As many of you know application servers like GlassFish have excellent built-in support for common authentication providers like a database or LDAP. Using these as security realms is typically just as simple as a few clicks on an admin console UI or a command (or two) using the admin CLI. But what if your authentication storage mechanism is a little more exotic? How about something really exotic like the popular MongoDB NoSQL database? Is there a way to make it work with GlassFish/Java EE security?
Not to worry - in that case you are looking at creating a custom JAAS based authentication module, configuring it with GlassFish and using it as a Java EE security realm instead of using one of the built-in choices. It's really not as scary as it sounds - Lee Chuk Munn from the Advanced Technology Applications Practice for the National University of Singapore, Institute of Systems Science shows us exactly how to do it, step-by-step. In a characteristically awesome blog post, he explains the basics of GlassFish security realms, creating a JAAS based custom authentication module for MongoDB, registering the module as a security realm and using it. Enjoy!