Reputation: 2583
Programatically configure two realms for glassfish auth
For a current application, the customer has given us the following requirements:
- Use of Glassfish 4 Application Server
- JEE7
- PrimeFaces
- Allowing for Authorization against both LDAP and JDBC database, which can be switched between after the application has been deployed
I am wondering if anyone has any ideas about how I could accomplish this as I have only worked with glassfish using the predefined realms, never having to create one. The flow of this is that after the application has been deployed, the admins can choose whether the users accessing the site authenticate against an LDAP or a local JDBC Database. This decision should not effect the flow of the front end, meaning that there should only be one login page, that goes to one function, that would then, based on the configuration, determine which realm to use to authenticate against.
Any help would be greatly appreciated.
Upvotes: 1
Views: 1094
Answers (1)
Reputation: 7449
i think you have three alternatives:
configure both glassfish realms and switch between them in web.xml:/web-app/login-config/auth-realm
- pros: very simple, you can configure them with administration ui (server-config -> security -> realms) or asadmin
- cons:
- can only use one at a time
- must be configured outside application
- switch REQUIRES application reload (no redeploy, just reload)
deveop your own glassfish realm which encapsulates the jdbc realm and ldap realm
- pros:
- you can use both at the same time (no switch)
- you can still configure them with ui or asadmin, but support is limited
- cons:
- requires knowledge and external development for realm and module classes
- must be configured outside application
- glassfish specific implementation (will not work on other containers)
deveop a pluggable authentication architecture (JASPIC)
- pros:
- programmatic approach: maximum liberty & freedom
- can be deployed within application (no external config and no reloads)
- standard, can be reused in (almost) all JEE containers
- cons:
- VERY hard to develop, need knowledge about JASPIC and (optional, but suggested) JAAS
- lacking JASPIC documentation
if you really want a pluggable auth, some references are here and the excellent article from Arjan Tijms
good luck!
Upvotes: 2
Related Questions
- Configure Tomcat 8 with LDAP realm
- Implement a Tomcat Realm with LDAP authentication and JDBC authorization
- JSF JDBC realm form based authentication search by username and email address
- Glassfish JDBC + LDAP Realms
- How to implement user authentication in a jsp web application, using a glassfish JDBC Realm?
- Unable to login using JDBC Realm on JSF 2 + Glassfish 3
- Realm Configuration for Glassfish by Application like context in tomcat
- GlassFish 3 custom Realm password-column
- Glassfish 3 security - Form based authentication using a JDBC Realm
- How to configure a jdbc realm in glassfish 3.0