Custom Realm for ObjectDB, using ObjectDB with HTTP Basic authentication

Question

I want to implement HTTP Basic Authentication for my web services, but I also want to use ObjectDB to store credentials. Is there any way to do this? I guess I'm in the need of a custom realm, and also, that somebody already did this before, so if yes please raise your hands. Otherwise please help me with the implementation. I already checked the basics of making custom realms. Is it possible somehow to make it work with JDBCRealm, or more directly, is it possible to create a JDBC resource in GlassFish that uses the ObjectDB server?

What I did so far is the base of the Realm:

package objectdbrealm;

import com.sun.appserv.security.AppservRealm;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import java.util.Enumeration;
import java.util.Properties;

public class ObjectDbRealm extends AppservRealm {

    @Override
    public void init(Properties properties) throws BadRealmException, NoSuchRealmException {
        //initialize the realm
    }

    @Override
    public String getAuthType() {
        return "ObjectDB Realm";
    }

    @Override
    public Enumeration getGroupNames(String string) throws InvalidOperationException, NoSuchUserException {
        throw new UnsupportedOperationException("Not supported yet.");
    }
}

, and LoginModule:

package objectdbrealm;

import com.sun.appserv.security.AppservPasswordLoginModule;
import com.sun.enterprise.security.auth.login.common.LoginException;

public class ObjectDbLoginModule extends AppservPasswordLoginModule {

    @Override
    protected void authenticateUser() throws LoginException {
        if (!authenticate(_username, _passwd)) {
            //Login fails
            throw new LoginException((new StringBuilder()).append("Login Failed for:").append(_username).toString());
        }
        String[] groups = getGroupNames(_username);
        commitUserAuthentication(groups);
    }

    private boolean authenticate(String username, char[] password) {
        /*
        Check the credentials against the authentication source,
        return true if authenticated, return false otherwise
         */
        return true;
    }

    private String[] getGroupNames(String username) {
        // Return the list of groups this user belongs to.
        return new String[0];
    }
}

UPDATE

Sadly it turned out that there is no JDBC driver for ObjectDB yet. Feel free to make suggestions however!

Thanks in advance!

Answer 1

JDBC is not mandatory is you are using Objectdb. You can create a Stateless EJB in your project that access your ObjectDb entities to perform the login validation.The your method

private boolean authenticate(String username, char[] password) can use an EJB client to perform the credentials validations. This example worked fine for me. The only change to make is using your ObjectDb entities for the datamodel and as an improvement you can put the interface IUserAuthenticationService in a separate jar to avoid distributing the implementation.

Hope that helps.

Rn

Answer 2

Not a direct answer, but there's the excellent FlexibleJDBCRealm that offers an alternative to the rather rigid JDBCRealm that comes with the Fish. It's open source, adapting that code to ObjectDB should be a lot easier than starting to implement a realm from scratch.

Answer 3

It turned out that there is no JDBCDriver for ObjectDB yet. I've found it too much to implement my own, so I will just wait :)