4

I'm developing a Java EE 6 applications using Glassfish 3.1.1 as my app server. I'm using declarative and programmatic security. I've defined several roles at my deployment descriptor, and defined all security constraints.

I was using JDBCReal, and now I've changed it to an LDAPRealm. So I would like to manage the user-group mapping without relying on the LDAP groups. In other words, I want to authenticate to the LDAP but authorize using a RDBM, asking if the current user belongs to X group.

I thought there would be a way to "override" the isUserInRole method. While searching I've heard of things like JACC and I found out that there are ways to plug a custom JACC provider or something like that to the app server, but I couldn't find any custom JACC implementation and I have no idea how to do that (or event if it would work..)

4

1 回答 1

0

根据Working with Realms、Users、Groups 和 Roles,领域是“用于识别 Web 应用程序的有效用户的用户和组的完整数据库”。领域定义了一组凭证和角色。

然后,Glassfish 还具有登录模块,这些登录模块定义了如何验证用户,例如使用用户名/密码、证书等。实际上,仅支持用户名/密码。

因此,根据我的理解,您将需要实现一个混合 LDAP/JDBC 领域。这是自定义登录模块和领域的示例代码。您可以看到我的类似答案

于 2012-06-22T11:23:46.647 回答