Flexible JDBC Realm – installation

about

• index
• news

download

• software

documentation

• snapshot
  • features
  • installation
  • caching
  • management
• 1.3
  • features
  • installation
  • caching
  • management
• 1.2
  • features
  • installation
  • caching
  • management
• 1.1
  • features
  • installation
  • caching
• 0.5
  • features
  • installation
• 0.4
  • features
  • installation
• 0.3
  • features
  • installation
• 0.2
  • features
  • installation
• 0.1
  • features
  • installation

Table of contents

• Table of contents
• Introduction
• Configure the datasource
• Installation of the Flexible Jdbc Realm
• Configure glassfish with the realm definition
• Configure the application with a realm definition

Introduction

FlexibleJdbcRealm is a glassfish security realm and is deployed as an additional jar of the glassfish runtime.

Configure the datasource

To start off, a datasource must be configured for accessing the database with user and group information.

Installation of the Flexible Jdbc Realm

• Copy the FlexibleJdbcRealm jar to the glassfish lib directory.

Configure glassfish with the realm definition

• Add mapping of the security realm to the flexible JDBC realm login module to the login.conf of the glassfish domain you are using. For example:

              
  PhotoXChangeRealm {
          org.wamblee.glassfish.auth.FlexibleJdbcLoginModule required;
  };
            

• Configure the security realm in glassfish.
  • In admin console, go to Configuration/Security/Realms.
  • Add a new realm and use the class name org.wamblee.glassfish.auth.FlexibleJdbcRealm as the realm class.
  • Configure the realm as follows:
    • jaas.context: The name of the realm as in login.conf and web.xml
    • sql.password: The sql prepared statement that returns the encoded password for a given user. The username is the single parameter of the realm.
    • sql.groups: The sql prepared statement which returns the groups based on the username.
    • datasource.jndi: The jndi name of the datasource.
    • password.encoding: The encoding of the password. The following encodings are supported:
      • PLAIN: For no encoding
      • MD5HEX: For MD5 Hex encoding
    • assign-groups: Optional parameter with a comma-separated list of groups that any authenticated user is assigned to.

Configure the application with a realm definition

• Add realm definition to web.xml login-config element (realm-name), For example:

              
      <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>PhotoXChangeRealm</realm-name>
          <form-login-config>
              <form-login-page>/login.jsp</form-login-page>
              <form-error-page>/loginError.jsp</form-error-page>
          </form-login-config>
      </login-config>
            

Note: In glassfish V2 b58, <role-name>*</role-name> does not work and you should use the assign-groups property to assign any authenticated user to a specific group. That specific group should be used to represent any authenticated user instead of using <role-name>*</role-name>.