Skip to main content

Chaining security realms?

2 replies [Last post]
Anonymous

Hi Glassfish Users,

I just subscribed to this list, so let me introduce myself: I'm
Andreas from South Australia and I have been working as a Java
developer for several years. However I'm relatively new to Glassfish -
I did some minor projects so far but now I started to work on a larger
project. So my first questions is about security realms:

The use-case: I've users and these users have "registered" gadgets,
e.g. smartphones. They can have more than one device and "registered"
means, they get a digital certificate for a particular device. The
users have also user names and password to identify themselves.

I need therefore a certicate realm to authenticate the device and then
a JDBC realm to authenticate the user.

Is it possible to chain the realms for a single call or is there a
best practise of how to solve this problem? Any hints are highly
appreciated!

Cheers,
Andreas

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

On Jul 12, 2012, at 9:45 AM, Andreas Junius wrote:

> Hi Glassfish Users,
>
> I just subscribed to this list, so let me introduce myself: I'm
> Andreas from South Australia and I have been working as a Java
> developer for several years. However I'm relatively new to Glassfish -
> I did some minor projects so far but now I started to work on a larger
> project. So my first questions is about security realms:
>
> The use-case: I've users and these users have "registered" gadgets,
> e.g. smartphones. They can have more than one device and "registered"
> means, they get a digital certificate for a particular device. The
> users have also user names and password to identify themselves.
>
> I need therefore a certicate realm to authenticate the device and then
> a JDBC realm to authenticate the user.
>
> Is it possible to chain the realms for a single call or is there a
> best practise of how to solve this problem? Any hints are highly
> appreciated!
>
The best way to do this to write a custom JSR 196 Server Authentication Module which can chain the individual JAAS Login modules.

As such Glassfish does not support chaining of realms OOTB.

> Cheers,
> Andreas

Andreas Junius

Thanks Kumar, I'll look into this.

http://docs.oracle.com/cd/E19798-01/821-1752/gizdx/index.html

Andy

On Thu, Jul 12, 2012 at 2:35 PM, KumarJayanti
wrote:
>
> On Jul 12, 2012, at 9:45 AM, Andreas Junius wrote:
>
>> Hi Glassfish Users,
>>
>> I just subscribed to this list, so let me introduce myself: I'm
>> Andreas from South Australia and I have been working as a Java
>> developer for several years. However I'm relatively new to Glassfish -
>> I did some minor projects so far but now I started to work on a larger
>> project. So my first questions is about security realms:
>>
>> The use-case: I've users and these users have "registered" gadgets,
>> e.g. smartphones. They can have more than one device and "registered"
>> means, they get a digital certificate for a particular device. The
>> users have also user names and password to identify themselves.
>>
>> I need therefore a certicate realm to authenticate the device and then
>> a JDBC realm to authenticate the user.
>>
>> Is it possible to chain the realms for a single call or is there a
>> best practise of how to solve this problem? Any hints are highly
>> appreciated!
>>
> The best way to do this to write a custom JSR 196 Server Authentication Module which can chain the individual JAAS Login modules.
>
> As such Glassfish does not support chaining of realms OOTB.
>
>
>
>
>> Cheers,
>> Andreas
>