Table of contents


FlexibleJdbcRealm is a glassfish security realm and is deployed as an additional jar of the glassfish runtime.

Configure the datasource

To start off, a datasource must be configured for accessing the database with user and group information.

Installation of the Flexible Jdbc Realm

  • Copy the FlexibleJdbcRealm jar to the glassfish lib directory.

Configure glassfish with the realm definition

  • Add mapping of the security realm to the flexible JDBC realm login module to the login.conf of the glassfish domain you are using. For example:
    PhotoXChangeRealm {
            org.wamblee.glassfish.auth.FlexibleJdbcLoginModule required;
  • Configure the security realm in glassfish.
    • In admin console, go to Configuration/Security/Realms.
    • Add a new realm and use the class name org.wamblee.glassfish.auth.FlexibleJdbcRealm as the realm class.
    • Configure the realm as follows:
      • jaas.context: The name of the realm as in login.conf and web.xml
      • sql.password: The sql prepared statement that returns the encoded password for a given user. The username is the single parameter of the realm.
      • sql.groups: The sql prepared statement which returns the groups based on the username.
      • datasource.jndi: The jndi name of the datasource.
      • password.encoding: The encoding of the password. The following encodings are supported:
        • PLAIN: For no encoding
        • MD5HEX: For MD5 Hex encoding
      • assign-groups: Optional parameter with a comma-separated list of groups that any authenticated user is assigned to.

Configure the application with a realm definition

  • Add realm definition to web.xml login-config element (realm-name), For example:
Note: In glassfish V2 b58, <role-name>*</role-name> does not work and you should use the assign-groups property to assign any authenticated user to a specific group. That specific group should be used to represent any authenticated user instead of using <role-name>*</role-name>.