FlexibleJdbcRealm is a glassfish security realm and is deployed as an additional jar of the glassfish runtime.
To start off, a datasource must be configured for accessing the database with user and group information.
Examine the settings in Glassfish admin console under Configuration/Security, Typically, you will want to enable default principal to role mapping. This setting means that the role names as used in your application will be identical to those configured in your security realm without a custom mapping of principals to roles.
PhotoXChangeRealm { org.wamblee.glassfish.auth.FlexibleJdbcLoginModule required; };
Property | Description |
---|---|
jaas.context | The name of the realm as in login.conf and web.xml. |
sql.password | The sql prepared statement that returns the encoded password for a given user. The username is the single parameter of the realm. |
sql.groups | The sql prepared statement which returns the groups based on the username. |
datasource.jndi | The jndi name of the datasource. |
password.digest | The digest method of the password.
The value of this property is an encoding as
supported by MessageDigest.getInstance(String) .
The special value PLAIN must be used to indicate
that no encoding will be used. Use for instance MD5
for MD5 digests.
Note:
In version 0.1, the value
MD5HEX was used for MD5,
this must now be simply
MD5 Note:
In version 0.2, the name of this property was
password.encoding . In later versions, the digest method and
encoding are separately configurable. |
charset |
The character set to be used to convert passwords to
byte arrays. By default the platform default character set
as returned by Charset.defaultCharset().name()
is used.
|
password.encoding | Optional property for the encoding of the digest result into a string. Two encoding methods are
supported:
HEX is used.
|
sql.seed | Optional property to define the query to retrieve the seed for a given user name. This is a query in prepared statement syntax with one parameter for the user name. If this property is not defined then the empty string will be used for the seed (which is identical to no seeding). |
password.seed.format | Optional property that defined how the seed will be used together with the
password.
This is a string in java.text.MessageFormat format with the first
parameter the password and the second parameter the seed. If this property is
not set than the default format is "{0}{1}" meaning that the seed will be
appended to the password.
|
assign-groups | Optional parameter with a comma-separated list of groups that any authenticated user is assigned to. |
<login-config> <auth-method>FORM</auth-method> <realm-name>PhotoXChangeRealm</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config>