2

I would like to add a Login module to my Java EE 6 application.

I've read about JAAS, but I don't understand how I can use it. Do you know some tutorial or snippet that I can use to understand and implement my login module, using JAAS and Java EE 6?

I'm using glassfish 3.1.2, eclipselink as JPA implementation and MySQL.

Steve
  • 8,066
  • 11
  • 70
  • 112
CeccoCQ
  • 3,746
  • 12
  • 50
  • 81

2 Answers2

2

The Glassfish FAQ about login module is there, but I agree it's not very deep. http://glassfish.java.net/javaee5/security/faq.html#pluglogin

Thare two things to distinguish with JAAS framework. The realm and the login module. A realm defines more or less where crendentials are stored. A login module defines more or less how credential are verified.

For instance, you might use a username/password login module, that use credentials stored in a database realm. Or you could have a login module that uses smart card authentication, and uses credentials stored in ActiveDirectory.

That's the theory. From the FAQ, it says that a Glassfish login module must extend com.sun.appserv.security.AppservPasswordLoginModule, so only username/password is supported.

But you can plug your own realm, that inherits com.sun.appserv.security.AppservRealm. You can read this article to see how to define and configure an ActiveDirectory realm. Here is an article on how to create your custom realm with Sun App Server (what became Glassfish later). I hope this part didn't change much.

ewernli
  • 38,045
  • 5
  • 92
  • 123
0

I think, than you can try this article (you can also download jaastutorial.zip - it was very helpful for me). But there is no recipe to plug it to Java EE application in this article.

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
gkuzmin
  • 2,414
  • 17
  • 24
  • Thanks, now I'll download this tutorial and try to Write my simple app. But, one question, there is a programmatic Way to add user into realm list? I would like to add a little registration module. – CeccoCQ Apr 20 '12 at 05:57
  • Unfortunately I have very small experience with JAAS, which consist of coding login module and pluging it to existing and already working identity provider. In project where I currently take part, user registration (by administrators) and self-registration are implemented as separate applications, which does not include any JAAS specific code. Also JAAS means 'Java Authentication and Authorization Service' which does not implies any user management in my view. But I did not read JAAS API specification completely, so you better do. Maybe there is something about user management too. – gkuzmin Apr 20 '12 at 08:05