TPete
Reputation: 2069
Glassfish web service authorization
I've set up a web service using JAX-WS deployed to Glassfish 3.1.1. I've managed to set up SSL with client certificates (mutual authentication), but I can't figure out how to do proper authorization. I like to setup roles for read only access, for updating and deleting data.
The Java EE 6 Tutorial and the glassfish security guide state, that one cannot add users to certificate realm Java EE Tutorial. So what is the proper way to authorize users while using mutual authentication? Do I have to use usernames and passwords on top?
Upvotes: 2
Views: 1072
Answers (1)
PA314159
Reputation: 125
Take a look at http://docs.oracle.com/cd/E18930_01/html/821-2435/ggktf.html#gksdc
public class CertificateLM extends AppservCertificateLoginModule
{
protected void authenticateUser() throws LoginException
{
// get the DN from the X500Principal.
String dname = getX500Principal().getName();
// retrieve the groups of the DN from an external source, e.g. from LDAP
String[] groups = getGroupsFromLDAP( dname );
if( groups != null ) {
commitUserAuthentication( groups );
}
else {
throw new LoginException( "DN is unknown." );
}
}
}
Upvotes: 1
Related Questions
- basic authentication fails with glassfish
- Glassfish basic auth error
- JAX-WS webservice and @rolesAllowed
- Secured authentication in web service
- jax-rs rest webservice authentication and authorization
- Basic Authentication in Glassfish
- Java Web Services with GlassFish and Remote Connections
- Howto secure webservices on GlassFish 2?
- Glassfish, EJB3, SOAP web service and basic authentication
- Security and authentication in web services