Flexible JDBC Realm is a security realm for Glassfish with a database backend.
In many Java EE applications declarative security is required where user and group information is stored in a database. To support this, an application server must support a security realm based on a JDBC datasource.
Glassfish V2 and V3 application server also supports a configuration like this through the JDBCRealm. Unfortunately, this JDBCRealm is restrictive in various ways:
As is clear, the JDBCRealm of glassfish either fits your purpose and you are done, or it doesn't and you have to either work around it in your application or create a separate more flexible JDBC security realm yourself. Since I had a stable application that I wasn't intending on modifying, I decided to do the latter.
The FlexibleJdbcRealm is a JDBC security realm which is similar to the approach used in JBoss application server. Instead of depending on a fixed database structure with only limited configuration, it is configured with two queries instead:
In other words, instead of assuming a certain type of data model with configuration of some column and table names and constructing the two JDBC queries for passwords and groups as JDBCRealm does, the FlexibleJDBCRealm is configured with the two queries. As a result, FlexiblJDBCRealm is more general than JDBCRealm since it can handle any datamodel that JDBCRealm can.
In particular, in the application that triggered this, I had a datamodel that did not fit the one assumed by JDBCRealm. In my design I am using surrogate keys and have three tables:
This datamodel can easily be handled using FlexibleJdbcRealm but would have required a redesign of the application if I would have used JDBCRealm.
The FlexibleJdbcRealm only works with Java 5 or 6. It is known to work on Glassfish V2, 2.1, V3, and V3.0.1. I have been in contact with SUN in the hope that FlexibleJdbcRealm (or something with similar flexibility) will be added to a future version of glassfish.
The software is available as open source and is covered by the Apache Software Foundation License version 2
A mailinglist firstname.lastname@example.org is available. Subscribe to it or view the archives at the the list page.
Bug and change tracking is at the wamblee.org jira.