, Mar 21, 2014 at 8:20 PM, Lane
> <software.research.development_at_gmail.com
> <mailto:software.research.development_at_gmail.com>> wrote:
>
> I have a glassfish application and am trying to figure out what
> type of security and how to implement it. I am eventually hoping
> to place this in a cloud environment to host for customers.
>
> The application calls for a remote admin to login and create users
> and their passwords so that these users can login and use the
> application.
>
> I was going through the Glassfish server docs and thought that
> since users will not be hosting the app (I will), then it wouldn't
> make much sense for them to use deployment descriptors or
> container managed security which declaritive security appears to
> be. So it seems I would have to implement programmatic security.
>
> Am I on the right track here?
>
>