Skip to main content

JDBCRealm problem with Glassfish 4 (JAAS, JPA, JAX-RS, GF4)

Please note these forums are being decommissioned and use the new and improved forums at
No replies
Joined: 2014-02-04


since 2 weeks i try to get the authentication for my web-services to work.

I read some tutorials like the following one (
And I also searched a lot at google and stackoverflow for a solution of my problem but i think it's very specific... I don't know where the error could be located.

So I hope you can help me.

I created two entities. One for the user (called AppUser) and one for the group (called AppUserGroup)

The following is the User-Class::

public class AppUser implements Serializable {
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;

    private String email;
    private String password; //Password etc.

    @ManyToMany(fetch = FetchType.LAZY)
    @JoinTable( joinColumns={@JoinColumn(name="id", referencedColumnName="id")},
            inverseJoinColumns={@JoinColumn(name="groupId", referencedColumnName="groupId")})
    private List<AppUserGroup> appUserGroups;

The second one is the group-class ::

public class AppUserGroup {    

    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long groupId;

    private String groupName;

The tables are created correctly. And I populate the tables with one test user called 'marvin'. with the password '2' (very secure one ;-) ).
This test user is in groups "AppUser" and "Administrator".
SO when i call request.isUserInRole("Administrator") or "request.isUserInRole("appUser"); both function calls should return true.

My JDBCRealm-configuration can be found in a screenshot called jdbcRealm.PNG which is attached at this post. I don't know how I can directly include it inline.

Now let me explain my problem:

  • when I set a "default group" in my jdbcRealm configuration I can call the login-webservice and my user get authenticated.
    When i call request.getUserPrincipal(); I get the user-Principal as expected.
  • But when I don't set a default group in my jdbcRealm configuration my user doesn't get authenticated because of a "login error".

In both cases I get the following error:

SEVERE:   SEC1111: Cannot load group for JDBC realm user

So I think that the user login works, but glassfish cannot load my groups from the database.

My User table is called:

My Group table is called:

The joining table is called:

The jdbcRealm is configured as you can see in the screenshot (jdbcRealm.PNG)

so how can it be that he doesn't find the groups? All data glassfish needs is in AppUser and AppUser_AppUserGroup table. In AppUser_AppUserGroup there is the email of the user and the groupName of the group. Both as Strings like JAAS needs it (as i understood).

I don't know if you need it but here is my glassfish-web.xml::

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-// GlassFish Application Server 3.1 Servlet 3.0//EN" "">
<glassfish-web-app error-url="">
  <class-loader delegate="true"/>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>

And here is the web-xml::

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="" xmlns:xsi="" xsi:schemaLocation="">
        <description>Common User</description>

Do you have any ideas?

jdbcRealm.PNG41.29 KB