The Source for Java Technology Collaboration

Home » java.net Forums » GlassFish » GlassFish

Thread: dynamic principal to role mapping in GlassFish

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 3 - Last Post: Oct 14, 2008 4:49 AM by: peters_
peters_

Posts: 3
dynamic principal to role mapping in GlassFish
Posted: Oct 13, 2008 5:38 AM
  Click to reply to this thread Reply

Hi!

I'm developing an enterprise application using EJB. Therefore I've implemented a custom realm derived from com.​sun.​appserv.​security.AppservRealm.
The next step i stuck at is the user (or user group) to role mapping. The only way of defining this mapping which I know about is the DD of the EJB. But this is not enough flexible for me. Is there a way to map prinicapls to roles at runtime? E.g. by implementing a custom authorization module just like implementing the custom realm?

bbergquist

Posts: 108
Re: dynamic principal to role mapping in GlassFish
Posted: Oct 13, 2008 7:25 AM   in response to: peters_
  Click to reply to this thread Reply

Here is something that I responded to over on the Netbeans user list:

http://forums.netbeans.org/topic2330.html&highlight=role

peters_

Posts: 3
Re: dynamic principal to role mapping in GlassFish
Posted: Oct 14, 2008 12:29 AM   in response to: bbergquist
  Click to reply to this thread Reply

Hi! Thanks for your reply.

Though this is not exactly what I've been searching for, this little workaround solves the problem.

For everybody who has the same issue: There is no possibility in GlassFish to map the "real" roles (those security roles that you declare in the application.xml und that you reference within the EJB with the annotation @RolesAllowed) dynamically. But you can use one-to-one mapping between the security role names and static groups, which has to be defined in sun-application.xml. Then you can introduce your own definition of groups that may contain no, one or many "real" groups that are defined in sun-application.xml and can assign users to your own groups. The custom realm that you need for this must implement an interface which must answer the question "Which (real) groups a certain user is assigned to?" The answer must return a list of "real" groups that are defined in the sun-application.xml.

Please correct me if there's anything wrong in my explanation.

peters_

Posts: 3
Re: dynamic principal to role mapping in GlassFish
Posted: Oct 14, 2008 4:49 AM   in response to: peters_
  Click to reply to this thread Reply

Seems like there could be a better way of providing dynamic role mapping. As I know, there is a module in J2EE servers called JACC provider. This module maps the existing users to roles. The default JACC provider in GlassFish is very simple an provides file based mapping (XML files). Does somebody know anything about this? Are there more powerful JACC providers you can plug into GlassFIsh?


Point your RSS reader here for a feed of the latest messages in all forums
Go Back Back to Thread List



 XML java.net RSS
Feedback  | FAQ  | Press | Terms of Use
Privacy  |  Trademarks | Site Map
 
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
 
Copyright © 1995-2006 Sun Microsystems, Inc.
Collabnet Logo Cognisync Communities
Powered by Sun Microsystems, Inc.,
CollabNet and Cognisync