1

I plan to create a Java EE application in which, obviously, there will be users, groups and rights. As this application is all new, I'll use Java EE 6 and EJB security annotations : @RolesAllowed, @DeclareRoles, ...

In this context, I'm looking for a way to implement simply the users/groups/roles management. So, is there any lib I could plug in my webapp that would allow me to create users, groups and assign them roles ? Or will i have to do all that job by myself ?

EDIT From what I've discovered, this can be achieved using a JDBC Realm. More specifically, using as an example Flexible JDBC Realm, all I have to do is to declare Users/Groups in my application, then bind them to that realm. Am I right ?

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
Riduidel
  • 22,052
  • 14
  • 85
  • 185

2 Answers2

0

Turned out there is no real JavaEE spec for that : if the realm definition is covered by JavaEE spec, most of the realm code is specific to both application server and underlying storage system.

Riduidel
  • 22,052
  • 14
  • 85
  • 185
  • 2
    >`most of the realm code is specific to both application server and underlying storage system` - this is not fully the case. There's the JASPIC spec in Java EE that is the standardized way to create auth modules. Unfortunately "every body" keeps thinking that the only way to do this is application server specific, but this is thus not true. – Arjan Tijms Aug 12 '13 at 20:35
  • 1
    @ArjanTijms Thanks for directing me to [JASPIC](http://jaaslounge.sourceforge.net/jaspic.html) ! That's some great news since I'll have to rewrite my custom realm soon ! – Riduidel Aug 13 '13 at 15:36
0

Maybe you can try LDAP directory (e.g. OpenDS). It's quite easy to setup LDAP JAAS realm on Glassfish and you can manage groups and users externally then. If you wan't to implement it in database you can use JDBC realms and configure them to work on your application's schema. You will have to manage users and groups on your own but it's possible to configure provided JAAS modules and you usually don't have to write your own.

jgrabowski
  • 1,521
  • 12
  • 7