4

I'm developing a Java EE 6 applications using Glassfish 3.1.1 as my app server. I'm using declarative and programmatic security. I've defined several roles at my deployment descriptor, and defined all security constraints.

I was using JDBCReal, and now I've changed it to an LDAPRealm. So I would like to manage the user-group mapping without relying on the LDAP groups. In other words, I want to authenticate to the LDAP but authorize using a RDBM, asking if the current user belongs to X group.

I thought there would be a way to "override" the isUserInRole method. While searching I've heard of things like JACC and I found out that there are ways to plug a custom JACC provider or something like that to the app server, but I couldn't find any custom JACC implementation and I have no idea how to do that (or event if it would work..)

Andy Dent
  • 17,578
  • 6
  • 88
  • 115
user1232579
  • 63
  • 1
  • 5

1 Answers1

0

According to Working with Realms, Users, Groups, and Roles, a realm is a "complete database of users and groups that identify valid users of a web application". The realm defines the set of credential and the roles.

Glassfish has then also login modules which define how the user is authenticated, e.g. with username/password, certificates, etc. In practice, only username/passwrod is supported.

So, according to my understanding, you will need to implement a hybrid LDAP/JDBC realm. Here is sample code for a custom login module and realm. You can see this a similar answer of mine.

Community
  • 1
  • 1
ewernli
  • 38,045
  • 5
  • 92
  • 123