I'm developing a Java EE 6 applications using Glassfish 3.1.1 as my app server. I'm using declarative and programmatic security. I've defined several roles at my deployment descriptor, and defined all security constraints.
I was using JDBCReal, and now I've changed it to an LDAPRealm. So I would like to manage the user-group mapping without relying on the LDAP groups. In other words, I want to authenticate to the LDAP but authorize using a RDBM, asking if the current user belongs to X group.
I thought there would be a way to "override" the isUserInRole method. While searching I've heard of things like JACC and I found out that there are ways to plug a custom JACC provider or something like that to the app server, but I couldn't find any custom JACC implementation and I have no idea how to do that (or event if it would work..)