GlassFish Security Book FAQ: Custom Security Realm in GlassFish
Join the DZone community and get the full member experience.
Join For FreeI decided to write down the answers for some questions which my book's readers emailed to me or asked me via twitter, so everyone can benefit from the answers. Here is the answer to the first question which involves custom security realms.
GlassFish supports 5 types of security realms out of the box which are sd follow:
- File Realm: Usefull for development and testing purposes. GlassFish provids a user/ group management interface for this realm. We can add user and groups using the administration console. When using this realm all usernames, passwords and groups are stored in a plain text file.
- JDBC Realm: In production environment we store user information including but not limited to username, passwords and groups in an RDBMS and then configure a JDBC realm to authenticate the given credentials againts the information stored in the datase.
- LDAP Realm: Sometimes we have all user details stored in an LDAP like Active Directory or Redhat Directory Server, OpenDS or Sun Java System Directory Server Enterprise Edition.
- Solaris Realm: This realm is used to authenticate users with a Solaris user directory.
- Certificate Realm: The certificate realm allows us to conduct mutual SSL authentication based on the client certificates.
Sometimes our users information is stored in a silo different than all
of this mentioned storages and we need to use that source for
authentication and access control. For example assume that we have our
users information including username, passwords and group membership
stored in an Object Database and we need to authenticate our enterprise
application's users with that storage. In such times we should either
think about having a synchronized RDMBS keeping update user information
and use JDBC realm for authentication and authorization or we should
develop a custom security realm which uses the object database as a
source for authentication.
Setting up synchronization between the e.g object database and RDBS can
be tricky while developing a custom authentication realm is much easier
using GlassFish provided SPIs.
Second chapter of GlassFish security book
discusses GlassFish security realms in details and discuss a sample
application which uses these realms for authenticating and authorizing
users. In the same chapter, developing custom security realms is
discussed along with developing a sample realm.
In the same chapter GlassFish support for JSR-196
(Java Authentication Service Provider Interface for Containers) is
discussed to complete the ring of authentication and authorization in
Java EE in general and GlassFish application server in particular.
Opinions expressed by DZone contributors are their own.
Comments